== Meeting information == * #ubuntu-meeting Meeting, 27 Mar at 16:30 — 16:43 UTC * Full logs at [[http://ubottu.com/meetingology/logs/ubuntu-meeting/2017/ubuntu-meeting.2017-03-27-16.30.log.html]] == Meeting summary == ''LINK:'' https://wiki.ubuntu.com/SecurityTeam/Meeting === Announcements === The discussion about "Announcements" started at 16:30. === Weekly stand-up report === The discussion about "Weekly stand-up report" started at 16:31. === Highlighted packages === The discussion about "Highlighted packages" started at 16:40. * ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/djbdns.html * ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/git-annex.html * ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/flightgear.html * ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/t-coffee.html * ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/ntop.html === Miscellaneous and Questions === The discussion about "Miscellaneous and Questions" started at 16:41. == Vote results == == Done items == * (none) == People present (lines said) == * tyhicks (33) * mdeslaur (8) * sarnold (6) * jdstrand (6) * ratliff (5) * meetingology (3) * ubottu (2) == Full Log == 16:30 #startmeeting 16:30 Meeting started Mon Mar 27 16:30:26 2017 UTC. The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:30 16:30 Available commands: action commands idea info link nick 16:30 The meeting agenda can be found at: 16:30 [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:30 [TOPIC] Announcements 16:30 Jeremy Bicha (jbicha) provided debdiffs for trusty-yakkety for audiofile (LP: #1674005) 16:30 Launchpad bug 1674005 in audiofile (Ubuntu Yakkety) "audiofile: Multiple security issues from March 2017" [Medium,Fix released] https://launchpad.net/bugs/1674005 16:30 James Cowgill (jcowgill) provided debdiffs for xenial and yakkety for mbedtls (LP: #1672686) 16:30 Launchpad bug 1672686 in polarssl (Debian) "CVE-2017-2784 - Freeing of memory allocated on stack when validating a public key with a secp224k1 curve" [Unknown,Confirmed] https://launchpad.net/bugs/1672686 16:31 Thank you for your assistance in keeping Ubuntu users secure! :) 16:31 [TOPIC] Weekly stand-up report 16:31 jdstrand: you're up 16:31 last week was dominated by store reviews, looking into a snappy regression and working through various snap declarations that exposed various interesting corner cases. I also helped triage several partner and Personal issues. I did get to a few snappy reviews, but more remain 16:31 This is a short week (off Friday) and this week I plan to: 16:31 - store reviews 16:31 - continue reviewing snappy PRs. I suspect this to take most of/if not all of my time 16:31 - if have time, move to k8s interface and picking up remaining bits of seccomp arg filtering 16:31 that's it for me. mdeslaur, you're up 16:32 I'm on bug triage this week 16:32 and I have some gstreamer updates I'm about to release 16:32 I'm also waiting for samba upstream to take a look at the regression in the current security updates 16:32 and I'll pick something up from the list 16:32 that's it for me, sbeattie? 16:33 err, he's out I think 16:33 sbeattie's out this week except for wed 16:33 who's next 16:33 I'm up 16:33 I'm in the happy place though I think I'll need to pick up cve triage this week 16:34 I'm testing an embargoed update right now 16:34 I'm helping out with another 16:34 I'll publish apparmor updates once I get the green light 16:34 and I'm still trying to return to my seccomp work 16:35 oh, I also need to finish configuring the build infrastructure for 12.04 ESM 16:35 sarnold: you're up 16:36 I'm in happy place this week, I could also pick up some cve triage; also going to do the shadow update. at this point it's been ignored enough that half of it will be re-discovering what 's done and what sitll remains to be done :/ 16:36 then back to mirs 16:37 that's it for me, is it chrisccoulson? or back to tyhicks? 16:37 Chris is out 16:37 on to ratliff 16:38 I'm on community this week. I was planning on backfilling some of the CVE triage as well. We can draw straws for days 16:38 I also have a review to request of sarnold 16:39 Some internal items to complete 16:39 and then back to updates for vivid-based core & touch 16:39 back to you tyhicks 16:40 thanks 16:40 [TOPIC] Highlighted packages 16:40 The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 16:40 See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 16:40 http://people.canonical.com/~ubuntu-security/cve/pkg/djbdns.html 16:40 http://people.canonical.com/~ubuntu-security/cve/pkg/git-annex.html 16:40 http://people.canonical.com/~ubuntu-security/cve/pkg/flightgear.html 16:40 http://people.canonical.com/~ubuntu-security/cve/pkg/t-coffee.html 16:40 http://people.canonical.com/~ubuntu-security/cve/pkg/ntop.html 16:40 djbdns ^^^ I never thought I'd see the day.. 16:40 hehe 16:40 I knew you wouldn't be able to resist :) 16:41 [TOPIC] Miscellaneous and Questions 16:41 Does anyone have any other questions or items to discuss? 16:41 2008 and 2012. apparently I'm five years behind on my news. 16:43 jdstrand, mdeslaur, sarnold, ratliff: Thanks! 16:43 #endmeeting Generated by MeetBot 0.1.5 (http://wiki.ubuntu.com/meetingology)