[00:49] major === ubott2 is now known as ubottu [16:32] hi! [16:32] \o [16:32] #startmeeting [16:33] The meeting agenda can be found at: [16:33] [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting [16:33] [TOPIC] Announcements [16:33] * tyhicks kicks the meeting bot [16:34] tyhicks: possible it's down with all the other bots? [16:35] if you'd like i'll drop Archangel (my bot) in here, then provide a publicly accessible copy of the logs for you for the meeting. [16:35] or pull it from my raw logs here on my client [16:35] teward: possibly - I'm not aware of any others being down [16:35] teward: thanks but I've got a logger going [16:35] ack [16:36] I guess I'll just proceed [16:36] * teward lurks [16:36] [TOPIC] Announcements [16:36] Thanks to Otto Kekäläinen (otto) for providing a debdiff to update mariadb-10.0 in vivid (LP: #1451677) [16:36] Launchpad bug 1451677 in mariadb-10.0 (Ubuntu) "USN-2575-1: MySQL vulnerabilities partially also applies to MariaDB" [Medium,Fix released] https://launchpad.net/bugs/1451677 [16:36] fyi, in the past when the bot was down I just pasted the irc into the wiki page rather than pointing it somewhere else [16:36] ok [16:36] (at the end of the meeting) [16:36] [TOPIC] Weekly stand-up report [16:36] jdstrand: you're up [16:37] today we had the oobe meeting with design. it went well, there are followups and discussions that need to be had that we'll capture in trello [16:37] I need to continue going over the IoM summaries and takeaways [16:37] I've got an embargoed item I am working on [16:38] I'd like to finish up the ubuntu-personal-security policy bits [16:38] then pick up a card as have time [16:38] mdeslaur: you're up [16:39] I'm on bug triage this week [16:39] it's a short week for me as I'm on holiday friday and monday [16:39] I'm working on a certificate issue in the ca-certificates package which I hope will be fixed soon [16:39] and I'm going down the CVE list [16:40] I'll probably be stealing the in-progress nbd updates from sbeattie [16:40] that's about it, sbeattie, you're up [16:40] I'm on cve triage this week [16:40] I'm trying to finish up the last patch reviews needed for an apparmor 2.10 release that we can pull into wily [16:41] I need to look at doko's gcc-5 plans [16:41] and that will probably consume my week [16:41] tyhicks: you're up [16:42] I'm in the happy place this week [16:42] I had a little bit of community sponsoring work left over from last week that I did this morning (smoke test and publish mariadb-10.0) [16:42] I will review the kdbus LSM hook patch set this week [16:43] I need to determine the best way to fix an auditing bug in the phone images (I've already sent a patch that will fix the issue in new kernels) [16:43] I want to get back to my UCT-to-trello bridge [16:43] and I have several embargoed issues [16:44] I think that's it for me [16:44] sarnold: skipping to you as I don't see jj [16:45] I'm on community this week, if someone wants to tackle updates for http://people.canonical.com/~ubuntu-security/cve/pkg/proftpd-dfsg.html I know a few users would appreciate the fixes; I'll also be working on the ppc64-diag "follow-on" package auditing; upstream suggested that we audit git instead, which makes some sense, I hope they can be repackaged for our 14.04.3 release quickly enough. [16:45] that's it for me, chrisccoulson? [16:46] After last week, I was hoping to get through some Oxide reviews this week and carry on with https://launchpad.net/oxide/+milestone/branch-1.9 [16:46] But Firefox has something to say about that [16:47] :/ [16:47] I've got 1 embargoed update to do, and I also need to do the thunderbird update [16:47] that's me done [16:47] would it make sense at some point to revert precise back to a firefox ESR release? [16:47] chrisccoulson: I asked in the other channel. is there something I/we can do to help with firefox? [16:48] I'm not sure atm. I'd like to be able to reproduce this crash, but I can't [16:48] the 14.04 crash? [16:48] Yeah [16:49] I can try in a VM [16:49] That's what I'm doing at the moment too [16:49] sbeattie, please delay any config changes until the GCC 5 transition is done [16:49] it's already ugly enough [16:49] doko: okay [16:50] chrisccoulson: ok, I'll get my trusty-amd64 vm updated and let you know what happens [16:50] thanks [16:50] sbeattie: I guess that means you should have full focus on aa 2.10 and getting it uploaded to wily this week [16:51] sbeattie: if that goes quickly, picking up a MIR would be a good idea [16:52] tyhicks: I forgot I had another thing on my plate, finishing up fixing QART issues on arm64 [16:52] ah, ok [16:52] sbeattie: those are seccomp test failures, right? [16:53] (due to symbol craziness) [16:54] you can tell me later [16:54] no, this is the test-kernel-security.py stuff, dealing with and testing for different configs [16:54] oh [16:54] ok [16:54] moving on [16:54] [TOPIC] Highlighted packages [16:54] The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. [16:54] See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. [16:54] http://people.canonical.com/~ubuntu-security/cve/pkg/boost1.48.html [16:54] http://people.canonical.com/~ubuntu-security/cve/pkg/jython.html [16:54] http://people.canonical.com/~ubuntu-security/cve/pkg/dhcpcd5.html [16:54] http://people.canonical.com/~ubuntu-security/cve/pkg/charybdis.html [16:54] http://people.canonical.com/~ubuntu-security/cve/pkg/texmacs.html [16:54] [TOPIC] Miscellaneous and Questions [16:54] Does anyone have any other questions or items to discuss? [16:56] jdstrand, mdeslaur, sbeattie, sarnold, ChrisCoulson (and teward): Thanks! [16:56] thanks tyhicks! [16:56] #endmeeting [16:57] tyhicks: thanks [16:58] thanks tyhicks!