#ubuntu-meeting log

18:04:30 <jdstrand> #startmeeting
18:04:30 <meetingology> Meeting started Mon Dec 17 18:04:30 2012 UTC.  The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
18:04:30 <meetingology> 
18:04:30 <meetingology> Available commands: #accept #accepted #action #agree #agreed #chair #commands #endmeeting #endvote #halp #help #idea #info #link #lurk #meetingname #meetingtopic #nick #progress #rejected #replay #restrictlogs #save #startmeeting #subtopic #topic #unchair #undo #unlurk #vote #voters #votesrequired
18:04:34 <jdstrand> The meeting agenda can be found at:
18:04:35 <jdstrand> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
18:04:39 <jdstrand> [TOPIC] Announcements
18:04:59 <jdstrand> thanks to Christian Kuersteiner (ckuerste) provided a debdiff for lucid for pgbouncer (LP: #1083414)
18:05:01 <ubottu> Launchpad bug 1083414 in pgbouncer (Ubuntu Raring) "DoS-Vulnerability in pgbouncer" [Undecided,Fix released] https://launchpad.net/bugs/1083414
18:05:08 <jdstrand> Your work is very much appreciated and will keep Ubuntu users secure. Great job! :)
18:05:13 <jdstrand> [TOPIC] Weekly stand-up report
18:05:17 <jdstrand> I'll go first
18:05:32 <jdstrand> I've got a short week this week-- off Thu and Fri
18:05:39 <jdstrand> I'm on community
18:06:23 <jdstrand> I plan to look at an old apport/apparmor hardening update
18:06:47 <jdstrand> I also hope to look at some audits and tick off various things off my todo list
18:06:58 <jdstrand> mdeslaur: you're up
18:07:08 <mdeslaur> I'm in the happy place this week
18:07:14 <mdeslaur> I just published a few updates
18:07:25 <mdeslaur> and I plan on doing some merges
18:07:39 <mdeslaur> I have a short week as I'm off starting on thursday at noon
18:07:52 <mdeslaur> and I'll look at some other CVEs, time permitting
18:07:54 <mdeslaur> that's it from me
18:07:56 <mdeslaur> sbeattie: you're up
18:08:16 <sbeattie> I have a very short week this week, as I am on holiday starting tomorrow
18:08:47 <sbeattie> (I'll be available and sporadically checking irc/email)
18:09:08 <sbeattie> Otherwise, I'm continuing to work on apparmor display manager stuff
18:09:20 <sbeattie> that's it for me. micahg?
18:09:43 <mdeslaur> sbeattie: hehe, you must not have felt like getting up this morning :)
18:10:20 <micahg> I've got more webkit, patch piloting, and hopefully Chromium if qengho tracks down the issues he's working on
18:10:44 <micahg> that's it
18:11:22 <micahg> tyhicks: ping
18:11:31 <tyhicks> I'm working on an embargoed item
18:11:41 <tyhicks> I'll be working on the apparmor kernel policy interface work item, as well
18:12:15 <tyhicks> I should also take a look at the outstanding eCryptfs kernel patches sent to me recently since the kernel merge window will close this week
18:12:28 <tyhicks> I'm working all week
18:12:33 <tyhicks> that's it for me
18:12:35 <tyhicks> jjohansen: you're up
18:13:24 <doko> sarnold, fyi, the one issue that the gcc trunk build was broken with ssp is now fixed
18:13:40 <sarnold> doko: excellent, thank you :)
18:14:04 <jdstrand> jj isn't here
18:14:05 <doko> now reenabling again format security
18:14:10 <jdstrand> sarnold: you're up
18:14:15 <sbeattie> doko: \o/
18:14:18 <tyhicks> oh yeah, sorry
18:14:39 <sarnold> I'm on triage this week
18:14:42 <jdstrand> I think he is working on getting 2.8 alpha together and the base labeling patches done before the break
18:15:19 <jdstrand> (he should be here most of the week as well)
18:15:45 * jdstrand is done
18:15:51 <jdstrand> sarnold: sorry
18:16:30 <sarnold> I've been reading and re-reading the bugzilla report from dwmw2 and trying to re-create the problem on my laptop
18:16:44 <sarnold> I'd like to recreate the problem in a way that leads to reproducers that could be added to QRT
18:17:06 <jdstrand> sarnold: is that a gcc thing?
18:17:20 <sarnold> (dwmw2's configuration is _highly_ specific to his use, and isn't easy to recreate... I've found that the dnsmasq spawned by juju seems ideal at showing the problem...)
18:17:28 <jdstrand> ah, dnsmasq
18:17:33 <sarnold> jdstrand: ah, no, sorry, dnsmasq
18:18:47 <sarnold> I'm currently poking at using the 'dummy' interfaces because the ethernet aliases don't have the correct 'bind to interface' properties that a 'real' interface would have, and I want them separate from my physical interfaces...
18:19:47 <sarnold> I think I'm going to be using tcpdump, tcprewrite, and tcpreplay to fiddle with the packets, though I'm not 100% confident that tcpreplay will let me send to a 'wrong' ip for a given interface.
18:20:36 <sarnold> the patch itself is surprisingly small for the effort though; I feel like dnsmasq is important enough to get right to put in this time, but wouldn't mind be persuaded to just do the update.
18:20:57 <jdstrand> sarnold: hmm, you might check out scapy
18:21:04 <sbeattie> sarnold: hrm, is this something where testing in a multi-interfaced vm would make more sense?
18:21:24 <sarnold> sbeattie: ah, it could.
18:21:35 <mdeslaur> sarnold: you can look at the instructions for quagga for examples on multi-vm testing instructions
18:22:13 <sarnold> I was hoping to stick with dummy just so that it would be easier to put into qrt tests -- something that could be configured and run entirely on one host, you know?
18:22:19 <mdeslaur> sarnold: or isc-dhcp
18:22:29 <sarnold> mdeslaur: cool, thanks. :)
18:23:58 <jdstrand> sarnold: one host is definitely nice. there are some tests scripts (libvirt, krb5, openldap (iirc)) that can be given an extra argument to connect to another server
18:24:12 <jdstrand> which is a totally acceptable fallback
18:25:02 <jdstrand> sarnold: do you have more to report?
18:25:25 <sarnold> jdstrand: no, that's it. thanks.
18:25:30 <jdstrand> [TOPIC] Highlighted packages
18:25:37 <jdstrand> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
18:25:41 <jdstrand> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
18:25:47 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/ircd-ratbox.html
18:25:50 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/dracut.html
18:25:53 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/xymon.html
18:25:56 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/libapache2-mod-auth-openid.html
18:26:01 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/pnp4nagios.html
18:26:11 <jdstrand> [TOPIC] Miscellaneous and Questions
18:26:16 <jdstrand> Does anyone have any other questions or items to discuss?
18:28:13 <jdstrand> mdeslaur, sbeattie, micahg, tyhicks, sarnold: thanks!
18:28:14 <jdstrand> #endmeeting