16:31 <tyhicks> #startmeeting 16:31 <meetingology> Meeting started Mon Mar 6 16:31:39 2017 UTC. The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:31 <meetingology> 16:31 <meetingology> Available commands: action commands idea info link nick 16:31 <tyhicks> The meeting agenda can be found at: 16:31 <tyhicks> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:31 <tyhicks> [TOPIC] Announcements 16:31 <tyhicks> Jeremy Bicha (jbicha) provided debdiffs for xenial-yakkety for iio-sensor-proxy (LP: #1666358) 16:32 <ubottu> Launchpad bug 1666358 in iio-sensor-proxy (Ubuntu Yakkety) "iio-sensor-proxy: Insecure configuration of dbus service" [High,Fix released] https://launchpad.net/bugs/1666358 16:32 <tyhicks> Vishnu Naini (visred) provided debdiffs for xenial-yakkety for kde4libs and kio (LP: #1668871) 16:32 <ubottu> Launchpad bug 1668871 in kde4libs (Ubuntu Trusty) "kio: Information Leak when accessing https when using a malicious PAC file" [Undecided,New] https://launchpad.net/bugs/1668871 16:32 <tyhicks> Thank you for your assistance in keeping Ubuntu users secure! :) 16:32 <tyhicks> [TOPIC] Weekly stand-up report 16:32 <tyhicks> jdstrand: you're up 16:35 * mdeslaur poked jdstrand with sharp stick 16:35 <mdeslaur> meh, I'll go 16:35 <mdeslaur> I'm in the happy place this week 16:35 <tyhicks> thanks 16:35 <mdeslaur> I'm currently working on an embargoed issue 16:36 <mdeslaur> and I have imagemagick updates to test and release 16:36 <mdeslaur> if I have time left over, I need to do the gigantic apache2 backport 16:36 <mdeslaur> that's about it 16:36 <mdeslaur> sbeattie: tag 16:36 <sbeattie> I'm on community this week 16:37 <sbeattie> I have one embargoed issue partially on my plate and may have a second, pending discussion 16:37 <jdstrand> sorry, hard crash due to intel driver issue 16:37 <tyhicks> jdstrand: bummer - you can go next after Steve 16:37 <sbeattie> I'm also working on glibc updates 16:38 <sbeattie> after that I'll look at the list of updates needed 16:38 <sbeattie> that's pretty much it for me. jdstrand? 16:38 <jdstrand> short week (off thursday, back friday, off next week) 16:38 <jdstrand> last week I did a bunch of reviews, did some simple policy updates and continued on netlink mediation as part of seccomp arg filtering (phase 1 PR is up for review). Note that all seccomp arg filtering branches are blocked on a PR for something called snap-confine reexec. I'm just allowing them to queue up and following up with the snappy team on that PR 16:38 <jdstrand> This week I plan to: 16:38 <jdstrand> review tools updates for recent issues 16:38 <jdstrand> PR and store reviews 16:38 <jdstrand> more policy updates, especially surrounding mir on dragonboard (some issues were reported on this that I need to look into) 16:38 <jdstrand> continue with seccomp arg filtering (eg, continue 'users and groups' PR and phase 2 netlink mediation) as have time 16:38 <jdstrand> that's it for me 16:40 <tyhicks> I'm on bug triage this week 16:41 <tyhicks> Jamie and I (mostly Jamie) came up with a good design for a technical blocker of the seccomp patches 16:41 <tyhicks> I need to propose that to upstream and start working on a new patch to implement the feature 16:41 <tyhicks> I still have a design review to do 16:41 <tyhicks> and I have 1-2 embargoed issues 16:41 <tyhicks> that's it for me 16:41 <tyhicks> jjohansen: you're up 16:43 <tyhicks> he may not be around 16:43 <tyhicks> sarnold: go ahead 16:43 <sarnold> I'm on cve triage this week 16:43 <sarnold> I'd very much like to finish up the shadow usn and lasso mir 16:44 <sarnold> and probably some patch reviwes 16:44 <sarnold> that's it for me, chrisccoulson? 16:44 <chrisccoulson> I've got a firefox update to do this week 16:45 <chrisccoulson> I also need to get thunderbird ready 16:45 <chrisccoulson> I made a start revewing one of the big oxide merge proposals last week, and I need to finish that 16:46 <chrisccoulson> Also, I need to get cargo bootstrapped everywhere, but that's slightly more difficult than I anticipated 16:46 <chrisccoulson> other than that, I'll be working on oxide stuff as usual 16:46 <chrisccoulson> that's me done 16:47 <ratliff> I'm in the happy place this week 16:47 <ratliff> I'll be looking at the notification task some more 16:47 <ratliff> I have a variety of internal tasks (sizings, etc) to do 16:48 <ratliff> If I have additional time, I'll continue working on updates for vivid based core and touch 16:48 <ratliff> back to you tyhicks 16:48 <tyhicks> thanks! 16:48 <tyhicks> [TOPIC] Highlighted packages 16:48 <tyhicks> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 16:48 <tyhicks> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 16:48 <tyhicks> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 16:49 <tyhicks> oops 16:49 <tyhicks> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 16:49 <tyhicks> wut 16:49 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/midgard2-core.html 16:49 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/libquicktime.html 16:49 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/steam.html 16:49 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/gpw.html 16:49 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/revelation.html 16:49 <tyhicks> [TOPIC] Miscellaneous and Questions 16:49 <tyhicks> Does anyone have any other questions or items to discuss? 16:51 <tyhicks> jdstrand, mdeslaur, sbeattie, jjohansen, sarnold, ChrisCoulson, ratliff: Thanks! 16:51 <tyhicks> #endmeeting