16:37 <tyhicks> #startmeeting 16:37 <meetingology> Meeting started Mon Dec 12 16:37:43 2016 UTC. The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:37 <meetingology> 16:37 <meetingology> Available commands: action commands idea info link nick 16:37 <tyhicks> The meeting agenda can be found at: 16:37 <tyhicks> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:37 <tyhicks> [TOPIC] Announcements 16:37 <tyhicks> Brian Morton provided debdiffs for precise-trusty for proftpd-dfsg (LP: #1462311) 16:37 <ubottu> Launchpad bug 1462311 in Proftpd Dfsg "proftpd mod_copy issue (CVE-2015-3306)" [Critical,Fix released] https://launchpad.net/bugs/1462311 16:37 <tyhicks> Otto Kekäläinen (otto) provided debdiffs for yakkety-xenial for mariadb-10.0 (LP: #1638125) 16:37 <ubottu> Launchpad bug 1638125 in mariadb-10.0 (Ubuntu Zesty) "USN-3109-1: MySQL vulnerabilities partially applies to MariaDB too" [High,Fix committed] https://launchpad.net/bugs/1638125 16:38 <tyhicks> Otto Kekäläinen (otto) provided debdiffs for trusty for mariadb-5.5 (LP: #1638125) 16:38 <tyhicks> Thank you for your assistance in keeping Ubuntu users secure! :) 16:38 <tyhicks> [TOPIC] Weekly stand-up report 16:38 <tyhicks> mdeslaur: go ahead (we'll circle back to Jamie since he's in the middle of another conversation) 16:38 <mdeslaur> I'm on triage 16:39 <mdeslaur> but i'm only here today, I'm off for the holidays starting tomorrow 16:39 <tyhicks> ratliff will take over triage after today 16:39 <tyhicks> cve triage, that is 16:39 <mdeslaur> I'm currently working on embargoed issues 16:39 <mdeslaur> that's it from me 16:39 <tyhicks> sbeattie: you're up 16:39 <sbeattie> I'm in the happy place this week 16:39 <sbeattie> it's a short week for me, I'm off thursday and friday 16:41 <sbeattie> I'll try to pick up an update this week, possibly one or more of the embargoed issue mdeslaur is working on 16:41 <sbeattie> I have some apparmor work to do to get the release out 16:41 <tyhicks> do you plan on getting the release out before you go on vacation? 16:41 <sbeattie> I also have some misc kernel triage/tasks to look after. 16:42 <sbeattie> tyhicks: I'll be back next week (for another short week) 16:42 <tyhicks> oh 16:42 <tyhicks> ok 16:42 <sbeattie> but yes, planning to get the release out before the holidays 16:42 <sbeattie> anyway, that'll likely consume my week. 16:42 <sbeattie> tyhicks: on to you 16:43 <tyhicks> I'm going to be taking over bug triage this week 16:44 <tyhicks> I'm going to be verifying the trusty dbus and apparmor SRUs (LP: #1641243) 16:44 <ubottu> Launchpad bug 1641243 in apparmor (Ubuntu Trusty) "Provide full AppArmor confinement for snaps on 14.04" [High,Fix committed] https://launchpad.net/bugs/1641243 16:44 <tyhicks> I hope to finish up the seccomp logging changes - I think I only need to finish adding tests to libseccomp 16:45 <tyhicks> however, the kernel merge window just opened up so the kernel changes aren't likely to land until the next kernel 16:45 <tyhicks> I am going to publish some embargoed issues that mdeslaur and others are working on 16:45 <tyhicks> I have some sprint prep to do 16:46 <tyhicks> and I still have a number of ecryptfs issues on my plate (haven't been able to work on them at all) 16:46 <tyhicks> that's it for me 16:46 <tyhicks> I don't see jj 16:46 <tyhicks> sarnold_: go ahead 16:46 <sarnold_> I'm on community this week 16:47 <sarnold_> I seem to recall seeing some sponsored updates from last week, and I'm not sure what state my schroots or vms are in, so it' spossible much of this week will be yak shaving to do the updates 16:47 <sarnold_> with what time is left I'll head on to swift-s3-something-mumble MIR 16:48 <tyhicks> I got through all of the sponsorings (d2u and debdiff) last week 16:48 <sarnold_> libav too? 16:48 <sarnold_> or was that ffmpeg? 16:48 <tyhicks> didn't see that one, so I guess I didn't get through them all 16:48 <ratliff> ffmpeg 16:49 <sarnold_> that's me done, jjohansen? 16:49 <jjohansen> yep 16:50 <jjohansen> Its a short week for me again, I friday off 16:50 <jjohansen> I am following up with a couple of bugs that got fixed last week 16:50 <jjohansen> I still need to look into the mount issue, that jdstrand encountered 16:51 <jjohansen> and I need to work on gsettings 16:51 <tyhicks> by following up, you mean SRU verification? 16:52 <jjohansen> tyhicks: well, bugging people to ensure the patches worked for them, and sending them up to the kt 16:52 <tyhicks> jjohansen: ^ 16:52 <tyhicks> ah 16:52 <tyhicks> thanks 16:53 <jjohansen> thats it for /me back to you tyhicks 16:54 <tyhicks> ratliff: you're up 16:54 <ratliff> I'm on bug triage today, CVE triage after today. 16:55 <ratliff> I have some reviews pending to complete and I need to prepare the zesty ghostscript debdiff. 16:55 <ratliff> back to you tyhicks 16:56 <tyhicks> jdstrand: go ahead 16:56 <jdstrand> finialize dbus PR 16:56 <jdstrand> finalize network-namespace-control PR 16:56 <jdstrand> various PR reviews 16:56 <jdstrand> various snappy personal reviews/design discussions 16:56 <jdstrand> start working on seccomp arg filtering 16:56 <jdstrand> last week I actually got to work on a few things, so I think dbus and network-namespace PRs may land soon 16:57 <jdstrand> that's it from me 16:57 <tyhicks> thanks jdstrand 16:58 <tyhicks> [TOPIC] Highlighted packages 16:58 <tyhicks> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 16:58 <tyhicks> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 16:58 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/node-uuid.html 16:58 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/node-qs.html 16:58 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/transifex-client.html 16:58 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/blender.html 16:58 <tyhicks> [TOPIC] Miscellaneous and Questions 16:58 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/pdns.html 16:58 <tyhicks> Does anyone have any other questions or items to discuss? 16:59 <tyhicks> jdstrand, mdeslaur, sbeattie, jjohansen, sarnold, ratliff: Thanks! 16:59 <tyhicks> #endmeeting