16:29 <tyhicks> #startmeeting 16:29 <meetingology> Meeting started Mon Apr 3 16:29:57 2017 UTC. The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:29 <meetingology> 16:29 <meetingology> Available commands: action commands idea info link nick 16:30 <tyhicks> The meeting agenda can be found at: 16:30 <tyhicks> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:30 <tyhicks> [TOPIC] Announcements 16:30 <tyhicks> Jeremy Bicha (jbicha) provided debdiffs for xenial and yakkety for epiphany-browser (LP: #1661805) 16:30 <mdeslaur> \o 16:30 <ubottu> Launchpad bug 1661805 in epiphany-browser (Ubuntu Yakkety) "Saved passwords for HTTPS sites can be accessed by HTTP sites" [High,Fix released] https://launchpad.net/bugs/1661805 16:30 <tyhicks> Vishnu Naini (visred) provided the debdiff for xenial for ktnef (LP: #1668552) 16:30 <ubottu> Launchpad bug 1668552 in kdepim (Ubuntu Trusty) "KDE Project Security Advisory: ktnef: Directory Traversal" [Undecided,Incomplete] https://launchpad.net/bugs/1668552 16:30 <tyhicks> Thank you for your assistance in keeping Ubuntu users secure! :) 16:30 <tyhicks> [TOPIC] Weekly stand-up report 16:30 <tyhicks> jdstrand: you're up 16:31 <jdstrand> hey 16:31 <jdstrand> - short week for me 16:31 <jdstrand> - I went through all the store reviews (which lead to unplanned store work) and almost all of the snappy PR reviews last week 16:31 <jdstrand> - this week I need to followup on those and get to the console interface PR, which will require quite a bit of investigation 16:31 <jdstrand> - kubernetes interface is blocked until I get a response from the reporter, so I plan to respond to feedback to my recent unity7 update PR and have one other profiling fix 16:31 <jdstrand> mdeslaur: you're up 16:31 <mdeslaur> I'm on community this week 16:31 <mdeslaur> I'm about to release some nagios3 packages 16:31 <mdeslaur> and I have an embargoed issue 16:31 <mdeslaur> after that, I'll be working on the next round of qemu updates 16:31 <mdeslaur> that's it, sbeattie? 16:32 <sbeattie> I'm on bug triage this week 16:32 <sbeattie> I have an embargoed issue 16:32 <sbeattie> I was off most of last week, so catching up on email/discussions etc. 16:33 <sbeattie> I'll try to pick up another update this week 16:33 <sbeattie> There's also some apparmor and qa-r-t issues I need to poke at. 16:33 <sbeattie> That's probably it for me. tyhicks? 16:34 <tyhicks> sbeattie: are those apparmor/QRT issues new failures? 16:35 <sbeattie> the QRT stuff is semi-new, I'd been letting them slide for a bit. 16:35 <sbeattie> apparmor stuff is commenting on some of the mailing list stuff 16:35 <tyhicks> sbeattie: if it is a new failure (new as of last week) in a test that sets the profile disable symlink, talk to me because I broke that test and forgot to push the fix for a few days 16:35 <tyhicks> ok 16:36 <tyhicks> I'm on cve triage this week 16:36 <tyhicks> I have an embargoed issue 16:36 <tyhicks> I am prepping for 12.04 ESM 16:37 <tyhicks> hope to have seccomp patches to send back upstream this week 16:37 <tyhicks> someone has been extremely active in upstream ecryptfs bug triage and has even prepared a few merge requests - I really need to spend some time on that this week as well 16:38 <tyhicks> that's it for me 16:38 <tyhicks> jjohansen: you're up 16:38 <jjohansen> I have some catching up to do from being off last week 16:39 <jjohansen> and then I need to finish up with the mess from the apparmor patch reverts. The kt has pulled most of the patches back in for the next SRU cycle but I have 5 patches to go through 16:40 <jjohansen> valid, or fix and in the case of one make sure the snappy collision has worked its way out before I resubmit it 16:41 <jjohansen> I need to take stock of the dconf/gsettings patches 16:41 <jjohansen> which I managed to completely avoid last week 16:41 <jjohansen> I have upstreaming work todo 16:41 <tyhicks> trying to slip in another upstream pull request for 4.12 is a higher prio than dconf/gsettings since it is slipping to z+1 16:42 <jjohansen> ack 16:43 <jjohansen> and discuss with tyhicks potential solutions to the dominance x rule issue we have in zesty 16:43 <jjohansen> that is it for me, sarnold you are up 16:43 <sarnold> i'm in the happy place this week 16:44 <sarnold> finishing the shadow update and the lasso mir 16:44 <sarnold> istr an outstanding patch or two from apparmor left over from last week that I may get to unless someone beats me 16:44 <sarnold> then walking down the mir list 16:44 <sarnold> that's it for me, no chris coulson on tab complete? 16:45 <ratliff> he's on holiday 16:45 <sarnold> so perhaps on to ratliff? 16:45 <sarnold> good for him :) 16:45 <ratliff> I'm in the happy place this week. 16:45 <ratliff> I have a number of internal tasks to complete as my first priority. 16:45 <ratliff> Then I will investigate adding an option to query by CRD date to ubuntu-table. 16:46 <ratliff> I should have time to do at least one update for vivid based touch/core - that is my goal. 16:46 <ratliff> back to you, tyhicks 16:46 <tyhicks> thanks 16:46 <tyhicks> [TOPIC] Highlighted packages 16:47 <tyhicks> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 16:47 <tyhicks> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 16:47 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/linkchecker.html 16:47 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/pywbem.html 16:47 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/inspircd.html 16:47 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/t-coffee.html 16:47 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/runc.html 16:47 <tyhicks> [TOPIC] Miscellaneous and Questions 16:47 <tyhicks> Does anyone have any other questions or items to discuss? 16:50 <tyhicks> hmm... I think those runc CVEs are possibly already fixed 16:50 <tyhicks> I'll check later 16:50 <tyhicks> jdstrand, mdeslaur, sbeattie, jjohansen, sarnold, ratliff: Thanks! 16:50 <tyhicks> #endmeeting