16:36 <mdeslaur> #startmeeting 16:36 <meetingology> Meeting started Mon Aug 11 16:36:30 2014 UTC. The chair is mdeslaur. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:36 <meetingology> 16:36 <meetingology> Available commands: action commands idea info link nick 16:36 <mdeslaur> The meeting agenda can be found at: 16:36 <mdeslaur> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:36 <mdeslaur> [TOPIC] Announcements 16:36 <mdeslaur> Thanks to the following people for their help on security updates for these community supported packages last week: 16:36 <mdeslaur> Jonathan Riddell (Riddell) provided a debdiff for trusty for krfb (LP: #1352421) 16:36 <mdeslaur> Scott Kitterman (ScottK) provided a debdiff for trusty for reportbug (LP: #1353046) 16:36 <mdeslaur> James Page (jamespage) provided packages for trusty for mysql-5.6 (LP: #1330168) 16:36 <mdeslaur> Reinhard Tartler (siretart) provided a package for trusty for libav (LP: #1354755) 16:36 <mdeslaur> Your work is very much appreciated and will keep Ubuntu users secure. Great job! :) 16:36 <ubottu> Launchpad bug 1352421 in krfb (Ubuntu Utopic) "possible denial of service or code execution via integer overflow" [Undecided,Fix released] https://launchpad.net/bugs/1352421 16:36 <ubottu> Launchpad bug 1353046 in reportbug (Ubuntu Lucid) "arbitrary code execution in compare_versions" [Undecided,Confirmed] https://launchpad.net/bugs/1353046 16:37 <ubottu> Launchpad bug 1330168 in mysql-5.6 (Ubuntu Utopic) "Please update to 5.6.19" [High,Fix committed] https://launchpad.net/bugs/1330168 16:37 <ubottu> Launchpad bug 1354755 in libav (Ubuntu Trusty) "Libav security fixes Aug 2014" [High,In progress] https://launchpad.net/bugs/1354755 16:37 <mdeslaur> ubottu: shut up 16:37 <Riddell> \o/ 16:37 <jamespage> np 16:37 <mdeslaur> [TOPIC] Weekly stand-up report 16:37 <mdeslaur> I'll go first 16:37 * ScottK waves 16:37 <mdeslaur> I'm in the happy place this week 16:38 <mdeslaur> I have some updates to test and publish, including a bunch of openstack on trusty updates 16:38 <mdeslaur> and am looking to go down the list as much as possible before I go on vacation next week 16:38 <mdeslaur> that's pretty much it from me...sbeattie, you're up 16:39 <sbeattie> I'm on apparmor this week 16:39 <sbeattie> I'm currently trying to wade through my email after being on holiday last week 16:39 * jjohansen cheers and hands sbeattie the backend parser change work 16:40 <sbeattie> I need to sync up with jjohansen on where things stand with abstract sockets and apparmor. 16:40 <sbeattie> Heh, pretty much my plan is to dig into whatever you need help with, jjohansen. 16:40 <sbeattie> That's pretty much it for me. tyhicks? 16:41 <tyhicks> I'll be working on apparmor this week 16:41 <tyhicks> my main focus will be to land the abstract socket mediation changes when they're ready 16:42 <tyhicks> I just finished building the latest kernel changes for utopic-amd64, goldfish-i386, and mako-armhf 16:42 <tyhicks> now I'll start making system policy changes 16:43 <tyhicks> while those kernels were building, I started modifying the unix_socket_file.sh regression test to add the ability to test abstract sockets 16:43 <tyhicks> I'll wrap that up and send it out sometime this week 16:43 <tyhicks> I also need to try to refresh the dbus merge (LP: #1320422) 16:43 <ubottu> Launchpad bug 1320422 in dbus (Ubuntu) "Please merge dbus 1.8.2-1 (main) from Debian testing (main)" [Low,Incomplete] https://launchpad.net/bugs/1320422 16:43 <tyhicks> and I need to prep for LSS next week 16:43 <tyhicks> that's it for me 16:43 <tyhicks> jjohansen: you're up 16:45 <mdeslaur> jjohansen: hello? 16:45 <jjohansen> I'm primarily working on landing the abstract socket mediation this week. I'll need to sync up with sbeattie and continue to fix the backend of the policy compiler 16:45 <jjohansen> hey mdeslaur 16:45 <mdeslaur> jjohansen: what's the status, is everything going along as you'd like? 16:46 <jjohansen> mdeslaur: not really, I figured out a large part of the issue was backend compiler work that I hadn't been planning on yet 16:47 <jjohansen> mdeslaur: so we are doing the shortest path update to that we can 16:47 <mdeslaur> ok 16:47 <mdeslaur> thanks 16:48 <jjohansen> I think that is it from me, sarnold you're up 16:48 <sarnold> I'm on triage this week; I've also got two MIRs, one already in flight but repeated pre-empted, the other not yet started 16:50 <sarnold> I'll review whatever patches john can come up with this week, too, and I am hoping that the filemanager PAM integration v2 might be ready for a review this week. (Though that's optimism on my part.) 16:50 <sarnold> that's it for me, chrisccoulson? 16:51 <chrisccoulson> I'm continuing to work through my RTM bugs this week (and I've potentially got one extra now - bug 1353453) 16:51 <ubottu> bug 1353453 in webbrowser-app "m.here.com doesn’t close authentication page after logging in" [High,Triaged] https://launchpad.net/bugs/1353453 16:51 <chrisccoulson> I've done the most important code reviews for oxide, although I've still got some left - those aren't seriously urgent 16:51 <chrisccoulson> and I've got one update to do this week too 16:51 <chrisccoulson> that's me done :) 16:52 <mdeslaur> anyone left? 16:52 <mdeslaur> guess not 16:53 <mdeslaur> [TOPIC] Highlighted packages 16:53 <mdeslaur> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 16:53 <mdeslaur> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 16:53 <mdeslaur> http://people.canonical.com/~ubuntu-security/cve/pkg/gallery.html 16:53 <mdeslaur> http://people.canonical.com/~ubuntu-security/cve/pkg/gcc-4.7-armhf-cross.html 16:53 <mdeslaur> http://people.canonical.com/~ubuntu-security/cve/pkg/inetutils.html 16:53 <mdeslaur> http://people.canonical.com/~ubuntu-security/cve/pkg/dhcpcd.html 16:53 <mdeslaur> http://people.canonical.com/~ubuntu-security/cve/pkg/xine-ui.html 16:53 <mdeslaur> [TOPIC] Miscellaneous and Questions 16:53 <mdeslaur> Does anyone have any other questions or items to discuss? 16:53 <mdeslaur> Thanks everyone! 16:53 <mdeslaur> #endmeeting