== Meeting information == * #ubuntu-meeting Meeting, 11 Sep at 16:31 — 16:50 UTC * Full logs at [[http://ubottu.com/meetingology/logs/ubuntu-meeting/2017/ubuntu-meeting.2017-09-11-16.31.log.html]] == Meeting summary == ''LINK:'' https://wiki.ubuntu.com/SecurityTeam/Meeting === Announcements === The discussion about "Announcements" started at 16:32. === Weekly stand-up report === The discussion about "Weekly stand-up report" started at 16:32. === Highlighted packages === The discussion about "Highlighted packages" started at 16:48. * ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/python-jwcrypto.html * ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/libid3tag.html === Miscellaneous and Questions === The discussion about "Miscellaneous and Questions" started at 16:48. * ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/atheme-services.html * ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/golang-github-appc-docker2aci.html * ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/mxml.html == Vote results == == Done items == * (none) == People present (lines said) == * tyhicks (45) * ratliff (7) * jdstrand (7) * sbeattie (7) * sarnold (5) * leosilva (5) * mdeslaur (5) * jjohansen (4) * ubottu (3) * meetingology (3) == Full Log == 16:31 #startmeeting 16:31 Meeting started Mon Sep 11 16:31:46 2017 UTC. The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:31 16:31 Available commands: action commands idea info link nick 16:31 \o 16:31 The meeting agenda can be found at: 16:31 [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:32 [TOPIC] Announcements 16:32 Gianfranco Costamagna provided a debdiff for xenial for check-all-the-things (LP: #1597245) 16:32 Launchpad bug 1597245 in check-all-the-things (Ubuntu Xenial) "[SRU] update check-all-the-things to xenial" [Undecided,Fix released] https://launchpad.net/bugs/1597245 16:32 Simon Quigley (tsimonq2) provided a debdiff for xenial for karchive (LP: #1712948) 16:32 Launchpad bug 1712948 in karchive (Ubuntu Xenial) "[CVE] KNewstuff downloads can install files outside the extraction directory" [Medium,Fix released] https://launchpad.net/bugs/1712948 16:32 James Cowgill (jcowgill) provided debdiffs for xenial and zesty for mbedtls (LP: #1714640) 16:32 Launchpad bug 1714640 in mbedtls (Ubuntu Artful) "CVE-2017-14032 - certificate authentication bypass" [Medium,Fix released] https://launchpad.net/bugs/1714640 16:32 Thank you for your assistance in keeping Ubuntu users secure! :) 16:32 [TOPIC] Weekly stand-up report 16:32 jdstrand: you're up 16:32 This week I plan to work on: 16:32 * updating the review tools for new license yaml, better error reporting and a few smaller fixes 16:32 * continuing reviews in support of snapd layouts feature (PR 3621) 16:32 * investigate device cgroup issues in snapd 16:32 * miscellaneous policy updates for snapd as have time 16:32 * start next steps of my parts of uid/gid work in snapd as have time 16:32 that's it from me. mdeslaur, you're up 16:33 I'm just back from vacation, so I'll be catching up on email 16:33 I think I have qemu packages to publish tomorow 16:33 and I'll be going down the list after that 16:33 that's it, sbeattie, you're up 16:33 I'm in the happy place this week. 16:33 I have a couple of embargoed issues I'm looking at 16:34 I'm also working on a libxml2 update 16:35 I'll have the usual kernel triage bits to go through. 16:35 I have some apparmor stuff to review, and I think a couple of qrt tasks to investigate 16:36 that's probably it for me. 16:36 tyhicks: you're up 16:36 I'm in the happy place this week 16:37 I'm here for the first half of the week and then I'll be traveling to and attending the Linux Security Summit in the last half 16:37 I'll be working on packaging/testing fscrypt 0.2.1 16:37 I'll test the latest LSM stacking patches prior to LSS 16:38 (I quickly reviewed the patches a week or two ago) 16:38 tyhicks: I have a tree with them on artful 4.13 I'll point you at 16:38 and I'll see if I can fit any libseccomp backports/uploads in if the PR gets an ack 16:38 that's it for me 16:38 jjohansen: thanks, that'll be helpful 16:38 jjohansen: you're up 16:39 I am at Linux plumbers and the linux security conference this week, today I am prepping for presentations and discussions around apparmor, LSM stacking, and LSM namespacing 16:40 that is it for me I haven't seen sarnold so back to you tyhicks 16:40 if you want any reviewers, please let us know, jjohansen 16:40 ratliff: ah, thanks that would be good 16:42 chrisccoulson: are you back around? 16:42 tyhicks: i'm finally in :) 16:42 sarnold: hey - go ahead 16:42 I'm on bug triage this week 16:43 i'm helping jj with apparmor patch reviews as he generates them 16:43 working on nghttp2 mir ATM and moving on to the python elftools one once that's finished 16:44 that'll probably account for the week, so token back to chrisccoulson or ratliff? 16:44 I'll give chrisccoulson a minute to pipe up, then I'll go 16:45 he had to step away for an errand and was iffy on returning in time 16:45 you can go ahead 16:45 I'm on community this week. 16:45 I have a number of organizational and technical documentation tasks to do. 16:46 I also need to start doing sprint prep for the two upcoming sprints. 16:46 leosilva: on to you 16:46 I'm in CVE triage this week. 16:47 Soon I finish it for today I'm planning to get gdk-pixbuf and retest the issues to see if it can or not patched 16:47 also planning to hunting more pkgs to update. 16:47 that is for me. 16:47 tyhicks: it's back to you 16:48 thanks 16:48 [TOPIC] Highlighted packages 16:48 The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 16:48 See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 16:48 http://people.canonical.com/~ubuntu-security/cve/pkg/python-jwcrypto.html 16:48 http://people.canonical.com/~ubuntu-security/cve/pkg/libid3tag.html 16:48 [TOPIC] Miscellaneous and Questions 16:48 http://people.canonical.com/~ubuntu-security/cve/pkg/atheme-services.html 16:48 http://people.canonical.com/~ubuntu-security/cve/pkg/golang-github-appc-docker2aci.html 16:48 http://people.canonical.com/~ubuntu-security/cve/pkg/mxml.html 16:48 Does anyone have any other questions or items to discuss? 16:49 I'll give a quick summary of Chris' plans for the week and then we'll end the meeting: 16:49 * finish updating rustc to 1.19 16:49 * start on updating rustc to 1.20 16:49 * thunderbird update 16:49 * sponsor chromium-browser update 16:49 * fix bugs for Firefox 56 16:49 * menubar 16:50 * FTBFS on Trusty 16:50 * armhf issue 16:50 jdstrand, mdeslaur, sbeattie, jjohansen, sarnold, ratliff, leosilva: Thanks! 16:50 thank you, tyhicks! 16:50 #endmeeting Generated by MeetBot 0.1.5 (http://wiki.ubuntu.com/meetingology)