== Meeting == * '''Who''': SecurityTeam * '''When''': [[http://www.timeanddate.com/worldclock/fixedtime.html?month=07&day=18&year=2011&hour=28&min=0&sec=0&p1=0|Mon Jul 18th 2011 17:00 UTC]] * '''End''': 17:30 UTC * '''Where''': #ubuntu-meeting on irc.freenode.net * '''Chaired By''': JamieStrandboge (jdstrand) == Attendance == * jdstrand * jjohansen * mdeslaur * micahg * sbeattie == Not present == * kees == Agenda == * Review of any previous action items * [ACTION] jjohansen to give jdstrand updated apparmor for testing * Weekly stand-up report (each member discusses any pending and planned future work for the week) * jdstrand * Weekly role: happy place * completed security-o-community work items * dbus/apparmor work items * training class * ufw upload for non-network-manager work items/bug fixes * kees * Weekly role: triage * mdeslaur * Weekly role: happy place * pending updates * sbeattie * Weekly role: community * pending updates * reporting Oneiric upgrade bugs * backlog of apparmor issues * micahg * Weekly role: happy place * pending updates * Highlighted packages The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security on Freenode. The highlighted packages for this week are: * [[http://people.canonical.com/~ubuntu-security/cve/pkg/textpattern.html|textpattern]]: [[http://people.canonical.com/~ubuntu-security/cve/2008/CVE-2008-5757.html|CVE-2008-5757]] [[http://people.canonical.com/~ubuntu-security/cve/2010/CVE-2010-3205.html|CVE-2010-3205]] * [[http://people.canonical.com/~ubuntu-security/cve/pkg/ayttm.html|ayttm]]: [[http://people.canonical.com/~ubuntu-security/cve/2009/CVE-2009-3560.html|CVE-2009-3560]] [[http://people.canonical.com/~ubuntu-security/cve/2009/CVE-2009-3720.html|CVE-2009-3720]] * [[http://people.canonical.com/~ubuntu-security/cve/pkg/dhcpcd5.html|dhcpcd5]]: [[http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-0996.html|CVE-2011-0996]] * [[http://people.canonical.com/~ubuntu-security/cve/pkg/freebsd-sendpr.html|freebsd-sendpr]]: [[http://people.canonical.com/~ubuntu-security/cve/2008/CVE-2008-5142.html|CVE-2008-5142]] * [[http://people.canonical.com/~ubuntu-security/cve/pkg/xmlsec1.html|xmlsec1]]: [[http://people.canonical.com/~ubuntu-security/cve/2009/CVE-2009-0217.html|CVE-2009-0217]] [[http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-1425.html|CVE-2011-1425]] * Miscellaneous and Questions * {{{ 12:15 < sbeattie> jdstrand: do you want to give the link in the wiki where the weekly set lives? 12:16 < jdstrand> the https://wiki.ubuntu.com/SecurityTeam/HighlightedPackages is updated weekly 12:16 < jdstrand> our GettingInvolved page includes this page 12:16 < jdstrand> and dholbach will be incorporating that into his pages/community work }}} * {{{ 12:17 < micahg> there was a question over the weekend about sun java updates in hardy, it's in multiverse, I was wondering if the team is willing to sponsor updates with a server leaning for hardy still even in multiverse 12:18 < jdstrand> micahg: we (the security team) will not be providing updates. sun java is in partner now, and iamfuzz is the person who is in charge of updating this, so would be the best person to ask 12:19 < jdstrand> that said, we would be happy to sponsor updated packages }}} == Log == Logs available at http://www.novarata.net/mootbot/