16:34:24 #startmeeting 16:34:24 Meeting started Mon May 6 16:34:24 2013 UTC. The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:34:24 16:34:24 Available commands: #accept #accepted #action #agree #agreed #chair #commands #endmeeting #endvote #halp #help #idea #info #link #lurk #meetingname #meetingtopic #nick #progress #rejected #replay #restrictlogs #save #startmeeting #subtopic #topic #unchair #undo #unlurk #vote #voters #votesrequired 16:34:30 The meeting agenda can be found at: 16:34:31 [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:34:34 [TOPIC] Announcements 16:34:41 Evan Broder (broder) provided a debdiff for lucid for libapache-mod-security (LP: #1169030) 16:34:43 Launchpad bug 1169030 in modsecurity-apache (Ubuntu) "CVE 2013-1915: local files disclosure or resource exhaustion via XML External Entity attack" [Undecided,Triaged] https://launchpad.net/bugs/1169030 16:34:45 Scott Kitterman (ScottK) provided a debdiff for hardy for clamav and new package for saucy (LP: #1172981) 16:34:47 Launchpad bug 1172981 in clamav (Ubuntu Hardy) "clamav 0.97.8 security update" [Undecided,Fix released] https://launchpad.net/bugs/1172981 16:34:48 Your work is very much appreciated and will keep Ubuntu users secure. Great job! :) 16:35:02 [TOPIC] Weekly stand-up report 16:35:09 I'll go first 16:35:34 I'm in the happy place this week 16:35:51 I've got openjdk-6 updates to finish testing and publish 16:36:24 last week a very productive week, and I've got lots of notes to assimilate and things to follow-up on, so I'll be doing that quite a bit 16:36:38 there is an embargoed issue I'm going to be looking at 16:37:12 and patch piloting 16:37:23 that's it from me. mdeslaur, you're up 16:37:28 I'm on triage this week 16:37:41 and I have a few updates in the sec ppa to test and hopefully release this week 16:37:54 that's it from me 16:37:56 sbeattie: you're up 16:38:07 I'm working on apparmor stuff this week 16:38:55 I'm currently finishing up a couple of carried over work items, the aa-easyprof templates for qml apps and html5 apps 16:39:51 after that, I'll move on to modifying aa-easyprof to take a manifest file and emit policy 16:40:02 That's pretty much it for me. 16:40:09 tyhicks: you're up 16:40:35 This week, I'm working on this blueprint: https://blueprints.launchpad.net/ubuntu/+spec/security-s-appisolation-dbus-performance 16:40:44 I finshed my carryover work item last week 16:40:56 I'm wrapping up "adjust policy language to better match the network rule style and use more appropriate dbus keywords" 16:41:20 then I'll move on to the performance testing work items 16:41:42 then chat w/ jj to determine the best route forward to improve performance (if needed) and start on those changes 16:41:46 that's it for me 16:41:48 jjohansen: you're up 16:42:30 hi I'm am working on https://blueprints.launchpad.net/ubuntu/+spec/appdev-s-appisolation-signals-ipc-ptrace 16:43:18 and doing a little prep for tomorrows apparmor meeting 16:44:09 sarnold: your up 16:44:20 I'm on community this week 16:44:46 I'll be doing some patch review for john, and if steve or tyler have anything ready, that'd be fun too :) 16:45:16 I have some stuff that I can send up this week 16:45:54 I may also look over some seccomp patches for upstart, that sounds like a good wayto reduce attack surfaces overall, and some of our time on it would probably eb worthwhile 16:45:59 tyhicks: woot :) 16:46:33 I think that's it for me, and I don't see steakbot^Wchrisccoulson, so jdstrand, your turn 16:46:57 yeah, it is a UK holiday 16:47:17 [TOPIC] Highlighted packages 16:47:22 The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 16:47:26 See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 16:47:34 http://people.canonical.com/~ubuntu-security/cve/pkg/php-htmlpurifier.html 16:47:38 http://people.canonical.com/~ubuntu-security/cve/pkg/mpack.html 16:47:40 http://people.canonical.com/~ubuntu-security/cve/pkg/gnash.html 16:47:44 http://people.canonical.com/~ubuntu-security/cve/pkg/geshi.html 16:47:49 http://people.canonical.com/~ubuntu-security/cve/pkg/libpoe-component-pubsub-perl.html 16:47:57 [TOPIC] Miscellaneous and Questions 16:48:00 Does anyone have any other questions or items to discuss? 16:54:03 mdeslaur, sbeattie, tyhicks, jjohansen, sarnold: thanks! 16:54:05 #endmeeting