16:31 <tyhicks> #startmeeting 16:31 <meetingology> Meeting started Mon Aug 3 16:31:45 2015 UTC. The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:31 <meetingology> 16:31 <meetingology> Available commands: action commands idea info link nick 16:31 <mdeslaur> \o 16:32 <tyhicks> The meeting agenda can be found at: 16:32 <tyhicks> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:32 <tyhicks> [TOPIC] Announcements 16:32 <tyhicks> Seyeong Kim (xtrusia) provided debdiffs for trusty-wily for pcre3 (LP: #1396768) 16:32 <ubottu> Launchpad bug 1396768 in pcre3 (Ubuntu Vivid) "pcre3 vulnerability CVE-2014, 2015" [Undecided,Fix released] https://launchpad.net/bugs/1396768 16:32 <tyhicks> Your contributions are greatly appreciated! :) 16:32 <tyhicks> [TOPIC] Weekly stand-up report 16:32 <tyhicks> mdeslaur: you're up 16:32 <mdeslaur> I'm out all week as I'm going to a conference 16:33 <mdeslaur> today I'm preparing my travel laptop 16:33 <mdeslaur> that's it from me, sbeattie, you're up 16:33 <sbeattie> I'm taking cve triage for mdeslaur this week, since he's gone and I'll be at a conference next week, when it would be my turn. 16:34 <sbeattie> I'm testing my fix to the apparmor 2.10 regression that prevented it from migrating to wily from proposed 16:34 <sbeattie> I've also got openjdk-6 on my plate this week 16:35 <sbeattie> That's pretty much my priorities for this week. tyhicks, you're up. 16:36 <tyhicks> I'm on community this week 16:36 <tyhicks> I have a couple designs to work on 16:38 <tyhicks> I have an embargoed issue 16:39 <tyhicks> I need to drum up someone to verify the fix for bug #1473584 16:39 <ubottu> bug 1473584 in linux-manta (Ubuntu Vivid) "AUDIT_USER_AVC messages are not printk'ed when auditd is not running" [Undecided,Fix committed] https://launchpad.net/bugs/1473584 16:39 <tyhicks> I think jjohansen is going to help me there if he has a chance 16:39 <jjohansen> sure 16:40 <tyhicks> and I need to finish the fix for a stale dcache issue in eCryptfs reported on Friday 16:40 <tyhicks> shouldn't be much work left there 16:40 <tyhicks> that's it for me 16:40 <tyhicks> jjohansen: you're up 16:40 <jjohansen> I need to finish investigating bind mount issue with apparmor lxd in snappy 16:40 <jjohansen> look into secure exec around the 4.2 rebase of apparmor 16:40 <jjohansen> send some apparmor patches upstream for 4.3 16:40 <jjohansen> still need to finish reviewing the dconf userspace patches 16:40 <jjohansen> continue working on the fix for bug #1448912 16:40 <ubottu> bug 1448912 in AppArmor "BUG: unable to handle kernel NULL pointer dereference (aa_label_merge)" [Medium,Confirmed] https://launchpad.net/bugs/1448912 16:41 <jjohansen> thats it for me sarnold you're up 16:41 <sarnold> I'm on bug triage this week 16:42 <sarnold> I need to have a conversation with till about testing ippusbxd, when doing the mir I wondered if it was working as advertised, and realized that we can't really test this thing end-to-end like we do with most packages 16:43 <sarnold> most of the work with the mir is done, it'd just be useful to have an irc chat with till, rather than back-and-forth over bugmail. oh well, it'll work either way.. 16:44 <sarnold> I suspect I'll pick up more MIRs this week, though may do reactive work if needed 16:44 <tyhicks> sarnold: he should be catchable over irc 16:44 <sarnold> and might do an apparmor review or two for a change of pace 16:44 <sarnold> tyhicks: yeah, I suspect summertime has just made it less likely for us to see each other 16:44 * tyhicks nods 16:44 <tyhicks> sarnold: would you be able to publish the openstack updates today? 16:44 <sarnold> tyhicks: sure 16:45 <tyhicks> sarnold: that'll be a huge help - thanks! 16:45 <tyhicks> sarnold: we can sync up afterwards 16:45 <sarnold> it'll feel great have those moving :) 16:45 <tyhicks> Chris is likely having connectivity issues 16:45 <tyhicks> yes 16:45 <tyhicks> I think we're done with stand-up reports 16:45 <tyhicks> [TOPIC] Highlighted packages 16:46 <tyhicks> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 16:46 <tyhicks> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 16:46 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/xorg-server-lts-utopic.html 16:46 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/lft.html 16:46 <tyhicks> [TOPIC] Miscellaneous and Questions 16:46 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/libspoon-perl.html 16:46 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/libdancer-perl.html 16:46 <tyhicks> Does anyone have any other questions or items to discuss? 16:46 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/lwipv6.html 16:48 <tyhicks> mdeslaur, sbeattie, jjohansen, sarnold: Thanks! 16:48 <tyhicks> #endmeeting