=== wolsen_ is now known as wolsen === bladernr_ is now known as bladernr-malta [16:32] \o [16:33] hello [16:33] #startmeeting [16:33] Meeting started Mon Apr 27 16:33:24 2015 UTC. The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology. [16:33] Available commands: action commands idea info link nick [16:33] The meeting agenda can be found at: [16:33] [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting [16:33] [TOPIC] Announcements === meetingology changed the topic of #ubuntu-meeting to: Announcements [16:34] Thanks to Rhonda D'Vine (rhonda) for help on security updates for the community supported wesnoth-1.10 last week. Your work is very much appreciated and will keep Ubuntu users secure. Great job! :) [16:34] (LP: #1445688) [16:34] Launchpad bug 1445688 in wesnoth-1.10 (Ubuntu Utopic) "private file disclosure issue (CVE-2015-0844)" [Undecided,Fix released] https://launchpad.net/bugs/1445688 [16:34] [TOPIC] Weekly stand-up report === meetingology changed the topic of #ubuntu-meeting to: Weekly stand-up report [16:35] jdstrand is busy atm so we'll skip him for now [16:35] he can jump in if he frees up [16:35] mdeslaur: go ahead [16:35] I'm on community this week [16:35] Im currently sponsoring ffmpeg [16:35] tomorrow I have patch piloting duties [16:35] I just published a few updates, and I have a couple more to test [16:36] and I completely forgot about the openssl precise update that I started, which I'll look into again [16:36] that's about it form me, sbeattie? [16:36] I'm on bug triage this week [16:36] essembe: INTRUDER! [16:36] who's this guy [16:36] oh bah [16:36] he looks shifty === essembe is now known as sbeattie [16:36] I'm on bug triage this week [16:37] I'm finishing up preparing the trusty apparmor SRU, I just have a couple of snags I hit to smooth out. [16:38] And then I'll switch to focusing on the gcc-pie work [16:38] I need to look at tyhicks patchset to support systemd, so we can land that work when W opens [16:38] that's pretty much it for me. tyhicks? [16:39] mdeslaur: back to your openssl precise update - is that to enable tlsv1.2 by default for clients? [16:41] I'm on CVE triage this week [16:41] I have a short week and will be off Thursday and Friday [16:41] I need to circle back to a number of things that were ignored during the ramp up to the Vivid release [16:42] and I want to finish the kernel patches for AppArmor kernel keyring mediation [16:42] it would be nice if I could get those patches out for review before Thursday but I'm not sure [16:42] jjohansen: you're up [16:42] tyhicks: yes, that's it [16:42] thanks [16:42] I have a short week this week, I will be off Friday [16:43] I have a couple backported CVE kernel fixes to look at and discuss with the kernel team [16:44] I also have a couple more apparmor patches to get out to the kernel team, so we can get the fixes into the next round of kernels [16:44] bug #1430546 [16:44] bug 1430546 in linux (Ubuntu) "apparmor kernel BUG kills firefox" [Medium,Triaged] https://launchpad.net/bugs/1430546 [16:45] being one of them (sorry I seem to have lost my browser tabs) [16:46] no problem [16:46] and then its back to the apparmor upstream cleanup. I plan to finish up with the domain transition cleanup/fixes this week (not that I didn't plan on finishing that bit last week :/) [16:47] I think that is it from me sarnold you're up [16:47] jjohansen: I noticed that a new AA kernel bug came in (LP: #1448912) [16:47] Launchpad bug 1448912 in AppArmor "BUG: unable to handle kernel NULL pointer dereference" [Undecided,New] https://launchpad.net/bugs/1448912 [16:48] tyhicks: oh I hadn't noticed that one, yet. I'll poke at that one too, this week [16:48] thanks [16:49] sarnold: go ahead :) [16:49] I'm in the happy place this week; I will be working more on openstack updates, and getting the hang of how the different openstack services work, etc. [16:50] sarnold: FYI, I think the updates in the ppa are now out of date, more CVEs came out in the meantime [16:50] I think I'll poke at the horizon service this week, and try to reproduce one of the issues on serverstack and try to find out if th e issue affects precise or not, and I'd love love love to get an update out the door, but .. thursdays always come so quickly [16:51] mdeslaur: yes, I think most of those updates are now stale :( [16:51] getting an update out this week would be great since you're in the happy place [16:51] it is always a little more difficult on cve triage weeks [16:51] yes [16:51] so very much yes :) [16:51] sarnold: do you plan on updating the packages with the new fixes? [16:52] tyhicks: I can give it ashot, I haven't actually looked into the details of any of the fixed packages in the ppa, excepting the one horizon issue [16:52] .. nor the details of the subsequently discovered CVEs [16:52] sarnold: ok, we'll discuss it more in a little bit [16:53] I may also do some apparmor patch reviews for distraction along the way [16:53] that's me, chrisccoulson? [16:53] This week, I need to get chromium out [16:53] I'll also be working through code reviews (my queue is quite large now) [16:54] And I'm currently looking at a browser crash on the phone [16:54] Other than that, it's business as usual (hopefully) [16:55] thanks [16:55] [TOPIC] Highlighted packages === meetingology changed the topic of #ubuntu-meeting to: Highlighted packages [16:56] The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. [16:56] See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. [16:56] http://people.canonical.com/~ubuntu-security/cve/pkg/mednafen.html [16:56] http://people.canonical.com/~ubuntu-security/cve/pkg/prewikka.html [16:56] http://people.canonical.com/~ubuntu-security/cve/pkg/rt-authen-externalauth.html [16:56] http://people.canonical.com/~ubuntu-security/cve/pkg/forked-daapd.html [16:56] http://people.canonical.com/~ubuntu-security/cve/pkg/mc.html [16:56] [TOPIC] Miscellaneous and Questions === meetingology changed the topic of #ubuntu-meeting to: Miscellaneous and Questions [16:56] Does anyone have any other questions or items to discuss? [16:58] mdeslaur, sbeattie, jjohansen, sarnold, ChrisCoulson: Thanks! [16:58] #endmeeting === meetingology changed the topic of #ubuntu-meeting to: Ubuntu Meeting Grounds | Calendar/Scheduled meetings: http://fridge.ubuntu.com/calendar | Logs: https://wiki.ubuntu.com/MeetingLogs | Meetingology documentation: https://wiki.ubuntu.com/meetingology [16:58] Meeting ended Mon Apr 27 16:58:17 2015 UTC. [16:58] Minutes: http://ubottu.com/meetingology/logs/ubuntu-meeting/2015/ubuntu-meeting.2015-04-27-16.33.moin.txt [16:58] tych0: thanks! [16:58] thanks tyhicks [16:58] thanks tyhicks! [16:58] double bah. [16:58] tyhicks: thanks! [16:58] tych0: sorry. [16:58] thanks tyhicks [19:01] anyone here to discuss anything at the DMB meeting, if not, we'l reconvene in two weeks since there's nothing on the agenda for today [19:02] micahg: have the previous action items been taken care of? [19:03] well, the first one is still out there, the second is done, I just need to send a follow-up message, but my E-Mail client wasn't being helpful before the meeting, I'll send that today