16:31 #startmeeting 16:31 Meeting started Mon Jun 6 16:31:44 2016 UTC. The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:31 16:31 Available commands: action commands idea info link nick 16:31 The meeting agenda can be found at: 16:31 [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:32 I've got an announcement but will wait til the end 16:33 [TOPIC] Weekly stand-up report 16:33 I'll go first 16:33 I've got a number of snappy PRs to followup on (gsettings, input methods, etc) 16:34 I also have a couple snapd interface reviews (modem-manager and ppp, but expect more) 16:34 I have some more to look at with seccomp arg filtering 16:34 I also have various snapd interface policy updates and investigations 16:34 I also have some review tools updates for snap.yaml changes and a few small bug fixes 16:35 if I have time, I'll get started on the docker snappy interface 16:35 I think that's it from me 16:35 mdeslaur: you're up 16:35 I'm on triage and community duties this week 16:35 I'm about to publish a libxml2 update in a few minutes 16:35 and I'm off wednesday afternoon 16:35 I'll be going down the cve list, as usual after that 16:36 that's it for me, sbeattie? 16:36 I've got a short week this week, will be off starting wednesday. 16:36 I'm on bug triage while I'm here. 16:36 I'm also prepping for the sprint next week 16:37 I need to spend some time poking at the kernel cve->lp bugs sync script 16:38 I'm continuing to look for build failures in yakkety due to gcc pie 16:38 and I'll take a peek at the cve list to see if there's something I can pick up there. 16:38 that's probably it for me. 16:38 oh right, tyhicks is not here... is jjohansen back yet? 16:39 Or maybe we should jump to sarnold. 16:39 I think I'm in the happy place this week 16:39 it's a very short week for me, monday and tuesday only 16:40 I'll be working on some sprint prep and backporting imagemagick patches 16:40 that's it for me, chrisccoulson? 16:41 I've got Firefox updates this week, and I'm hoping Chromium will be ready to sponsor. I've just finished Oxide 16:42 Other than that, I'll be working through oxide bugs as usual 16:42 I think that's me done 16:44 chrisccoulson: 'just finished oxide'-- you mean for USN? 16:44 jdstrand, yeah 16:44 thanks 16:44 [TOPIC] Announcements 16:45 I'd like to announce a couple of changes to the structure of the security team. 16:45 After almost 5.5 years as the manager of the security team, I decided it was time for a change. The security team is too awesome to leave so I'm not going far: I will stay on the security team as a generalist focusing on snappy initially and getting back to generalist duties in due course. :) 16:45 The other change is that I'd like to extend a warm welcome to Emily Ratliff (ratliff) for joining the Ubuntu Security team as manager and I'll be working with her to ensure a smooth transition. If you don't know Emily already, google her ;) She is very talented and accomplished and we are super-excited to have her join Canonical and the Ubuntu Security team. :) 16:46 ratliff: hi! not sure if you have anything to report for this week, but welcome! :) 16:46 woot! welcome ratliff! 16:46 Thank you, jdstrand! I am very excited to be here and looking forward to the sprint next week. 16:46 welcome aboard ratliff :) 16:47 ratliff: welcome! 16:47 As my first accomplishment, I have broken SSO. Once IS and I work things out, I will be easier to find, meanwhile I'm here on freenode 16:47 hehe 16:47 excellent :) 16:47 :-) 16:47 [TOPIC] Highlighted packages 16:47 The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 16:47 See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 16:47 http://people.canonical.com/~ubuntu-security/cve/pkg/batmand.html 16:48 http://people.canonical.com/~ubuntu-security/cve/pkg/node-semver.html 16:48 http://people.canonical.com/~ubuntu-security/cve/pkg/pinpoint.html 16:48 http://people.canonical.com/~ubuntu-security/cve/pkg/mod-gnutls.html 16:48 http://people.canonical.com/~ubuntu-security/cve/pkg/gnugk.html 16:48 [TOPIC] Miscellaneous and Questions 16:48 Does anyone have any other questions or items to discuss? 16:49 Just want to thank mdeslaur for ACKing the nginx debdiffs, helping get the nginx vulnerability patched rapidly :) 16:49 oh 16:50 :) 16:50 teward: I forgot to put that in the announcement 16:50 and to thank the Security Team for a continued job well done :) 16:50 Thomas Ward (teward) provided debdiffs for trusty-xenial for nginx (LP: #1587577) 16:50 Launchpad bug 1587577 in nginx (Ubuntu Yakkety) "[CVE-2016-4450] NULL pointer dereference while writing client request body" [Undecided,Fix released] https://launchpad.net/bugs/1587577 16:50 jdstrand: not a problem :) 16:50 :) 16:50 teward: thanks for the debdiffs! 16:51 teward: thank you for the debdiffs and continuing to care for nginx :) 16:51 my pleasure :) 16:53 mdeslaur, sbeattie, sarnold, chrisccoulson, ratliff, teward: thanks! 16:53 #endmeeting