16:35 #startmeeting 16:35 Meeting started Mon Jan 25 16:35:25 2016 UTC. The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:35 16:35 Available commands: action commands idea info link nick 16:35 The meeting agenda can be found at: 16:35 [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:35 [TOPIC] Announcements 16:35 Felix Geyer (debfx) provided debdiffs for trusty, wily for prosody (LP: #1532943) 16:35 Launchpad bug 1532943 in prosody (Ubuntu) "CVE-2016-1231 and CVE-2016-1232" [Medium,Fix released] https://launchpad.net/bugs/1532943 16:35 Andreas Cadhalpun (andreas-cadhalpun) provided debdiffs for vivid and wily for ffmpeg (LP: #1533367) 16:35 Launchpad bug 1533367 in ffmpeg (Ubuntu Xenial) "ffmpeg allows Server-Side Request Forgery attack" [Medium,Confirmed] https://launchpad.net/bugs/1533367 16:35 Thank you for your assistance in keeping Ubuntu users secure! :) 16:36 [TOPIC] Weekly stand-up report 16:36 jdstrand: you're up 16:39 mdeslaur: do you want to go ahead and we'll circle back to him? 16:39 sure 16:39 I'm in the happy place this week 16:39 * mdeslaur does the happy place dance 16:39 I'm working on mysql updates at the moment 16:39 lucky you :) 16:39 choreographed and everything, impressive :) 16:39 and I have a couple of embargoed things to look at 16:39 and after that, I have to figure out the zillion autopkgtest regressions from my friday merges 16:39 bleh 16:39 so that'll keep me busy for a couple of weeks 16:40 that's it from me, sbeattie 16:41 I don't think he's in yet 16:41 I'll go ahead 16:41 I'm on bug triage this week 16:42 outside of those duties, I'm going to force myself to ignore everything new except for helping out jjohansen with AppArmor stacking 16:42 that'll include restarting the stacking interface discussion 16:42 and possibly the namespace creation interfaces 16:44 that's all I'm going to put on my plate this week 16:44 jjohansen: are you around yet? 16:44 * jjohansen waits for the emergency to drop 16:44 yep 16:44 I am working on apparmor stacking this week, lots of debugging and messing with namespacing issues 16:44 that is all I am planning on 16:44 sarnold: you here? 16:45 doesn't seem so, tyhicks back to you 16:45 he's here 16:45 I'm on cve triage this week 16:45 I've got a few pennies to throw into the apparmor stacking discussion, maybe a monkey wrench or two too (MONKEYS!) 16:46 whatevers' left will go towards MIRs, I ought to finish up DPDK early this week 16:46 that's it for me, chrisccoulson? 16:46 good to hear 16:46 (re DPDK) 16:46 go ahead, chrisccoulson 16:46 sorry, I missed the ping 16:46 I'll go after chrisccoulson 16:46 I've got a Firefox release this week. I'm also currently testing Chromium and need to get Oxide 1.12 out 16:47 Other than that, I'll be working on some reviews and taking a look at bug 1459830 16:47 bug 1459830 in Oxide "Support drag and drop" [Medium,Triaged] https://launchpad.net/bugs/1459830 16:48 I think that's me done 16:48 I'll go now 16:49 since 15.04 is eol soon, I did a bit of work to track ppa overlay packages and updated processes for that 16:49 since touch will remain on 15.04 for a while and core until 16.04 is released 16:50 it is coming along well. I need to deal with any fallout from that, and also make sure that those overlay ppas are up to date. I think they are, but will verify 16:50 I have a couple of embargoed issues I am working on 16:51 and then will attend to snappy work items-- notably, squashfs in the review tools 16:51 that's it from me 16:53 ok 16:53 I'll catch up with sbeattie later 16:53 [TOPIC] Highlighted packages 16:53 The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 16:53 See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 16:53 http://people.canonical.com/~ubuntu-security/cve/pkg/tntnet.html 16:53 http://people.canonical.com/~ubuntu-security/cve/pkg/grml-debootstrap.html 16:53 http://people.canonical.com/~ubuntu-security/cve/pkg/autojump.html 16:53 [TOPIC] Miscellaneous and Questions 16:53 http://people.canonical.com/~ubuntu-security/cve/pkg/localepurge.html 16:53 http://people.canonical.com/~ubuntu-security/cve/pkg/bozohttpd.html 16:53 Does anyone have any other questions or items to discuss? 16:55 PIC! 16:55 is the test rebuild now reviewed, and when will it be enabled? 16:55 or is it delayed until after the LTS? 16:56 doko: unfortunately, sbeattie isn't here 16:56 doko: he's been chipping away at it but I don't know exactly where he's at 16:56 doko: hopefully it isn't delayed until after the LTS 16:57 doko: I'll follow up with you in an hour or so 16:57 sure, but then we should start using it, announcing it to the community. at least we'll have additional ftfbs 16:58 agreed 16:59 jdstrand, mdeslaur, sbeattie, jjohansen, sarnold, ChrisCoulson: Thanks! 16:59 #endmeeting