16:33 #startmeeting 16:33 Meeting started Mon Jun 3 16:33:08 2013 UTC. The chair is mdeslaur. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:33 16:33 Available commands: #accept #accepted #action #agree #agreed #chair #commands #endmeeting #endvote #halp #help #idea #info #link #lurk #meetingname #meetingtopic #nick #progress #rejected #replay #restrictlogs #save #startmeeting #subtopic #topic #unchair #undo #unlurk #vote #voters #votesrequired 16:33 chrisccoulson: wake up 16:33 hi :) 16:33 The meeting agenda can be found at: 16:33 [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:33 [TOPIC] Announcements 16:33 Thanks to Christian Kuersteiner (ckuerste) who provided debdiffs for precise-raring for xmp (LP: #1182769) 16:33 Thanks to Christian Kuersteiner (ckuerste) who provided debdiffs for quantal for tomcat6 (LP: #1166649) 16:33 Thanks to Thomas Ward (teward) who provided debdiffs for precise-raring for nginx (LP: #1182586) 16:33 Thanks to Rohan Garg (rohangarg) who provided debdiffs for precise-raring for kde4libs (LP: #1178286) 16:33 Launchpad bug 1182769 in xmp (Ubuntu) "Buffer Overflow in MASI loader" [Undecided,Fix released] https://launchpad.net/bugs/1182769 16:33 Your work is very much appreciated and will keep Ubuntu users secure. Great job! :) 16:33 Launchpad bug 1166649 in tomcat6 (Ubuntu Saucy) "Multiple open vulnerabilities in tomcat6 in quantal" [Undecided,Fix released] https://launchpad.net/bugs/1166649 16:33 Launchpad bug 1182586 in nginx (Ubuntu Raring) "CVE-2013-2070: nginx proxy_pass buffer overflow vulnerability" [Medium,Fix released] https://launchpad.net/bugs/1182586 16:33 Launchpad bug 1178286 in kdelibs "Security advisory from KDE upstream" [Medium,Fix released] https://launchpad.net/bugs/1178286 16:33 * mdeslaur slaps ubotty 16:34 [TOPIC] Weekly stand-up report 16:34 I'll go first 16:34 I'll be testing the zillion X updates this week 16:34 and that's about it 16:34 I'm on community too 16:34 sbeattie: you're up 16:34 I'm focusing on apparmor stuff again this week 16:35 Specifically https://blueprints.launchpad.net/ubuntu/+spec/security-s-appisolation-sdk 16:35 I'm currently hacking on the aa-easyprof bits 16:35 that's pretty much it for me. 16:35 tyhicks: you're up 16:35 I'm working on https://blueprints.launchpad.net/ubuntu/+spec/security-s-appisolation-dbus 16:36 This week, I plan on having all of the work items done except for the items related to pushing everything to the archive 16:36 There's also some minor cleanup and finishing touch type stuff that I'll end up doing to the dbus and apparmor patches 16:36 That's it for me 16:36 jjohansen: you're up 16:37 I'm focused on apparmor stuff as well 16:38 I'm still poking around for the correct bp so I'll just skip pasting that and say, its the continuation of the ipc work 16:38 jjohansen: I have "signals and bits for IPC" and "extended conditionals" in last weeks meeting log 16:38 jjohansen: is it a continuation of that? 16:39 mdeslaur: yep 16:39 cool 16:40 that and I'll get the latest patchset out for more review 16:40 sarnold: your up 16:40 I'm on triage on this week 16:40 I'll also be poking at trying to unbreak the boucycastle test suite, or steal portions of it, for QRT 16:41 sarnold: what's the status of your openssl updates? 16:41 I'm not sure why I've been met with such failure trying to use the test suite, but I presume it's partly my fault for not 100% grokking modern java 16:42 mdeslaur: at least saucy will need re-doing, I think there's a new version pushed into the archive in the meantime; I also need to ask your help in preparing updates for security-proposed or something to get testers first.. 16:42 .. at least, I think I'd really rather have feedback from users before pushing it to everyone 16:42 granted, fedora's been using it for a few months, but perhaps their knowledge of hwat broke isn't logged in their bug report. :) 16:42 sarnold: is it in the PPA yet? 16:42 mdeslaur: no 16:43 sarnold: ok, please create a tracking bug, and make sure the bug # is in the changelog before uploading 16:43 mdeslaur: okay 16:43 sarnold: so people know where to go if there's an issue in -proposed 16:43 mdeslaur: do I then just upload to the usual ppa once that's done? 16:44 sarnold: yes, as -security, and then we'll get an AA to pocket-copy it to -proposed 16:44 (perhaps I can already do that, need to check) 16:44 mdeslaur: cool, thanks :) 16:44 sarnold: you done? 16:45 mdeslaur: how much time do you think I should spend on trying to revive the bouncy castle tests before writing a handful of much less comprehensive tests myself? 16:45 sarnold: half a day? 16:45 * mdeslaur shrugs 16:45 mdeslaur: cool, thanks. now done :) 16:45 chrisccoulson: you're up :) 16:46 chrisccoulson: dude, wake up 16:46 mdeslaur: he's gotta finish his beer first. 16:47 ok, I'll mark down "web-y browser thingies" 16:48 [TOPIC] Highlighted packages 16:48 The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 16:48 See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 16:48 http://people.canonical.com/~ubuntu-security/cve/pkg/bip.html 16:48 http://people.canonical.com/~ubuntu-security/cve/pkg/openswan.html 16:48 http://people.canonical.com/~ubuntu-security/cve/pkg/exif.html 16:48 http://people.canonical.com/~ubuntu-security/cve/pkg/ibm-3270.html 16:48 http://people.canonical.com/~ubuntu-security/cve/pkg/php-mail.html 16:48 oops, sorry, was just finishing up dinner ;) 16:48 chrisccoulson: hrm, sorry about the meeting being so late for you 16:48 that's ok 16:49 chrisccoulson: maybe we should get you to go first next time 16:49 chrisccoulson: what are you working on this week? 16:50 this week, i'm still working on client-1303-webkit-maintenance. i've been fleshing out architecture diagrams for the last few days. hopefully they'll be in a good enough state for me to make public on google docs this week 16:50 cool 16:50 and then we'll have a good idea of what work needs to happen :) 16:51 awesome 16:51 chrisccoulson: done? 16:52 mdeslaur, yeah. there aren't any updates planned this week :) 16:52 oh, good 16:52 [TOPIC] Miscellaneous and Questions 16:52 Does anyone have any other questions or items to discuss? 16:53 Thanks everyone! 16:53 #endmeeting