16:35 <tyhicks> #startmeeting 16:35 <meetingology> Meeting started Mon Jul 20 16:35:07 2015 UTC. The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:35 <meetingology> 16:35 <meetingology> Available commands: action commands idea info link nick 16:35 <tyhicks> The meeting agenda can be found at: 16:35 <tyhicks> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:35 <tyhicks> [TOPIC] Weekly stand-up report 16:35 <tyhicks> jdstrand: you're up 16:36 <jdstrand> hi! 16:37 <jdstrand> I've got an embargoed issue I am working on 16:37 <jdstrand> I also plan to pickup an openstack update this week 16:38 <jdstrand> I gathered up some ufw patches and will try to release 0.34 this week, time permitting 16:38 <jdstrand> I'll also look at trello and see what's up next 16:39 <jdstrand> m deslaur is out, sbeattie, you're up 16:39 <sbeattie> I'm on security bug triage this week. 16:40 <sbeattie> I've also got a preliminary apparmor 2.10 package for wily prepared and have done some local testing with, that I'm hoping to have sponsered later this week. 16:40 <tyhicks> nice :) 16:41 <sbeattie> I'm trying to find out what's up with upstream icedtea releases, as we need to prepare updates for openjdk 16:41 <sbeattie> I also have some arm64 and kernel 4.1 qrt test failures to track down. 16:42 <sbeattie> And I'm also trying to find time for gcc-pie. 16:42 <sbeattie> that's pretty much my week. tyhicks? 16:42 <tyhicks> sbeattie: did I understand correctly that you plan on doing openjdk updates this week? 16:43 <sbeattie> yes 16:44 <sbeattie> it's a bit contingent on seeing an upstream icedtea release. 16:44 <tyhicks> ok 16:45 <sbeattie> they announced a new 2.6.0 release, but nothing for older releases yet. 16:45 <tyhicks> sbeattie: that's a full week - put gcc-pie on the backburner and revisit it next week 16:45 <tyhicks> I'm on cve triage this week 16:46 <tyhicks> I'm working on several embargoed issues 16:46 <tyhicks> I still need to review the kdbus LSM hook patch set 16:46 <tyhicks> Verify kernel auditing bug fix in the phone images (LP: #1473584) 16:46 <ubottu> Launchpad bug 1473584 in linux-manta (Ubuntu Vivid) "AUDIT_USER_AVC messages are not printk'ed when auditd is not running" [Undecided,Fix committed] https://launchpad.net/bugs/1473584 16:46 <tyhicks> Investigate supportability of io.js 16:46 <tyhicks> that's it for me 16:46 <tyhicks> jjohansen: you're up 16:47 <jjohansen> I have an embargoed issue I am working on 16:47 <jjohansen> and then I am going to finish up the fix for bug #1448912 16:47 <ubottu> bug 1448912 in AppArmor "BUG: unable to handle kernel NULL pointer dereference (aa_label_merge)" [Medium,Confirmed] https://launchpad.net/bugs/1448912 16:48 <jjohansen> and get together a pull request for the kernel team, and patch series for upstream 16:50 <jjohansen> then if I am really lucky I'll look into overlayfs issues 16:51 <jjohansen> I think that is it from me, sarnold you are up 16:51 <sarnold> I'm in the happy place this week; I'm going to finish the ppc64-diag follow-on MIR audits today or tomorrow, and then I'll be free to pick up an update 16:51 <sarnold> that's it for me, chrisccoulson? 16:52 <chrisccoulson> I'm hoping to have a less crazy week this week - I plan to get Thunderbird 31.8.0 out today. Also, people have been asking why we're not updating to Thunderbird 38.1.0 yet (yeah, terrible version numbering), so I've opened bug 1476169 and plan to upload it to proposed 16:52 <ubottu> bug 1476169 in thunderbird (Ubuntu Vivid) "Update Thunderbird to 38.1.0" [Wishlist,Triaged] https://launchpad.net/bugs/1476169 16:53 <chrisccoulson> I'll also be preparing the next Oxide release 16:53 <chrisccoulson> Other than that, I've got a tonne of Oxide reviews to work through 16:53 <chrisccoulson> I think that's me done 16:56 <tyhicks> chrisccoulson: here's to a sane week in the browser security world :) 16:56 <tyhicks> thanks! 16:56 <tyhicks> [TOPIC] Highlighted packages 16:56 <tyhicks> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 16:56 <tyhicks> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 16:56 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/sssd.html 16:56 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/squidclamav.html 16:56 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/ncpfs.html 16:56 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/nusoap.html 16:56 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/php-mail.html 16:56 <tyhicks> [TOPIC] Miscellaneous and Questions 16:56 <tyhicks> Does anyone have any other questions or items to discuss? 16:58 <tyhicks> jdstrand, sbeattie, jjohansen, sarnold, ChrisCoulson: Thanks! 16:58 <tyhicks> #endmeeting