16:34:24 <jdstrand> #startmeeting
16:34:24 <meetingology> Meeting started Mon May  6 16:34:24 2013 UTC.  The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
16:34:24 <meetingology> 
16:34:24 <meetingology> Available commands: #accept #accepted #action #agree #agreed #chair #commands #endmeeting #endvote #halp #help #idea #info #link #lurk #meetingname #meetingtopic #nick #progress #rejected #replay #restrictlogs #save #startmeeting #subtopic #topic #unchair #undo #unlurk #vote #voters #votesrequired
16:34:30 <jdstrand> The meeting agenda can be found at:
16:34:31 <jdstrand> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
16:34:34 <jdstrand> [TOPIC] Announcements
16:34:41 <jdstrand> Evan Broder (broder) provided a debdiff for lucid for libapache-mod-security (LP: #1169030)
16:34:43 <ubottu> Launchpad bug 1169030 in modsecurity-apache (Ubuntu) "CVE 2013-1915: local files disclosure or resource exhaustion via XML External Entity attack" [Undecided,Triaged] https://launchpad.net/bugs/1169030
16:34:45 <jdstrand> Scott Kitterman (ScottK) provided a debdiff for hardy for clamav and new package for saucy (LP: #1172981)
16:34:47 <ubottu> Launchpad bug 1172981 in clamav (Ubuntu Hardy) "clamav 0.97.8 security update" [Undecided,Fix released] https://launchpad.net/bugs/1172981
16:34:48 <jdstrand> Your work is very much appreciated and will keep Ubuntu users secure. Great job! :)
16:35:02 <jdstrand> [TOPIC] Weekly stand-up report
16:35:09 <jdstrand> I'll go first
16:35:34 <jdstrand> I'm in the happy place this week
16:35:51 <jdstrand> I've got openjdk-6 updates to finish testing and publish
16:36:24 <jdstrand> last week a very productive week, and I've got lots of notes to assimilate and things to follow-up on, so I'll be doing that quite a bit
16:36:38 <jdstrand> there is an embargoed issue I'm going to be looking at
16:37:12 <jdstrand> and patch piloting
16:37:23 <jdstrand> that's it from me. mdeslaur, you're up
16:37:28 <mdeslaur> I'm on triage this week
16:37:41 <mdeslaur> and I have a few updates in the sec ppa to test and hopefully release this week
16:37:54 <mdeslaur> that's it from me
16:37:56 <mdeslaur> sbeattie: you're up
16:38:07 <sbeattie> I'm working on apparmor stuff this week
16:38:55 <sbeattie> I'm currently finishing up a couple of carried over work items, the aa-easyprof templates for qml apps and html5 apps
16:39:51 <sbeattie> after that, I'll move on to modifying aa-easyprof to take a manifest file and emit policy
16:40:02 <sbeattie> That's pretty much it for me.
16:40:09 <sbeattie> tyhicks: you're up
16:40:35 <tyhicks> This week, I'm working on this blueprint: https://blueprints.launchpad.net/ubuntu/+spec/security-s-appisolation-dbus-performance
16:40:44 <tyhicks> I finshed my carryover work item last week
16:40:56 <tyhicks> I'm wrapping up "adjust policy language to better match the network rule style and use more appropriate dbus keywords"
16:41:20 <tyhicks> then I'll move on to the performance testing work items
16:41:42 <tyhicks> then chat w/ jj to determine the best route forward to improve performance (if needed) and start on those changes
16:41:46 <tyhicks> that's it for me
16:41:48 <tyhicks> jjohansen: you're up
16:42:30 <jjohansen> hi I'm am working on https://blueprints.launchpad.net/ubuntu/+spec/appdev-s-appisolation-signals-ipc-ptrace
16:43:18 <jjohansen> and doing a little prep for tomorrows apparmor meeting
16:44:09 <jjohansen> sarnold: your up
16:44:20 <sarnold> I'm on community this week
16:44:46 <sarnold> I'll be doing some patch review for john, and if steve or tyler have anything ready, that'd be fun too :)
16:45:16 <tyhicks> I have some stuff that I can send up this week
16:45:54 <sarnold> I may also look over some seccomp patches for upstart, that sounds like a good wayto reduce attack surfaces overall, and some of our time on it would probably eb worthwhile
16:45:59 <sarnold> tyhicks: woot :)
16:46:33 <sarnold> I think that's it for me, and I don't see steakbot^Wchrisccoulson, so jdstrand, your turn
16:46:57 <jdstrand> yeah, it is a UK holiday
16:47:17 <jdstrand> [TOPIC] Highlighted packages
16:47:22 <jdstrand> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
16:47:26 <jdstrand> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
16:47:34 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/php-htmlpurifier.html
16:47:38 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/mpack.html
16:47:40 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/gnash.html
16:47:44 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/geshi.html
16:47:49 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/libpoe-component-pubsub-perl.html
16:47:57 <jdstrand> [TOPIC] Miscellaneous and Questions
16:48:00 <jdstrand> Does anyone have any other questions or items to discuss?
16:54:03 <jdstrand> mdeslaur, sbeattie, tyhicks, jjohansen, sarnold: thanks!
16:54:05 <jdstrand> #endmeeting