#ubuntu-meeting log

16:33 <tyhicks> #startmeeting
16:33 <meetingology> Meeting started Mon May 22 16:33:46 2017 UTC.  The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
16:33 <meetingology> 
16:33 <meetingology> Available commands: action commands idea info link nick
16:33 <tyhicks> The meeting agenda can be found at:
16:33 <tyhicks> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
16:34 <tyhicks> [TOPIC] Sponsored Updates
16:34 <tyhicks> Jose Manuel Santamaria Lema (santa_) provided debdiffs for xenial and yakkety for kauth (LP: #1689759)
16:34 <ubottu> Launchpad bug 1689759 in kde4libs (Ubuntu Artful) "CVE 2017-8422 - kauth: Local privilege escalation" [High,Fix released] https://launchpad.net/bugs/1689759
16:34 <tyhicks> Rik Mills (acheronuk) provided debdiffs for xenial and yakkety for kde4libs (LP: #1689759)
16:34 <tyhicks> v.naini provided debdiffs for zesty for kauth and kde4libs (LP: #1689759)
16:34 <tyhicks> Thank you for your assistance in keeping Ubuntu users secure! :)
16:34 <tyhicks> [TOPIC] Join us!
16:34 <tyhicks> The Ubuntu Security Team has an open position. Learn more and apply at http://bit.ly/SecEngJob
16:35 <tyhicks> [TOPIC] Weekly stand-up report
16:35 <tyhicks> sbeattie: you're up
16:35 <sbeattie> I'm in the happy place this week
16:35 <acheronuk> tyhicks: you're welcome
16:35 * acheronuk shuts up
16:35 <sbeattie> heh
16:35 <tyhicks> hey acheronuk :)
16:36 <sbeattie> I have an embargoed issue that I'm working on
16:36 <sbeattie> I've some kernel cve triage bits and signoffs to do
16:37 <sbeattie> I'll go down the open list to work on another update as well.
16:37 <sbeattie> Oh, kernel team pointed me at some minor qrt failures to address with the 4.11 kernel.
16:37 <sbeattie> (config renames ,etc.)
16:38 <sbeattie> that's probably my week.
16:38 <sbeattie> tyhicks: you're up
16:38 <tyhicks> I'm on community this week
16:38 <tyhicks> I've got a few eCryptfs kernel patches to review
16:39 <tyhicks> I'm trying my best to cover for Jamie on forum.snapcraft.io this week
16:40 <tyhicks> I've got some internal tasks to do today
16:40 <tyhicks> then I'll spend time on seccomp
16:40 <tyhicks> that's it
16:40 <tyhicks> jjohansen: you're up
16:41 <jjohansen> I'll be coordinating with sbeattie on some apparmor regression test failures, bug 1659111 is known and a kernel change, I knew about it before pushing, and told them the fix will follow
16:41 <jjohansen> I have poked a couple people on the securityfs patches so hopefully I will be doing any needed replies/revision for that
16:41 <ubottu> bug 1659111 in linux (Ubuntu Zesty) "UbuntuKVM guest crashed while running I/O stress test with Ubuntu kernel 4.4.0-47-generic" [High,In progress] https://launchpad.net/bugs/1659111
16:43 <jjohansen> and I am working on finishing beating the patch queue for upstream into shape, largely still breaking a few things into smaller logical chunks that make sense and trying not to break bisecting
16:43 <jjohansen> oh and I suppose maybe the fixes for some qrt regressions, maybe
16:45 <tyhicks> jjohansen: was that the wrong bug number? did you mean bug 1692543?
16:45 <ubottu> bug 1692543 in apparmor (Ubuntu) "Regression tests cannot write to apparmor path_max module parameter in artful/4.11" [Undecided,New] https://launchpad.net/bugs/1692543
16:45 <jjohansen> tyhicks: sorry yes 1692543, I grabbed the wrong line from irc :)
16:46 <tyhicks> cool
16:46 <jjohansen> I am going to push some more RFCs up this week, and I expect that to consume the rest of my time
16:47 <jjohansen> so I think that is it for me
16:47 <tyhicks> sarnold: you're up
16:47 <sarnold> i'm on bug triage this week; back to MIRs; AA patch reviews if those will be helpful. and internal tasks
16:47 <sarnold> that's it for me, chrisccoulson is out right?, so, ratliff?
16:48 <ratliff> I'm on CVE triage this week
16:48 <ratliff> I am finalizing an ESM update and will do the same update for Ubuntu Core 15 (rtmpdump)
16:48 <ratliff> Most of the week will be focused on internal tasks.
16:48 <ratliff> that's it for me, back to you tyhicks
16:49 <tyhicks> thanks
16:49 <tyhicks> [TOPIC] Highlighted packages
16:49 <tyhicks> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
16:49 <tyhicks> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
16:49 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/ruby-saml.html
16:49 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/icecast2.html
16:49 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/kinit.html
16:49 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/ruby-rest-client.html
16:49 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/jsoup.html
16:49 <tyhicks> [TOPIC] Miscellaneous and Questions
16:49 <tyhicks> Does anyone have any other questions or items to discuss?
16:51 <tyhicks> sbeattie, jjohansen, sarnold, ratliff: Thanks!
16:51 <tyhicks> #endmeeting