16:30 <tyhicks> #startmeeting 16:30 <meetingology> Meeting started Mon Feb 9 16:30:15 2015 UTC. The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:30 <meetingology> 16:30 <meetingology> Available commands: action commands idea info link nick 16:30 <tyhicks> The meeting agenda can be found at: 16:30 <tyhicks> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:30 <tyhicks> [TOPIC] Announcements 16:30 <tyhicks> We have created a new role in our rotation schedule. "Triage" has been split into "CVE Triage" and "Bug Triage". 16:30 <tyhicks> Gianfranco Costamagna (LocutusOfBorg) provided debdiffs for precise-utopic for virtualbox (LP: #1413603) 16:30 <ubottu> Launchpad bug 1413603 in virtualbox (Ubuntu) "virtualbox multiple security vulnerabilities" [Undecided,Fix released] https://launchpad.net/bugs/1413603 16:30 <tyhicks> Otto Kekaelaeinen (otto) provided debdiffs for trusty and utopic for mariadb-5.5 (LP: #1414755) 16:30 <ubottu> Launchpad bug 1414755 in mariadb-5.5 (Ubuntu) "USN-2480-1: MySQL vulnerabilities partially also applies to MariaDB" [Undecided,Fix released] https://launchpad.net/bugs/1414755 16:30 <tyhicks> Thomas Ward (teward) provided a debdiff for utopic for wireshark (LP: #1418211) 16:31 <ubottu> Launchpad bug 1418211 in wireshark (Ubuntu Trusty) "[Security] Wireshark Vulnerabilities (February 2015)" [Medium,Confirmed] https://launchpad.net/bugs/1418211 16:31 <tyhicks> Joe Damato (ice799) provided a debdiff for precise for libfcgi (LP: #1418778) 16:31 <ubottu> Launchpad bug 1418778 in libfcgi (Ubuntu) "Stack smashing while using a lot of connections" [Medium,Fix released] https://launchpad.net/bugs/1418778 16:31 <tyhicks> Those four contributions are very much appreciated and will keep Ubuntu users secure. Great job! :) 16:31 <tyhicks> [TOPIC] Weekly stand-up report 16:31 <jdstrand> indeed-- lots of contributions. awesome! :) 16:31 <tyhicks> jdstrand: you're up 16:31 <tyhicks> yes, great contributions! :) 16:33 <jdstrand> this week I plan to work on helping define snappy hardware access 16:33 <jdstrand> and also picking up a bit on snappy fingerprint 16:33 <jdstrand> I'll also be working on an embargoed issue 16:34 <jdstrand> mdeslaur: you're up 16:35 <mdeslaur> I'm working on updates, as usual...ntp is going out today, and I have krb5 to test 16:35 <mdeslaur> that's it, sbeattie, you're up 16:35 <sbeattie> I'm jumping back in to the rotation, and am on Community this week. 16:36 <sbeattie> I'm testing my binutils update (finally!) and will release that today. 16:36 <sbeattie> After that, I'll jump back on gcc-pie-for-amd64. 16:37 <sbeattie> That's it for me; tyhicks, you're up. 16:37 <tyhicks> I'm jumping back in the rotation, as well 16:37 <tyhicks> I'm in the new bug triage role this week 16:38 <tyhicks> I need to fix some tools and close out a lot of invalid bug tasks 16:38 <tyhicks> I've finalized v4 of the dbus-daemon AppArmor mediation patch set and need to finish testing it and then attach the patches to the upstream bug 16:39 <tyhicks> I still haven't gotten to proposing v2 of the libapparmor API changes but need to do that ASAP 16:39 <tyhicks> I should be able to start on that this afternoon 16:40 <tyhicks> the patch update was put on the backburner last week since upstream drastically changed their fix for one of the CVEs 16:40 <tyhicks> it looks like their tree has settled down and that I should go back to fixing those issues in patch 16:40 <tyhicks> that's probably all that I'll get to this week 16:40 <tyhicks> jjohansen: you're up 16:43 <jjohansen> So it seems I have most of the stack from last week and a few more items as well. There is an apparmor meeting this week, with some discussion needed around the kernel interface context (mode values), the is any v2 libapparmor aa_features API discussion an review that hits, Casey's LSM stacking patch 16:44 <jjohansen> I still need to work on the second revision of the deleted socket mediation bug 16:44 <jjohansen> and of course continue with the kernel code cleanup 16:45 <jjohansen> I think that is it from me, sarnold you're up 16:47 <sarnold> I'm on CVE triage this week; I'm hoping to return to the horizon update and finally make forward progress there again, as well as get the hang of the serverstack cloud for testing openstack updates. there's also a backlog of MIRs outstanding, I may get to those during testing runs, if the testing runs happen :) 16:47 <sarnold> that's it for me, looks like no chris, tyhicks? 16:48 <jdstrand> I think chrisccoulson is here 16:48 <chrisccoulson> hi :) 16:48 <jdstrand> hi! :) 16:49 <chrisccoulson> This week, I'll be getting a new oxide release out and continuing with stuff in https://launchpad.net/oxide/+milestone/branch-1.6 16:49 <chrisccoulson> And that's about it :) 16:49 <sarnold> sorry chrisccoulson, not sure how my tab key and I failed :) 16:51 <tyhicks> [TOPIC] Highlighted packages 16:51 <tyhicks> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 16:51 <tyhicks> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 16:51 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/virtualbox-guest-additions-iso.html 16:51 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/rc.html 16:51 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/libfpdi-php.html 16:51 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/libapache-poi-java.html 16:51 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/cabextract.html 16:52 <tyhicks> [TOPIC] Miscellaneous and Questions 16:52 <tyhicks> Does anyone have any other questions or items to discuss? 16:54 <tyhicks> jdstrand, mdeslaur, sbeattie, jjohansen, sarnold, chrisccoulson: thanks! 16:54 <tyhicks> #endmeeting