17:02 <jdstrand> #startmeeting 17:02 <meetingology> Meeting started Mon Jan 5 17:02:24 2015 UTC. The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 17:02 <meetingology> 17:02 <meetingology> Available commands: action commands idea info link nick 17:02 <jdstrand> The meeting agenda can be found at: 17:02 <jdstrand> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 17:02 <jdstrand> [TOPIC] Weekly stand-up report 17:02 <jdstrand> actually, I skipped something 17:02 <jdstrand> [TOPIC] Announcements 17:03 <jdstrand> Thomas Ward (teward) provided an update for utopic for wireshark (LP: #1397091) Your work is very much appreciated and will keep Ubuntu users secure. Great job! :) 17:03 <ubottu> Launchpad bug 1397091 in wireshark (Ubuntu Trusty) "[Security] Update Wireshark in Precise, Trusty, and Utopic to include relevant security patches." [High,In progress] https://launchpad.net/bugs/1397091 17:03 <jdstrand> [TOPIC] Weekly stand-up report 17:03 <jdstrand> I'll go first 17:03 <jdstrand> I'm in the happy place this week 17:03 <jdstrand> I'm catching up on a few things 17:04 <jdstrand> I have several snappy tasks to attend to this week, the first being some seccomp investigations 17:05 <jdstrand> I'm going to be pulling people in for discussions, reviews, etc over the coming few weeks to make sure everything is sound and make sense 17:06 <jdstrand> I've got two pending issues I'm working on: mercurial and glance. mercurial is community supported though, but if people had tips for getting the trusty testsuite to pass (a no change rebuild fails in tghave), feel free to contact me in #ubuntu-hardened 17:06 <jdstrand> I'll figure it out eventually, but it'll go out faster if I get help from the community 17:07 <jdstrand> mdeslaur: you're up 17:07 <mdeslaur> I'm on triage this week 17:07 <mdeslaur> and tomorrow I'm on patch piloting 17:08 <mdeslaur> We have a backlog of about 50 packages that need security updates, so I'll be working on that 17:08 <mdeslaur> that's it from me, sbeattie, you're up 17:08 <sbeattie> I've got a variety of things on my plate this week: 17:09 <sbeattie> I need to get back to the compiler pie-on-amd64 stuff: I've discovered it breaks dkms compilation for some reason 17:09 <sbeattie> I'll try to pick up one or two of the outstanding updates 17:10 <sbeattie> I was also working on updating vivid's apparmor to the upstream 2.9.1 release, and discovered that lp: #1407437 is an upstream issue 17:10 <ubottu> Launchpad bug 1407437 in apparmor (Ubuntu) "aa-enforce fails with ImportError: No module named rule.capability" [Undecided,New] https://launchpad.net/bugs/1407437 17:11 <sbeattie> That's pretty much it for me. 17:11 <sbeattie> tyhicks is not here, so sarnold? 17:11 <sarnold> I'm on community this week 17:12 <sarnold> I'll be catching up on two weeks of unread email and probably helping out with updates 17:13 <sarnold> I believe there's also a huge backlog of apparmor patches, but that'll probably only be short-and-easy patches reviewed initially 17:13 <sarnold> that's it for me, chrisccoulson? 17:13 <chrisccoulson> This week, I need to fix bug 1398174 17:13 <ubottu> bug 1398174 in firefox (Ubuntu) "Move search provider defaults from Ubufox to Firefox" [Critical,Triaged] https://launchpad.net/bugs/1398174 17:14 <chrisccoulson> I'll also be working on bug 1337506, and working through Oxide reviews 17:14 <ubottu> bug 1337506 in Oxide "FATAL:texture_manager.cc(76)] Check failed: texture_count_ == 0u (1 vs. 0)" [High,In progress] https://launchpad.net/bugs/1337506 17:14 <chrisccoulson> And I finally managed to land http://bazaar.launchpad.net/~oxide-developers/oxide/oxide.trunk/revision/901 at the weekend :) 17:14 <chrisccoulson> that's me done 17:15 <jdstrand> chrisccoulson: for 1337506, is that an oxide crasher? 17:15 <chrisccoulson> It is 17:15 <jdstrand> chrisccoulson: do you have a feel for how often it happens? I occasionally see webbrowser-app crash and was curious 17:16 <chrisccoulson> It's only a shutdown crash, but it's a symptom of a bigger issue 17:16 <jdstrand> re LocationBarController API> cool! :) 17:16 <jdstrand> chrisccoulson: ack 17:16 <jdstrand> also, what prompted the fix for 1398174? 17:17 <chrisccoulson> This is related to the change in default search engine 17:18 <jdstrand> chrisccoulson: I guess I was really asking: is ubufox going away and if so, why? 17:18 <chrisccoulson> It's not going away, but it won't define the default search engines anymore 17:20 <jdstrand> [TOPIC] Highlighted packages 17:20 <jdstrand> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 17:20 <jdstrand> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 17:20 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/oath-toolkit.html 17:20 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/gcc-4.9-ppc64el-cross.html 17:20 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/merkaartor.html 17:20 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/libplack-perl.html 17:20 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/texmacs.html 17:21 <jdstrand> [TOPIC] Miscellaneous and Questions 17:21 <jdstrand> Does anyone have any other questions or items to discuss? 17:21 <teward> *raises hand* 17:21 <jdstrand> teward: hi, go ahead 17:21 <teward> jdstrand: thanks for the acknowledge on the wireshark updates - on that note, work has stalled on the other versions, the community is welcome to start picking up on that. 17:22 <teward> new upload to Vivid for nginx has effectively mitigated POODLE out of the box - this was an issue on my radar for some time and has effectively been mititgated as of last week out of the box thanks to Debian changes. 17:22 <teward> /done 17:22 <jdstrand> re nginx> oh, neat :) 17:23 <teward> jdstrand: yeah, i thought so, it's handled at the nginx.conf (nginx-instance-wide) level instead of at the site config level, which is why i say it effectively mitigates POODLE 17:23 <teward> definitely a plus :) 17:24 <teward> since nginx-core is in main, i thought it relevant to mention. all done here. 17:30 <jdstrand> mdeslaur, sbeattie, sarnold, chrisccoulson, teward: thanks 17:30 <jdstrand> #endmeeting