16:30 <tyhicks> #startmeeting 16:30 <meetingology> Meeting started Mon Mar 27 16:30:26 2017 UTC. The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:30 <meetingology> 16:30 <meetingology> Available commands: action commands idea info link nick 16:30 <tyhicks> The meeting agenda can be found at: 16:30 <tyhicks> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:30 <tyhicks> [TOPIC] Announcements 16:30 <tyhicks> Jeremy Bicha (jbicha) provided debdiffs for trusty-yakkety for audiofile (LP: #1674005) 16:30 <ubottu> Launchpad bug 1674005 in audiofile (Ubuntu Yakkety) "audiofile: Multiple security issues from March 2017" [Medium,Fix released] https://launchpad.net/bugs/1674005 16:30 <tyhicks> James Cowgill (jcowgill) provided debdiffs for xenial and yakkety for mbedtls (LP: #1672686) 16:30 <ubottu> Launchpad bug 1672686 in polarssl (Debian) "CVE-2017-2784 - Freeing of memory allocated on stack when validating a public key with a secp224k1 curve" [Unknown,Confirmed] https://launchpad.net/bugs/1672686 16:31 <tyhicks> Thank you for your assistance in keeping Ubuntu users secure! :) 16:31 <tyhicks> [TOPIC] Weekly stand-up report 16:31 <tyhicks> jdstrand: you're up 16:31 <jdstrand> last week was dominated by store reviews, looking into a snappy regression and working through various snap declarations that exposed various interesting corner cases. I also helped triage several partner and Personal issues. I did get to a few snappy reviews, but more remain 16:31 <jdstrand> This is a short week (off Friday) and this week I plan to: 16:31 <jdstrand> - store reviews 16:31 <jdstrand> - continue reviewing snappy PRs. I suspect this to take most of/if not all of my time 16:31 <jdstrand> - if have time, move to k8s interface and picking up remaining bits of seccomp arg filtering 16:31 <jdstrand> that's it for me. mdeslaur, you're up 16:32 <mdeslaur> I'm on bug triage this week 16:32 <mdeslaur> and I have some gstreamer updates I'm about to release 16:32 <mdeslaur> I'm also waiting for samba upstream to take a look at the regression in the current security updates 16:32 <mdeslaur> and I'll pick something up from the list 16:32 <mdeslaur> that's it for me, sbeattie? 16:33 <mdeslaur> err, he's out I think 16:33 <sarnold> sbeattie's out this week except for wed 16:33 <mdeslaur> who's next 16:33 <tyhicks> I'm up 16:33 <tyhicks> I'm in the happy place though I think I'll need to pick up cve triage this week 16:34 <tyhicks> I'm testing an embargoed update right now 16:34 <tyhicks> I'm helping out with another 16:34 <tyhicks> I'll publish apparmor updates once I get the green light 16:34 <tyhicks> and I'm still trying to return to my seccomp work 16:35 <tyhicks> oh, I also need to finish configuring the build infrastructure for 12.04 ESM 16:35 <tyhicks> sarnold: you're up 16:36 <sarnold> I'm in happy place this week, I could also pick up some cve triage; also going to do the shadow update. at this point it's been ignored enough that half of it will be re-discovering what 's done and what sitll remains to be done :/ 16:36 <sarnold> then back to mirs 16:37 <sarnold> that's it for me, is it chrisccoulson? or back to tyhicks? 16:37 <tyhicks> Chris is out 16:37 <tyhicks> on to ratliff 16:38 <ratliff> I'm on community this week. I was planning on backfilling some of the CVE triage as well. We can draw straws for days 16:38 <ratliff> I also have a review to request of sarnold 16:39 <ratliff> Some internal items to complete 16:39 <ratliff> and then back to updates for vivid-based core & touch 16:39 <ratliff> back to you tyhicks 16:40 <tyhicks> thanks 16:40 <tyhicks> [TOPIC] Highlighted packages 16:40 <tyhicks> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 16:40 <tyhicks> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 16:40 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/djbdns.html 16:40 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/git-annex.html 16:40 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/flightgear.html 16:40 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/t-coffee.html 16:40 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/ntop.html 16:40 <sarnold> djbdns ^^^ I never thought I'd see the day.. 16:40 <mdeslaur> hehe 16:40 <tyhicks> I knew you wouldn't be able to resist :) 16:41 <tyhicks> [TOPIC] Miscellaneous and Questions 16:41 <tyhicks> Does anyone have any other questions or items to discuss? 16:41 <sarnold> 2008 and 2012. apparently I'm five years behind on my news. 16:43 <tyhicks> jdstrand, mdeslaur, sarnold, ratliff: Thanks! 16:43 <tyhicks> #endmeeting