16:36 #startmeeting 16:36 Meeting started Mon Aug 5 16:36:34 2013 UTC. The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:36 16:36 Available commands: #accept #accepted #action #agree #agreed #chair #commands #endmeeting #endvote #halp #help #idea #info #link #lurk #meetingname #meetingtopic #nick #progress #rejected #replay #restrictlogs #save #startmeeting #subtopic #topic #unchair #undo #unlurk #vote #voters #votesrequired 16:36 The meeting agenda can be found at: 16:36 [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:36 [TOPIC] Announcements 16:36 Benjamin Drung (bdrung) provided updates for precise-raring for vlc (LP: 1186780) Your work is very much appreciated and will keep Ubuntu users secure. Great job! :) 16:36 Launchpad bug 1186780 in vlc (Ubuntu Raring) "Please update VLC (for security issues)" [Undecided,Fix released] https://launchpad.net/bugs/1186780 16:37 [TOPIC] Weekly stand-up report 16:37 I'll go first 16:37 I'm on community this week 16:37 I have some embargoed updates 16:38 patch piloting for august 16:38 and various audits 16:38 tyhicks: you're up 16:39 I'll have a little sync up with jj, when he returns, and then I'll upload apparmor and dbus with DBus mediation support 16:39 there's one known bug in dbus mediation and eavesdropping 16:39 I'll fix that this week 16:39 (but it isn't a blocker for uploading) 16:40 I'll focus on my content hub work items this week 16:40 I think that's it 16:40 sarnold: you're up 16:41 I'm in the happy place this week, so it'll be more MIR audits and apparmor patch reviews (thanks tyhicks :) 16:41 Oh yeah, I think there's a couple remaining (small) patches that need to be forwarded to the list 16:41 I'll dig those out 16:42 I'm also likely to spend more time on the dnsmasq-resolvconf-confetti bomb, that hting makes such a mess over all my VMs. 16:43 currently, hard-coded IPs in /etc/hosts are mostly serving, but after the -27 kernel ate some of my VM images, I had to bring up some of the VMs again multiple times to get different IPs for them. what a pain. 16:43 sarnold: I think some of that may be a one time sorta thing 16:43 jdstrand: yeah, I'm hopeful to keep it that way. :) 16:44 I think that's me, chrisccoulson, your turn :) 16:44 hi 16:44 sarnold: eg, maybe just start over-- clean our /etc/hosts of the static ones, then start each vm, one at a time, and ssh-keygen -R as needed until at the end you have all of them with new ip addresses 16:44 sarnold: we can talk more elasewhere if you want 16:44 s/elasewhere/elsewhere/ 16:44 so, this week is going to be a fun week. it's firefox and thunderbird release day tomorrow, so i'm currently working on that 16:44 \o/ 16:45 i've also been working on adding greasemonkey style user script support to oxide, which i plan to use for the unit tests (and which will probably form the basis of webapps) 16:45 chrisccoulson: was there anything for them coming out of blackhat/defcon? 16:45 jdstrand, not that i'm aware of 16:45 good for them :) 16:46 i shall get chromium out this week as well 16:47 and i've got a meeting about the UA string for the mobile browser 16:47 i think that's me done 16:47 jdstrand: the only thing I saw come out of blackhat for the browsers was "hey javascript lets you do a lot of amazing things, and advertising networks make it easy to rent time in a few million browsers..." 16:48 chrisccoulson: there may be some more oxide discussions too-- I plan on poking at the thread 16:48 sarnold: neat. I look forward to hearing from mdeslaur and sbeattie when they get back :) 16:48 jdstrand: me too :) 16:48 [TOPIC] Highlighted packages 16:49 http://people.canonical.com/~ubuntu-security/cve/pkg/batmand.html 16:49 http://people.canonical.com/~ubuntu-security/cve/pkg/aria2.html 16:49 http://people.canonical.com/~ubuntu-security/cve/pkg/unbound.html 16:49 http://people.canonical.com/~ubuntu-security/cve/pkg/squidclamav.html 16:49 http://people.canonical.com/~ubuntu-security/cve/pkg/policycoreutils.html 16:49 The highlighted packages for this week are ^ 16:49 The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/Securi 16:49 [TOPIC] Miscellaneous and Questions 16:49 Does anyone have any other questions or items to discuss? 16:55 tyhicks, sarnold, chrisccoulson: thanks! 16:55 #endmeeting