#ubuntu-meeting log

16:35 <tyhicks> #startmeeting
16:35 <meetingology> Meeting started Mon Jul 20 16:35:07 2015 UTC.  The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
16:35 <meetingology> 
16:35 <meetingology> Available commands: action commands idea info link nick
16:35 <tyhicks> The meeting agenda can be found at:
16:35 <tyhicks> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
16:35 <tyhicks> [TOPIC] Weekly stand-up report
16:35 <tyhicks> jdstrand: you're up
16:36 <jdstrand> hi!
16:37 <jdstrand> I've got an embargoed issue I am working on
16:37 <jdstrand> I also plan to pickup an openstack update this week
16:38 <jdstrand> I gathered up some ufw patches and will try to release 0.34 this week, time permitting
16:38 <jdstrand> I'll also look at trello and see what's up next
16:39 <jdstrand> m deslaur is out, sbeattie, you're up
16:39 <sbeattie> I'm on security bug triage this week.
16:40 <sbeattie> I've also got a preliminary apparmor 2.10 package for wily prepared and have done some local testing with, that I'm hoping to have sponsered later this week.
16:40 <tyhicks> nice :)
16:41 <sbeattie> I'm trying to find out what's up with upstream icedtea releases, as we need to prepare updates for openjdk
16:41 <sbeattie> I also have some arm64 and kernel 4.1 qrt test failures to track down.
16:42 <sbeattie> And I'm also trying to find time for gcc-pie.
16:42 <sbeattie> that's pretty much my week. tyhicks?
16:42 <tyhicks> sbeattie: did I understand correctly that you plan on doing openjdk updates this week?
16:43 <sbeattie> yes
16:44 <sbeattie> it's a bit contingent on seeing an upstream icedtea release.
16:44 <tyhicks> ok
16:45 <sbeattie> they announced a new 2.6.0 release, but nothing for older releases yet.
16:45 <tyhicks> sbeattie: that's a full week - put gcc-pie on the backburner and revisit it next week
16:45 <tyhicks> I'm on cve triage this week
16:46 <tyhicks> I'm working on several embargoed issues
16:46 <tyhicks> I still need to review the kdbus LSM hook patch set
16:46 <tyhicks> Verify kernel auditing bug fix in the phone images (LP: #1473584)
16:46 <ubottu> Launchpad bug 1473584 in linux-manta (Ubuntu Vivid) "AUDIT_USER_AVC messages are not printk'ed when auditd is not running" [Undecided,Fix committed] https://launchpad.net/bugs/1473584
16:46 <tyhicks> Investigate supportability of io.js
16:46 <tyhicks> that's it for me
16:46 <tyhicks> jjohansen: you're up
16:47 <jjohansen> I have an embargoed issue I am working on
16:47 <jjohansen> and then I am going to finish up the fix for bug #1448912
16:47 <ubottu> bug 1448912 in AppArmor "BUG: unable to handle kernel NULL pointer dereference (aa_label_merge)" [Medium,Confirmed] https://launchpad.net/bugs/1448912
16:48 <jjohansen> and get together a pull request for the kernel team, and patch series for upstream
16:50 <jjohansen> then if I am really lucky I'll look into overlayfs issues
16:51 <jjohansen> I think that is it from me, sarnold you are up
16:51 <sarnold> I'm in the happy place this week; I'm going to finish the ppc64-diag follow-on MIR audits today or tomorrow, and then I'll be free to pick up an update
16:51 <sarnold> that's it for me, chrisccoulson?
16:52 <chrisccoulson> I'm hoping to have a less crazy week this week - I plan to get Thunderbird 31.8.0 out today. Also, people have been asking why we're not updating to Thunderbird 38.1.0 yet (yeah, terrible version numbering), so I've opened bug 1476169 and plan to upload it to proposed
16:52 <ubottu> bug 1476169 in thunderbird (Ubuntu Vivid) "Update Thunderbird to 38.1.0" [Wishlist,Triaged] https://launchpad.net/bugs/1476169
16:53 <chrisccoulson> I'll also be preparing the next Oxide release
16:53 <chrisccoulson> Other than that, I've got a tonne of Oxide reviews to work through
16:53 <chrisccoulson> I think that's me done
16:56 <tyhicks> chrisccoulson: here's to a sane week in the browser security world :)
16:56 <tyhicks> thanks!
16:56 <tyhicks> [TOPIC] Highlighted packages
16:56 <tyhicks> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
16:56 <tyhicks> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
16:56 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/sssd.html
16:56 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/squidclamav.html
16:56 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/ncpfs.html
16:56 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/nusoap.html
16:56 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/php-mail.html
16:56 <tyhicks> [TOPIC] Miscellaneous and Questions
16:56 <tyhicks> Does anyone have any other questions or items to discuss?
16:58 <tyhicks> jdstrand, sbeattie, jjohansen, sarnold, ChrisCoulson: Thanks!
16:58 <tyhicks> #endmeeting