#ubuntu-meeting log

16:30 <tyhicks> #startmeeting
16:30 <meetingology> Meeting started Mon Mar 27 16:30:26 2017 UTC.  The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
16:30 <meetingology> 
16:30 <meetingology> Available commands: action commands idea info link nick
16:30 <tyhicks> The meeting agenda can be found at:
16:30 <tyhicks> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
16:30 <tyhicks> [TOPIC] Announcements
16:30 <tyhicks> Jeremy Bicha (jbicha) provided debdiffs for trusty-yakkety for audiofile (LP: #1674005)
16:30 <ubottu> Launchpad bug 1674005 in audiofile (Ubuntu Yakkety) "audiofile: Multiple security issues from March 2017" [Medium,Fix released] https://launchpad.net/bugs/1674005
16:30 <tyhicks> James Cowgill (jcowgill) provided debdiffs for xenial and yakkety for mbedtls (LP: #1672686)
16:30 <ubottu> Launchpad bug 1672686 in polarssl (Debian) "CVE-2017-2784 - Freeing of memory allocated on stack when validating a public key with a secp224k1 curve" [Unknown,Confirmed] https://launchpad.net/bugs/1672686
16:31 <tyhicks> Thank you for your assistance in keeping Ubuntu users secure! :)
16:31 <tyhicks> [TOPIC] Weekly stand-up report
16:31 <tyhicks> jdstrand: you're up
16:31 <jdstrand> last week was dominated by store reviews, looking into a snappy regression and working through various snap declarations that exposed various interesting corner cases. I also helped triage several partner and Personal issues. I did get to a few snappy reviews, but more remain
16:31 <jdstrand> This is a short week (off Friday) and this week I plan to:
16:31 <jdstrand> - store reviews
16:31 <jdstrand> - continue reviewing snappy PRs. I suspect this to take most of/if not all of my time
16:31 <jdstrand> - if have time, move to k8s interface and picking up remaining bits of seccomp arg filtering
16:31 <jdstrand> that's it for me. mdeslaur, you're up
16:32 <mdeslaur> I'm on bug triage this week
16:32 <mdeslaur> and I have some gstreamer updates I'm about to release
16:32 <mdeslaur> I'm also waiting for samba upstream to take a look at the regression in the current security updates
16:32 <mdeslaur> and I'll pick something up from the list
16:32 <mdeslaur> that's it for me, sbeattie?
16:33 <mdeslaur> err, he's out I think
16:33 <sarnold> sbeattie's out this week except for wed
16:33 <mdeslaur> who's next
16:33 <tyhicks> I'm up
16:33 <tyhicks> I'm in the happy place though I think I'll need to pick up cve triage this week
16:34 <tyhicks> I'm testing an embargoed update right now
16:34 <tyhicks> I'm helping out with another
16:34 <tyhicks> I'll publish apparmor updates once I get the green light
16:34 <tyhicks> and I'm still trying to return to my seccomp work
16:35 <tyhicks> oh, I also need to finish configuring the build infrastructure for 12.04 ESM
16:35 <tyhicks> sarnold: you're up
16:36 <sarnold> I'm in happy place this week, I could also pick up some cve triage; also going to do the shadow update. at this point it's been ignored enough that half of it will be re-discovering what 's done and what sitll remains to be done :/
16:36 <sarnold> then back to mirs
16:37 <sarnold> that's it for me, is it chrisccoulson? or back to tyhicks?
16:37 <tyhicks> Chris is out
16:37 <tyhicks> on to ratliff
16:38 <ratliff> I'm on community this week. I was planning on backfilling some of the CVE triage as well. We can draw straws for days
16:38 <ratliff> I also have a review to request of sarnold
16:39 <ratliff> Some internal items to complete
16:39 <ratliff> and then back to updates for vivid-based core & touch
16:39 <ratliff> back to you tyhicks
16:40 <tyhicks> thanks
16:40 <tyhicks> [TOPIC] Highlighted packages
16:40 <tyhicks> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
16:40 <tyhicks> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
16:40 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/djbdns.html
16:40 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/git-annex.html
16:40 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/flightgear.html
16:40 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/t-coffee.html
16:40 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/ntop.html
16:40 <sarnold> djbdns ^^^ I never thought I'd see the day..
16:40 <mdeslaur> hehe
16:40 <tyhicks> I knew you wouldn't be able to resist :)
16:41 <tyhicks> [TOPIC] Miscellaneous and Questions
16:41 <tyhicks> Does anyone have any other questions or items to discuss?
16:41 <sarnold> 2008 and 2012. apparently I'm five years behind on my news.
16:43 <tyhicks> jdstrand, mdeslaur, sarnold, ratliff: Thanks!
16:43 <tyhicks> #endmeeting