16:36 #startmeeting 16:36 Meeting started Mon Aug 11 16:36:30 2014 UTC. The chair is mdeslaur. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:36 16:36 Available commands: action commands idea info link nick 16:36 The meeting agenda can be found at: 16:36 [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:36 [TOPIC] Announcements 16:36 Thanks to the following people for their help on security updates for these community supported packages last week: 16:36 Jonathan Riddell (Riddell) provided a debdiff for trusty for krfb (LP: #1352421) 16:36 Scott Kitterman (ScottK) provided a debdiff for trusty for reportbug (LP: #1353046) 16:36 James Page (jamespage) provided packages for trusty for mysql-5.6 (LP: #1330168) 16:36 Reinhard Tartler (siretart) provided a package for trusty for libav (LP: #1354755) 16:36 Your work is very much appreciated and will keep Ubuntu users secure. Great job! :) 16:36 Launchpad bug 1352421 in krfb (Ubuntu Utopic) "possible denial of service or code execution via integer overflow" [Undecided,Fix released] https://launchpad.net/bugs/1352421 16:36 Launchpad bug 1353046 in reportbug (Ubuntu Lucid) "arbitrary code execution in compare_versions" [Undecided,Confirmed] https://launchpad.net/bugs/1353046 16:37 Launchpad bug 1330168 in mysql-5.6 (Ubuntu Utopic) "Please update to 5.6.19" [High,Fix committed] https://launchpad.net/bugs/1330168 16:37 Launchpad bug 1354755 in libav (Ubuntu Trusty) "Libav security fixes Aug 2014" [High,In progress] https://launchpad.net/bugs/1354755 16:37 ubottu: shut up 16:37 \o/ 16:37 np 16:37 [TOPIC] Weekly stand-up report 16:37 I'll go first 16:37 * ScottK waves 16:37 I'm in the happy place this week 16:38 I have some updates to test and publish, including a bunch of openstack on trusty updates 16:38 and am looking to go down the list as much as possible before I go on vacation next week 16:38 that's pretty much it from me...sbeattie, you're up 16:39 I'm on apparmor this week 16:39 I'm currently trying to wade through my email after being on holiday last week 16:39 * jjohansen cheers and hands sbeattie the backend parser change work 16:40 I need to sync up with jjohansen on where things stand with abstract sockets and apparmor. 16:40 Heh, pretty much my plan is to dig into whatever you need help with, jjohansen. 16:40 That's pretty much it for me. tyhicks? 16:41 I'll be working on apparmor this week 16:41 my main focus will be to land the abstract socket mediation changes when they're ready 16:42 I just finished building the latest kernel changes for utopic-amd64, goldfish-i386, and mako-armhf 16:42 now I'll start making system policy changes 16:43 while those kernels were building, I started modifying the unix_socket_file.sh regression test to add the ability to test abstract sockets 16:43 I'll wrap that up and send it out sometime this week 16:43 I also need to try to refresh the dbus merge (LP: #1320422) 16:43 Launchpad bug 1320422 in dbus (Ubuntu) "Please merge dbus 1.8.2-1 (main) from Debian testing (main)" [Low,Incomplete] https://launchpad.net/bugs/1320422 16:43 and I need to prep for LSS next week 16:43 that's it for me 16:43 jjohansen: you're up 16:45 jjohansen: hello? 16:45 I'm primarily working on landing the abstract socket mediation this week. I'll need to sync up with sbeattie and continue to fix the backend of the policy compiler 16:45 hey mdeslaur 16:45 jjohansen: what's the status, is everything going along as you'd like? 16:46 mdeslaur: not really, I figured out a large part of the issue was backend compiler work that I hadn't been planning on yet 16:47 mdeslaur: so we are doing the shortest path update to that we can 16:47 ok 16:47 thanks 16:48 I think that is it from me, sarnold you're up 16:48 I'm on triage this week; I've also got two MIRs, one already in flight but repeated pre-empted, the other not yet started 16:50 I'll review whatever patches john can come up with this week, too, and I am hoping that the filemanager PAM integration v2 might be ready for a review this week. (Though that's optimism on my part.) 16:50 that's it for me, chrisccoulson? 16:51 I'm continuing to work through my RTM bugs this week (and I've potentially got one extra now - bug 1353453) 16:51 bug 1353453 in webbrowser-app "m.here.com doesn’t close authentication page after logging in" [High,Triaged] https://launchpad.net/bugs/1353453 16:51 I've done the most important code reviews for oxide, although I've still got some left - those aren't seriously urgent 16:51 and I've got one update to do this week too 16:51 that's me done :) 16:52 anyone left? 16:52 guess not 16:53 [TOPIC] Highlighted packages 16:53 The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 16:53 See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 16:53 http://people.canonical.com/~ubuntu-security/cve/pkg/gallery.html 16:53 http://people.canonical.com/~ubuntu-security/cve/pkg/gcc-4.7-armhf-cross.html 16:53 http://people.canonical.com/~ubuntu-security/cve/pkg/inetutils.html 16:53 http://people.canonical.com/~ubuntu-security/cve/pkg/dhcpcd.html 16:53 http://people.canonical.com/~ubuntu-security/cve/pkg/xine-ui.html 16:53 [TOPIC] Miscellaneous and Questions 16:53 Does anyone have any other questions or items to discuss? 16:53 Thanks everyone! 16:53 #endmeeting