17:08 <tyhicks> #startmeeting 17:08 <meetingology> Meeting started Mon Jan 26 17:08:42 2015 UTC. The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 17:08 <meetingology> 17:08 <meetingology> Available commands: action commands idea info link nick 17:08 <jdstrand> hi! :) 17:08 <tyhicks> The meeting agenda can be found at: 17:09 <tyhicks> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 17:09 <tyhicks> [TOPIC] Weekly stand-up report 17:09 <tyhicks> jdstrand: you're up 17:12 <jdstrand> today I am in the happy place 17:12 <jdstrand> err, this week 17:12 <jdstrand> today I am helping people address some phone bugs 17:13 <jdstrand> hopefully I'll be done with that soon, and I will be working on some snappy designs and planning 17:13 <jdstrand> I'm also working on an embargoed issue 17:13 <jdstrand> that's it from me 17:13 <jdstrand> mdeslaur: you're up 17:14 <mdeslaur> I'm on triage this week 17:14 <mdeslaur> I just published some updates 17:14 <mdeslaur> and plan on working on some more 17:14 <mdeslaur> that's about it from me, sbeattie, you're up 17:15 <sbeattie> I have an embargoed issue that I need to finish testing, and am also working on a binutils update. 17:15 <sbeattie> I need to get back on the gcc pie stuff (was looking at HJ Lu's upstream patches) 17:16 <sbeattie> And I think I have some apparmor review work outstanding. 17:16 <sbeattie> That's it for me. tyhicks, you're it. 17:16 <tyhicks> sbeattie: do you think you'll get to the gcc pie stuff with the reactive work you have planned? 17:16 <sbeattie> tyhicks: yes, I think so. 17:16 <tyhicks> good 17:17 <tyhicks> I'm focusing on bug #1362469 today 17:17 <ubottu> bug 1362469 in dbus (Ubuntu) "AppArmor unrequested reply protection generates unallowable denials" [Medium,In progress] https://launchpad.net/bugs/1362469 17:17 <tyhicks> it will probably take 2 or 3 days out of my week 17:18 <tyhicks> I also need to propose a new API for the libapparmor aa_features interface after talking with jj and others in #apparmor 17:18 <tyhicks> I have taken the security updates for patch 17:18 <tyhicks> but I plan on waiting for some of the dust to settle there 17:19 <tyhicks> there are pending CVE assignments on oss-security 17:19 * jdstrand forgot to mention he'd work on openjdk security updates 17:19 <tyhicks> and then I will transition to User Data Encryption work items but that'll be late this week at best 17:19 <tyhicks> that's it for me 17:19 <tyhicks> jj is away today 17:20 <tyhicks> so it is sarnold's turn 17:20 <sarnold> I'm on community this week; it's a short week for me, off thursday and friday 17:20 <sarnold> I'm working on a horizon security update that appears to require more backporting effort to precise than is usual for me, though I suspect it's business as usual for openstack updates 17:21 <sarnold> so wihle I will probably have trusty-and-newer updates ready to go before I leave, probably not trusty. 17:21 <sarnold> s/probably not trusty/probably not precise/ 17:21 <sarnold> that's it for me, chrisccoulson? 17:22 <chrisccoulson> I'm hoping for no flash updates this week :) 17:22 <mdeslaur> hehe 17:22 <tyhicks> :) 17:22 <chrisccoulson> There will be a firefox update to address a couple of regressions, in particular, https://bugzilla.mozilla.org/show_bug.cgi?id=1122445 17:22 <ubottu> Mozilla bug 1122445 in DOM: Security "CSP change in behavior regards case sensitivity loading resources" [Major,Resolved: fixed] 17:22 <chrisccoulson> I'm also planning to get oxide 1.4 out (today, hopefully) 17:23 <chrisccoulson> and then I'll be making a start on https://launchpad.net/oxide/+milestone/branch-1.6 17:24 <tyhicks> chrisccoulson: does 1.4 contain the media-hub bits? 17:24 <chrisccoulson> I think that's me done 17:24 <chrisccoulson> tyhicks, it doesn't - that's in 1.5 17:24 <tyhicks> ack 17:24 <tyhicks> [TOPIC] Highlighted packages 17:24 <tyhicks> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 17:25 <tyhicks> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 17:25 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/eet.html 17:25 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/batmand.html 17:26 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/heirloom-mailx.html 17:26 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/gksu-polkit.html 17:26 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/libcgi-pm-perl.html 17:26 <tyhicks> [TOPIC] Miscellaneous and Questions 17:26 <tyhicks> Does anyone have any other questions or items to discuss? 17:28 <tyhicks> jdstrand, mdeslaur, sbeattie, sarnold, chrisccoulson: Thanks! 17:28 <tyhicks> #endmeeting