16:30 <tyhicks> #startmeeting
16:30 <meetingology> Meeting started Mon Feb  9 16:30:15 2015 UTC.  The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
16:30 <meetingology> 
16:30 <meetingology> Available commands: action commands idea info link nick
16:30 <tyhicks> The meeting agenda can be found at:
16:30 <tyhicks> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
16:30 <tyhicks> [TOPIC] Announcements
16:30 <tyhicks> We have created a new role in our rotation schedule. "Triage" has been split into "CVE Triage" and "Bug Triage".
16:30 <tyhicks> Gianfranco Costamagna (LocutusOfBorg) provided debdiffs for precise-utopic for virtualbox (LP: #1413603)
16:30 <ubottu> Launchpad bug 1413603 in virtualbox (Ubuntu) "virtualbox multiple security vulnerabilities" [Undecided,Fix released] https://launchpad.net/bugs/1413603
16:30 <tyhicks> Otto Kekaelaeinen (otto) provided debdiffs for trusty and utopic for mariadb-5.5 (LP: #1414755)
16:30 <ubottu> Launchpad bug 1414755 in mariadb-5.5 (Ubuntu) "USN-2480-1: MySQL vulnerabilities partially also applies to MariaDB" [Undecided,Fix released] https://launchpad.net/bugs/1414755
16:30 <tyhicks> Thomas Ward (teward) provided a debdiff for utopic for wireshark (LP: #1418211)
16:31 <ubottu> Launchpad bug 1418211 in wireshark (Ubuntu Trusty) "[Security] Wireshark Vulnerabilities (February 2015)" [Medium,Confirmed] https://launchpad.net/bugs/1418211
16:31 <tyhicks> Joe Damato (ice799) provided a debdiff for precise for libfcgi (LP: #1418778)
16:31 <ubottu> Launchpad bug 1418778 in libfcgi (Ubuntu) "Stack smashing while using a lot of connections" [Medium,Fix released] https://launchpad.net/bugs/1418778
16:31 <tyhicks> Those four contributions are very much appreciated and will keep Ubuntu users secure. Great job! :)
16:31 <tyhicks> [TOPIC] Weekly stand-up report
16:31 <jdstrand> indeed-- lots of contributions. awesome! :)
16:31 <tyhicks> jdstrand: you're up
16:31 <tyhicks> yes, great contributions! :)
16:33 <jdstrand> this week I plan to work on helping define snappy hardware access
16:33 <jdstrand> and also picking up a bit on snappy fingerprint
16:33 <jdstrand> I'll also be working on an embargoed issue
16:34 <jdstrand> mdeslaur: you're up
16:35 <mdeslaur> I'm working on updates, as usual...ntp is going out today, and I have krb5 to test
16:35 <mdeslaur> that's it, sbeattie, you're up
16:35 <sbeattie> I'm jumping back in to the rotation, and am on Community this week.
16:36 <sbeattie> I'm testing my binutils update (finally!) and will release that today.
16:36 <sbeattie> After that, I'll jump back on gcc-pie-for-amd64.
16:37 <sbeattie> That's it for me; tyhicks, you're up.
16:37 <tyhicks> I'm jumping back in the rotation, as well
16:37 <tyhicks> I'm in the new bug triage role this week
16:38 <tyhicks> I need to fix some tools and close out a lot of invalid bug tasks
16:38 <tyhicks> I've finalized v4 of the dbus-daemon AppArmor mediation patch set and need to finish testing it and then attach the patches to the upstream bug
16:39 <tyhicks> I still haven't gotten to proposing v2 of the libapparmor API changes but need to do that ASAP
16:39 <tyhicks> I should be able to start on that this afternoon
16:40 <tyhicks> the patch update was put on the backburner last week since upstream drastically changed their fix for one of the CVEs
16:40 <tyhicks> it looks like their tree has settled down and that I should go back to fixing those issues in patch
16:40 <tyhicks> that's probably all that I'll get to this week
16:40 <tyhicks> jjohansen: you're up
16:43 <jjohansen> So it seems I have most of the stack from last week and a few more items as well. There is an apparmor meeting this week, with some discussion needed around the kernel interface context (mode values), the is any v2 libapparmor aa_features API discussion an review that hits, Casey's LSM stacking patch
16:44 <jjohansen> I still need to work on the second revision of the deleted socket mediation bug
16:44 <jjohansen> and of course continue with the kernel code cleanup
16:45 <jjohansen> I think that is it from me, sarnold you're up
16:47 <sarnold> I'm on CVE triage this week; I'm hoping to return to the horizon update and finally make forward progress there again, as well as get the hang of the serverstack cloud for testing openstack updates. there's also a backlog of MIRs outstanding, I may get to those during testing runs, if the testing runs happen :)
16:47 <sarnold> that's it for me, looks like no chris, tyhicks?
16:48 <jdstrand> I think chrisccoulson is here
16:48 <chrisccoulson> hi :)
16:48 <jdstrand> hi! :)
16:49 <chrisccoulson> This week, I'll be getting a new oxide release out and continuing with stuff in https://launchpad.net/oxide/+milestone/branch-1.6
16:49 <chrisccoulson> And that's about it :)
16:49 <sarnold> sorry chrisccoulson, not sure how my tab key and I failed :)
16:51 <tyhicks> [TOPIC] Highlighted packages
16:51 <tyhicks> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
16:51 <tyhicks> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
16:51 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/virtualbox-guest-additions-iso.html
16:51 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/rc.html
16:51 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/libfpdi-php.html
16:51 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/libapache-poi-java.html
16:51 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/cabextract.html
16:52 <tyhicks> [TOPIC] Miscellaneous and Questions
16:52 <tyhicks> Does anyone have any other questions or items to discuss?
16:54 <tyhicks> jdstrand, mdeslaur, sbeattie, jjohansen, sarnold, chrisccoulson: thanks!
16:54 <tyhicks> #endmeeting