16:31 <jdstrand> #startmeeting 16:31 <meetingology> Meeting started Mon Jun 6 16:31:44 2016 UTC. The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:31 <meetingology> 16:31 <meetingology> Available commands: action commands idea info link nick 16:31 <jdstrand> The meeting agenda can be found at: 16:31 <jdstrand> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:32 <jdstrand> I've got an announcement but will wait til the end 16:33 <jdstrand> [TOPIC] Weekly stand-up report 16:33 <jdstrand> I'll go first 16:33 <jdstrand> I've got a number of snappy PRs to followup on (gsettings, input methods, etc) 16:34 <jdstrand> I also have a couple snapd interface reviews (modem-manager and ppp, but expect more) 16:34 <jdstrand> I have some more to look at with seccomp arg filtering 16:34 <jdstrand> I also have various snapd interface policy updates and investigations 16:34 <jdstrand> I also have some review tools updates for snap.yaml changes and a few small bug fixes 16:35 <jdstrand> if I have time, I'll get started on the docker snappy interface 16:35 <jdstrand> I think that's it from me 16:35 <jdstrand> mdeslaur: you're up 16:35 <mdeslaur> I'm on triage and community duties this week 16:35 <mdeslaur> I'm about to publish a libxml2 update in a few minutes 16:35 <mdeslaur> and I'm off wednesday afternoon 16:35 <mdeslaur> I'll be going down the cve list, as usual after that 16:36 <mdeslaur> that's it for me, sbeattie? 16:36 <sbeattie> I've got a short week this week, will be off starting wednesday. 16:36 <sbeattie> I'm on bug triage while I'm here. 16:36 <sbeattie> I'm also prepping for the sprint next week 16:37 <sbeattie> I need to spend some time poking at the kernel cve->lp bugs sync script 16:38 <sbeattie> I'm continuing to look for build failures in yakkety due to gcc pie 16:38 <sbeattie> and I'll take a peek at the cve list to see if there's something I can pick up there. 16:38 <sbeattie> that's probably it for me. 16:38 <sbeattie> oh right, tyhicks is not here... is jjohansen back yet? 16:39 <sbeattie> Or maybe we should jump to sarnold. 16:39 <sarnold> I think I'm in the happy place this week 16:39 <sarnold> it's a very short week for me, monday and tuesday only 16:40 <sarnold> I'll be working on some sprint prep and backporting imagemagick patches 16:40 <sarnold> that's it for me, chrisccoulson? 16:41 <chrisccoulson> I've got Firefox updates this week, and I'm hoping Chromium will be ready to sponsor. I've just finished Oxide 16:42 <chrisccoulson> Other than that, I'll be working through oxide bugs as usual 16:42 <chrisccoulson> I think that's me done 16:44 <jdstrand> chrisccoulson: 'just finished oxide'-- you mean for USN? 16:44 <chrisccoulson> jdstrand, yeah 16:44 <jdstrand> thanks 16:44 <jdstrand> [TOPIC] Announcements 16:45 <jdstrand> I'd like to announce a couple of changes to the structure of the security team. 16:45 <jdstrand> After almost 5.5 years as the manager of the security team, I decided it was time for a change. The security team is too awesome to leave so I'm not going far: I will stay on the security team as a generalist focusing on snappy initially and getting back to generalist duties in due course. :) 16:45 <jdstrand> The other change is that I'd like to extend a warm welcome to Emily Ratliff (ratliff) for joining the Ubuntu Security team as manager and I'll be working with her to ensure a smooth transition. If you don't know Emily already, google her ;) She is very talented and accomplished and we are super-excited to have her join Canonical and the Ubuntu Security team. :) 16:46 <jdstrand> ratliff: hi! not sure if you have anything to report for this week, but welcome! :) 16:46 <sbeattie> woot! welcome ratliff! 16:46 <ratliff> Thank you, jdstrand! I am very excited to be here and looking forward to the sprint next week. 16:46 <sarnold> welcome aboard ratliff :) 16:47 <mdeslaur> ratliff: welcome! 16:47 <ratliff> As my first accomplishment, I have broken SSO. Once IS and I work things out, I will be easier to find, meanwhile I'm here on freenode 16:47 <jdstrand> hehe 16:47 <sarnold> excellent :) 16:47 <ratliff> :-) 16:47 <jdstrand> [TOPIC] Highlighted packages 16:47 <jdstrand> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 16:47 <jdstrand> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 16:47 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/batmand.html 16:48 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/node-semver.html 16:48 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/pinpoint.html 16:48 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/mod-gnutls.html 16:48 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/gnugk.html 16:48 <jdstrand> [TOPIC] Miscellaneous and Questions 16:48 <jdstrand> Does anyone have any other questions or items to discuss? 16:49 <teward> Just want to thank mdeslaur for ACKing the nginx debdiffs, helping get the nginx vulnerability patched rapidly :) 16:49 <jdstrand> oh 16:50 <teward> :) 16:50 <jdstrand> teward: I forgot to put that in the announcement 16:50 <teward> and to thank the Security Team for a continued job well done :) 16:50 <jdstrand> Thomas Ward (teward) provided debdiffs for trusty-xenial for nginx (LP: #1587577) 16:50 <ubottu> Launchpad bug 1587577 in nginx (Ubuntu Yakkety) "[CVE-2016-4450] NULL pointer dereference while writing client request body" [Undecided,Fix released] https://launchpad.net/bugs/1587577 16:50 <teward> jdstrand: not a problem :) 16:50 <jdstrand> :) 16:50 <mdeslaur> teward: thanks for the debdiffs! 16:51 <jdstrand> teward: thank you for the debdiffs and continuing to care for nginx :) 16:51 <teward> my pleasure :) 16:53 <jdstrand> mdeslaur, sbeattie, sarnold, chrisccoulson, ratliff, teward: thanks! 16:53 <jdstrand> #endmeeting