16:42 <tyhicks> #startmeeting 16:42 <meetingology> Meeting started Mon Feb 27 16:42:07 2017 UTC. The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:42 <meetingology> 16:42 <meetingology> Available commands: action commands idea info link nick 16:42 <tyhicks> The meeting agenda can be found at: 16:42 <tyhicks> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:42 <tyhicks> [TOPIC] Announcements 16:42 <tyhicks> Andreas Cadhalpun provided debdiffs for xenial and yakkety for ffmpeg (LP: #1664402 #1664403) 16:42 <ubottu> Launchpad bug 1664402 in ffmpeg (Ubuntu) "FFmpeg security fixes February 2017 (yakkety)" [Medium,Fix released] https://launchpad.net/bugs/1664402 16:42 <tyhicks> Paul Gevers (elbrus) provided debdiffs for trusty and xenial for cacti (LP: #1663891) 16:42 <ubottu> Launchpad bug 1663891 in cacti (Ubuntu Trusty) "Security uploads for cacti (trusty and xenial)" [High,Fix released] https://launchpad.net/bugs/1663891 16:42 <tyhicks> Brian Morton (rokclimb15) provided debdiffs for precise-yakkety for libssh2 (LP: #1664812) 16:42 <ubottu> Launchpad bug 1664812 in libssh2 (Ubuntu) "CVE-2016-0787" [Medium,Fix released] https://launchpad.net/bugs/1664812 16:42 <tyhicks> Gianfranco Costamagna (LocutusOfBorg) provided debdiffs for trusty-yakkety for tcpdump (LP: #1662177) 16:42 <ubottu> Launchpad bug 1662177 in tcpdump (Ubuntu) "tcpdump multiple CVEs" [Medium,Fix released] https://launchpad.net/bugs/1662177 16:42 <tyhicks> Thank you for your assistance in keeping Ubuntu users secure! :) 16:42 <tyhicks> [TOPIC] Weekly stand-up report 16:42 <tyhicks> jdstrand: you're up 16:42 <jdstrand> hi! 16:43 <jdstrand> this week I plan to work on: 16:43 <jdstrand> various snappy PR reviews (snap-confine, Personal, et al interfaces) and store reviews 16:43 <jdstrand> review gsettings patches 16:43 <jdstrand> various policy updates for 2.23 16:43 <jdstrand> that's it for me 16:43 <jdstrand> continue seccomp arg filtering policy 16:43 <jdstrand> mdeslaur: you're up 16:44 <mdeslaur> I'm on community this week 16:44 <mdeslaur> and I'm about to release tiff updates 16:44 <mdeslaur> and I'll be going down the list 16:44 <mdeslaur> that's about it, sbeattie, you're up 16:46 <sbeattie> I'm on bug triage this week 16:46 <sbeattie> I also have kernel signoffs to do. 16:46 <sbeattie> after that, I'll also be focusing on updates 16:47 <sbeattie> that's pretty much it for me. tyhicks, you're up 16:47 <tyhicks> I'm on cve triage this week 16:48 <tyhicks> I need to propose a bit of a design change for the seccomp kernel patches and send out revision 5 of the set 16:48 <tyhicks> need to circle back to the apparmor utils patch set to fix something that cboltz requested and then send out revision 2 of the set 16:49 <tyhicks> I have a design review to do 16:49 <tyhicks> and right now I'm fighting with configuration issues on my new laptop so I need to spend a little time smoothing those out 16:49 <tyhicks> that's it for me 16:49 <tyhicks> jjohansen: you're up 16:49 <jjohansen> I need to revise the gsetting patches based on review feedback, and send out the notification patchset so it can be reviewed 16:49 <jjohansen> and I need to get back to upstreaming work, I am hoping to get an RFC out this week so I can do another pull request in a few weeks 16:49 <jjohansen> oh and there some bugs, I need to follow up on. 16:51 <jjohansen> that is it for me, sarnold 16:51 <sarnold> I'm in the happy place this week; I'm going to release the shadow update, finish the lasso mir, AA patch reviews, and then move down the list of MIRs 16:51 <sarnold> that's it for me, chrisccoulson? 16:52 <chrisccoulson> I plan to get our firefox packages building with rust by the end of the week 16:52 <chrisccoulson> I've also got to start preparing the next update, which is next week 16:52 <chrisccoulson> Before I do that, I need to fix our menubar patch which currently makes it crash thanks to a late change in firefox 16:53 <chrisccoulson> I also need to unbreak ubufox (bug 1648649) 16:53 <ubottu> bug 1648649 in ubufox (Ubuntu) "Ubufox is broken in Firefox Nightly, due to using no-longer-supported "for each" syntax. Error console now shows "SyntaxError: missing ( after for UpdateNotifier.js:217:8"" [High,Triaged] https://launchpad.net/bugs/1648649 16:53 <chrisccoulson> Other than that, I've got 2 large code reviews to do for oxide 16:53 <chrisccoulson> I suspect I might not get much else done this week 16:53 <chrisccoulson> that's me done 16:53 <ratliff> I'm in the happy place this week 16:53 <ratliff> I'm still working on vivid updates for Core and Touch 16:54 <ratliff> back to you, tyhicks 16:54 <tyhicks> thanks! 16:54 <tyhicks> [TOPIC] Highlighted packages 16:54 <tyhicks> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 16:54 <tyhicks> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 16:54 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/php-openid.html 16:54 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/sleekxmpp.html 16:54 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/collectd.html 16:54 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/vxl.html 16:54 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/libpdfbox-java.html 16:54 <tyhicks> [TOPIC] Miscellaneous and Questions 16:54 <tyhicks> Does anyone have any other questions or items to discuss? 16:54 <chrisccoulson> oh, I need to sponsor chromium too :) 16:56 <tyhicks> ack 16:56 <tyhicks> jdstrand, mdeslaur, sbeattie, jjohansen, sarnold, ChrisCoulson, ratliff: Thanks! 16:56 <tyhicks> #endmeeting