== Meeting == * '''Who''': SecurityTeam * '''When''': [[http://www.timeanddate.com/worldclock/fixedtime.html?month=02&day=04&year=2013&hour=18&min=0&sec=0&p1=0|Mon Feb 4th 2013 18:00 UTC]] * '''End''': 18:30 UTC * '''Where''': #ubuntu-meeting on irc.freenode.net * '''Chaired By''': JamieStrandboge (jdstrand) == Attendance == * jdstrand * mdeslaur * sbeattie * tyhicks * jjohansen * sarnold == Not present == * None == Agenda == * Announcements * Chad Miller (chad) provided updates for lucid-quantal for chromium-browser (LP: #1099075) * Weekly stand-up report (each member discusses any pending and planned future work for the week) * jdstrand * weekly role: triage * firefox regression fix * embargoed issue #1 * embargoed issue #2 * audits * mdeslaur * weekly role: community * pending updates * sbeattie * weekly role: happy place * !AppArmor: * display manager prototype * tyhicks * weekly role: happy place * embargoed item * !AppArmor policy kernel interface * finish testing some changes to the AppArmor D-Bus mediation and upload to ppa * jjohansen * weekly role: happy place * !AppArmor * socket labelling for get_peercon/DBus * rebase compat patches on top of base patches for alpha2 kernel to ppa * sarnold * weekly role: happy place * !AppArmor code reviews * Highlighted packages The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. The highlighted packages for this week are: <> * Miscellaneous and Questions * There are a lot of merge opportunities for packages listed in http://people.canonical.com/~ubuntu-security/d2u/. Performing these updates is a great way to help Ubuntu and bolster your developer application. == Log == Logs would normally be available at http://ubottu.com/meetingology/logs/ubuntu-meeting/2013/ubuntu-meeting.2013-02-04-18.11.html but the meeting bot was down at the time of the meeting. Here are the logs from the meeting:{{{ 12:11 < jdstrand> #startmeeting 12:11 < jdstrand> The meeting agenda can be found at: 12:11 < jdstrand> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 12:11 < jdstrand> [TOPIC] Announcements 12:11 < jdstrand> Chad Miller (chad) provided updates for lucid-quantal for chromium-browser (LP: #1099075) 12:12 < ubottu> Launchpad bug 1099075 in chromium-browser (Ubuntu Raring) "new upstream release: 24.0.1312.56" [High,Fix released] https://launchpad.net/bugs/1099075 12:12 < jdstrand> there is still some work to do for armhf to compile, but i386 and amd64 for lucid-raring are now caught up with upstream :) 12:12 < jdstrand> [TOPIC] Weekly stand-up report 12:12 < jdstrand> I'll go first 12:13 < jdstrand> I'm on triage this week 12:13 < jdstrand> there is a firefox regression fix that is going out this week 12:13 < jdstrand> I'm working on an embargoed issue 12:14 < jdstrand> I've got another embargoed issue I'm working on 12:15 < jdstrand> if I have time, I might look at the lxc mir this week 12:15 < jdstrand> mdeslaur: you're up 12:15 < mdeslaur> I'm on community this week 12:16 < mdeslaur> I have a couple of pending updates to try and figure out how to test 12:16 < mdeslaur> (jquery and xserver-xorg-video-qxl) 12:16 < mdeslaur> and will continue going down the CVE list 12:16 < mdeslaur> that's pretty much it 12:16 < jdstrand> mdeslaur: xserver-xorg-video-qxl - ah, that is for spice, right? 12:16 < mdeslaur> yeah, it's the spice xorg driver 12:17 < mdeslaur> sbeattie: you're up 12:17 < jdstrand> I wonder if that would help us with our unity 3d stuff 12:17 < mdeslaur> jdstrand: no 12:17 < jdstrand> hmm 12:17 < jdstrand> someone else said it might 12:17 < mdeslaur> eventually, I believe they are planning on writing a 3d enabled driver 12:17 < mdeslaur> but, not currently 12:18 < jdstrand> plus, looking at the spice server MIR last week, I thought it plausible since spice is supposed to use the best 'hardware' 12:18 < jdstrand> ie, maybe the guest, maybe the host, but whatever. you know more than I at this point 12:19 < mdeslaur> it.s more efficient than vnc, but it's not 3d 12:19 < jdstrand> k 12:19 < jdstrand> sbeattie: sorry, please go ahead 12:19 < sbeattie> no worries 12:20 < sbeattie> I'm working on apparmor this week 12:20 < sbeattie> focusing on my blueprint work items 12:20 < sbeattie> I also need to finish up my objectives rejiggering 12:21 < sbeattie> that's pretty much it for me. 12:21 < sbeattie> tyhicks: poke 12:21 < tyhicks> My week looks similar to last week 12:21 < tyhicks> Embargoed issue, AppArmor policy kernel interface, need to finish testing some changes to the AppArmor D-Bus mediation patches that I made last week and upload the new dbus package to dbus-dev PPA 12:21 < tyhicks> that's it for me 12:21 < tyhicks> jjohansen: you're up 12:22 < jjohansen> I am plugging away on apparmor work items 12:22 < jjohansen> instead of working on env var filtering, we have switched priorities a little bit I am going to be working on socket labeling so we can have get_peercon working and fix that issue in the dbus patches 12:22 < jjohansen> oh and I suppose I need to finish up rebasing the compat patches on top of the base labeling/stacking patches today. So I can push an alpha2 kernel into the ppa and give sarnold something more to review 12:22 < tyhicks> oh nice 12:24 < jjohansen> thats it from /me sarnold 12:25 < sarnold> I'm going to be working on workitems and objectives this week 12:25 < sarnold> vde2 is waiting a main inclusion request audit, it'd be fun to work on that too, we'll see how jdstrand's teaching-time works out :) 12:26 < jjohansen> sarnold will be reviewing patches this week too :) 12:26 < sarnold> uh oh :) 12:26 < sarnold> apparently' I'm also reviewing patches this week :) 12:26 < sbeattie> hehe 12:26 < sarnold> jdstrand: back to you :) 12:27 < jdstrand> yes, that patch review should take priority :) 12:27 < jdstrand> (unless asked otherwise) 12:27 < jdstrand> [TOPIC] Highlighted packages 12:27 < jdstrand> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 12:27 < jdstrand> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 12:27 < jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/firebird2.5.html 12:28 < jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/sleuthkit.html 12:28 < jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/phpldapadmin.html 12:28 < jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/nusoap.html 12:28 < jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/libsocialweb.html 12:29 < jdstrand> [TOPIC] Miscellaneous and Questions 12:29 < jdstrand> Does anyone have any other questions or items to discuss? 12:32 < jdstrand> #endmeeting }}}