16:31 <tyhicks> #startmeeting 16:31 <meetingology> Meeting started Mon Jun 20 16:31:48 2016 UTC. The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:31 <meetingology> 16:31 <meetingology> Available commands: action commands idea info link nick 16:31 <mdeslaur> \o 16:31 <jjohansen> o/ 16:32 <tyhicks> The meeting agenda can be found at: 16:32 <tyhicks> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:32 <tyhicks> [TOPIC] Announcements 16:32 <tyhicks> Stefan Bader (smb) provided debdiffs for precise-xenial for xen 16:32 <tyhicks> Otto Kekäläinen (otto) provided debdiffs for wily-xenial for mariadb-10.0 (LP: #1589302) 16:32 <ubottu> Launchpad bug 1589302 in mariadb-10.0 (Ubuntu Yakkety) "USN-2953-1: MySQL vulnerabilities partially applies to MariaDB too" [Medium,Fix released] https://launchpad.net/bugs/1589302 16:32 <tyhicks> Thank you for your assistance in keeping Ubuntu users secure! :) 16:32 <tyhicks> [TOPIC] Weekly stand-up report 16:32 <tyhicks> mdeslaur: you're up 16:32 <mdeslaur> I'm in the happy place this week, and I'm off wed-fri 16:32 <mdeslaur> I'm currently about to publish a bunch of updates 16:32 <mdeslaur> and I have a few more to test and publish tomorrow 16:33 <mdeslaur> I want to update the uefi secure boot testing instructions if I have time 16:33 <mdeslaur> that's about it from me, sbeattie? 16:34 <sbeattie> I'm on community this week 16:34 <sbeattie> I need to finish up a couple of todos from the sprint last 16:35 <sbeattie> I'll pick up an update or to this week 16:35 <sbeattie> I'm also looking for pie-related build failures in the background. 16:35 <sbeattie> I may also take friday off. 16:36 <sbeattie> that's probably it for me. tyhicks? 16:36 <tyhicks> I'm on bug triage this week and I'll be covering CVE triage today and tomorrow 16:36 <tyhicks> I have quite a few sprint followups/todos 16:37 <tyhicks> I have lingering email catchup to do from the last two weeks (vacation and then sprinting kept me from some things) 16:37 <tyhicks> I need to remind myself where I was at with the yakkety apparmor upload, complete that, and then move on to the xenial SRU 16:38 <tyhicks> I have some snap-confine PR reviews to do (seccomp arg filtering and some others that landed without security team review) 16:38 <tyhicks> then I'd like to move on to seccomp complain mode for snappy's devmode 16:38 <tyhicks> that's it for me 16:38 <tyhicks> jjohansen: you're up 16:39 <jjohansen> I'm working on making sure apparmor stacking is ready to be opened up to user name spaces 16:40 <jjohansen> I have a few TODOs to finish up from last weeks sprint, and I have a neglected upstream kernel pull-request to finish getting together and push out 16:41 <jjohansen> I also have the 4.7 apparmor rebase to finish with and push to the kt 16:41 <jjohansen> and I will be taking thurs and friday off 16:42 <jjohansen> oh and I suppose if I can squeeze it in I will push up the current set of apparmor 3.5 fixes to the kt for xenial 16:42 <jjohansen> thats it for /me tyhicks back to you 16:42 <tyhicks> sounds like you'll have a more than full week for only 3 days 16:43 <tyhicks> there's probably no need to work on the 3.5 fix pull request this week 16:43 <tyhicks> chrisccoulson: you're up 16:43 <jjohansen> heh, yeah, like I said if I can squeeze it in :) 16:43 <chrisccoulson> I've got one follow-up todo from last week (creating instructions for doing flash updates). 16:44 <chrisccoulson> I don't have any other updates planned this week 16:45 <chrisccoulson> Other than that, I'll hopefully be able to test the browser on arm64. So I'll be spending time this week fixing any issues that result from that 16:45 <chrisccoulson> I think that's me done 16:46 <tyhicks> sounds like a nice week 16:46 <tyhicks> ratliff: your turn 16:46 <ratliff> I am working on todos from the sprint and misc. management tasks 16:47 <ratliff> I want to finish the transition tasks from jdstrand and start playing with the uct tools 16:47 <ratliff> I will be off on Friday (travelling) 16:47 <ratliff> back to you tyhicks 16:48 <tyhicks> thanks! 16:48 <tyhicks> [TOPIC] Highlighted packages 16:48 <tyhicks> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 16:48 <tyhicks> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 16:48 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/pngcrush.html 16:48 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/inn.html 16:48 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/minissdpd.html 16:48 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/gitlab.html 16:48 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/tardiff.html 16:48 <tyhicks> [TOPIC] Miscellaneous and Questions 16:48 <tyhicks> Does anyone have any other questions or items to discuss? 16:49 <sbeattie> tyhicks: I have one more item on my plate this week, I may need to spend some time looking at why aslr tests are failing on ppc64el and s390: https://launchpad.net/bugs/1594347 16:49 <ubottu> Launchpad bug 1594347 in QA Regression Testing "kernel-security aslr tests failing on ppc64el and zseries" [Undecided,New] 16:49 <chrisccoulson> oh, the "no updates planned" from me isn't true - I've got an oxide update to do 16:50 <tyhicks> sbeattie: huh... let me know if you aren't able to get to it before taking friday (if you take off friday) 16:51 <tyhicks> s/before taking friday/before friday/ 16:51 <tyhicks> chrisccoulson: ack 16:51 <tyhicks> mdeslaur, sbeattie, jjohansen, ChrisCoulson, ratliff: Thanks! 16:51 <tyhicks> #endmeeting