#ubuntu-meeting log

16:36 <mdeslaur> #startmeeting
16:36 <meetingology> Meeting started Mon Aug 11 16:36:30 2014 UTC.  The chair is mdeslaur. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
16:36 <meetingology> 
16:36 <meetingology> Available commands: action commands idea info link nick
16:36 <mdeslaur> The meeting agenda can be found at:
16:36 <mdeslaur> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
16:36 <mdeslaur> [TOPIC] Announcements
16:36 <mdeslaur> Thanks to the following people for their help on security updates for these community supported packages last week:
16:36 <mdeslaur> Jonathan Riddell (Riddell) provided a debdiff for trusty for krfb (LP: #1352421)
16:36 <mdeslaur> Scott Kitterman (ScottK) provided a debdiff for trusty for reportbug (LP: #1353046)
16:36 <mdeslaur> James Page (jamespage) provided packages for trusty for mysql-5.6 (LP: #1330168)
16:36 <mdeslaur> Reinhard Tartler (siretart) provided a package for trusty for libav (LP: #1354755)
16:36 <mdeslaur> Your work is very much appreciated and will keep Ubuntu users secure. Great job! :)
16:36 <ubottu> Launchpad bug 1352421 in krfb (Ubuntu Utopic) "possible denial of service or code execution via integer overflow" [Undecided,Fix released] https://launchpad.net/bugs/1352421
16:36 <ubottu> Launchpad bug 1353046 in reportbug (Ubuntu Lucid) "arbitrary code execution in compare_versions" [Undecided,Confirmed] https://launchpad.net/bugs/1353046
16:37 <ubottu> Launchpad bug 1330168 in mysql-5.6 (Ubuntu Utopic) "Please update to 5.6.19" [High,Fix committed] https://launchpad.net/bugs/1330168
16:37 <ubottu> Launchpad bug 1354755 in libav (Ubuntu Trusty) "Libav security fixes Aug 2014" [High,In progress] https://launchpad.net/bugs/1354755
16:37 <mdeslaur> ubottu: shut up
16:37 <Riddell> \o/
16:37 <jamespage> np
16:37 <mdeslaur> [TOPIC] Weekly stand-up report
16:37 <mdeslaur> I'll go first
16:37 * ScottK waves
16:37 <mdeslaur> I'm in the happy place this week
16:38 <mdeslaur> I have some updates to test and publish, including a bunch of openstack on trusty updates
16:38 <mdeslaur> and am looking to go down the list as much as possible before I go on vacation next week
16:38 <mdeslaur> that's pretty much it from me...sbeattie, you're up
16:39 <sbeattie> I'm on apparmor this week
16:39 <sbeattie> I'm currently trying to wade through my email after being on holiday last week
16:39 * jjohansen cheers and hands sbeattie the backend parser change work
16:40 <sbeattie> I need to sync up with jjohansen on where things stand with abstract sockets and apparmor.
16:40 <sbeattie> Heh, pretty much my plan is to dig into whatever you need help with, jjohansen.
16:40 <sbeattie> That's pretty much it for me. tyhicks?
16:41 <tyhicks> I'll be working on apparmor this week
16:41 <tyhicks> my main focus will be to land the abstract socket mediation changes when they're ready
16:42 <tyhicks> I just finished building the latest kernel changes for utopic-amd64, goldfish-i386, and mako-armhf
16:42 <tyhicks> now I'll start making system policy changes
16:43 <tyhicks> while those kernels were building, I started modifying the unix_socket_file.sh regression test to add the ability to test abstract sockets
16:43 <tyhicks> I'll wrap that up and send it out sometime this week
16:43 <tyhicks> I also need to try to refresh the dbus merge (LP: #1320422)
16:43 <ubottu> Launchpad bug 1320422 in dbus (Ubuntu) "Please merge dbus 1.8.2-1 (main) from Debian testing (main)" [Low,Incomplete] https://launchpad.net/bugs/1320422
16:43 <tyhicks> and I need to prep for LSS next week
16:43 <tyhicks> that's it for me
16:43 <tyhicks> jjohansen: you're up
16:45 <mdeslaur> jjohansen: hello?
16:45 <jjohansen> I'm primarily working on landing the abstract socket mediation this week. I'll need to sync up with sbeattie and continue to fix the backend of the policy compiler
16:45 <jjohansen> hey mdeslaur
16:45 <mdeslaur> jjohansen: what's the status, is everything going along as you'd like?
16:46 <jjohansen> mdeslaur: not really, I figured out a large part of the issue was backend compiler work that I hadn't been planning on yet
16:47 <jjohansen> mdeslaur: so we are doing the shortest path update to that we can
16:47 <mdeslaur> ok
16:47 <mdeslaur> thanks
16:48 <jjohansen> I think that is it from me, sarnold you're up
16:48 <sarnold> I'm on triage this week; I've also got two MIRs, one already in flight but repeated pre-empted, the other not yet started
16:50 <sarnold> I'll review whatever patches john can come up with this week, too, and I am hoping that the filemanager PAM integration v2 might be ready for a review this week. (Though that's optimism on my part.)
16:50 <sarnold> that's it for me, chrisccoulson?
16:51 <chrisccoulson> I'm continuing to work through my RTM bugs this week (and I've potentially got one extra now - bug 1353453)
16:51 <ubottu> bug 1353453 in webbrowser-app "m.here.com doesn’t close authentication page after logging in" [High,Triaged] https://launchpad.net/bugs/1353453
16:51 <chrisccoulson> I've done the most important code reviews for oxide, although I've still got some left - those aren't seriously urgent
16:51 <chrisccoulson> and I've got one update to do this week too
16:51 <chrisccoulson> that's me done :)
16:52 <mdeslaur> anyone left?
16:52 <mdeslaur> guess not
16:53 <mdeslaur> [TOPIC] Highlighted packages
16:53 <mdeslaur> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
16:53 <mdeslaur> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
16:53 <mdeslaur> http://people.canonical.com/~ubuntu-security/cve/pkg/gallery.html
16:53 <mdeslaur> http://people.canonical.com/~ubuntu-security/cve/pkg/gcc-4.7-armhf-cross.html
16:53 <mdeslaur> http://people.canonical.com/~ubuntu-security/cve/pkg/inetutils.html
16:53 <mdeslaur> http://people.canonical.com/~ubuntu-security/cve/pkg/dhcpcd.html
16:53 <mdeslaur> http://people.canonical.com/~ubuntu-security/cve/pkg/xine-ui.html
16:53 <mdeslaur> [TOPIC] Miscellaneous and Questions
16:53 <mdeslaur> Does anyone have any other questions or items to discuss?
16:53 <mdeslaur> Thanks everyone!
16:53 <mdeslaur> #endmeeting