16:36 <tyhicks> #startmeeting 16:36 <meetingology> Meeting started Mon Jun 12 16:36:38 2017 UTC. The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:36 <meetingology> 16:36 <meetingology> Available commands: action commands idea info link nick 16:36 <tyhicks> The meeting agenda can be found at: 16:36 <tyhicks> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:36 <tyhicks> [TOPIC] Announcements 16:36 <tyhicks> Balint Reczey (rbalint) provided debdiffs for xenial-zesty for kodi (LP: #1694249) 16:36 <ubottu> Launchpad bug 1694249 in kodi (Ubuntu) "CVE-2017-8314: malicious subtitle zip files vulnerability" [Undecided,Fix released] https://launchpad.net/bugs/1694249 16:37 <tyhicks> Balint Reczey (rbalint) provided debdiffs for trusty-zesty for wireshark (LP: #1397091) 16:37 <ubottu> Launchpad bug 1397091 in wireshark (Ubuntu) "[Security] Update Wireshark in Precise, Trusty, and Utopic to include relevant security patches." [High,Confirmed] https://launchpad.net/bugs/1397091 16:37 <tyhicks> Gianfranco Costamagna (LocutusOfBorg) provided debdiffs for trusty-zesty for ettercap (LP: #1695722) 16:37 <ubottu> Launchpad bug 1695722 in ettercap (Ubuntu) "ettercap security vulnerabilities" [Undecided,Fix released] https://launchpad.net/bugs/1695722 16:37 <tyhicks> Thank you for your assistance in keeping Ubuntu users secure! :) 16:37 <tyhicks> The Ubuntu Security Team is excited to announce that leosilva has joined the team! 16:37 <jdstrand> welcome leosilva! :) 16:37 <leosilva> o/ Hello there! 16:37 <sbeattie> woot! welcome leosilva! 16:38 <ratliff> :-) welcome! 16:38 <tyhicks> leosilva: we've very happy to have you :) 16:38 <tyhicks> [TOPIC] Weekly stand-up report 16:38 <mdeslaur> \o 16:38 <tyhicks> jdstrand: you're up 16:38 <leosilva> tks ppl, hope to keep the high standars on our team :) 16:39 <jdstrand> I was out last Monday so giving two weeks status. I worked with the snappy team quite a bit on: 16:39 <jdstrand> - 2.25 revert issues surrounding racy profile generation 16:39 <jdstrand> - workarounds for gadget snap not influencing interface auto-connections 16:39 <jdstrand> - various snappy PR reviews 16:39 <jdstrand> I also worked on: 16:39 <jdstrand> - lots of store reviews and forum requests for store actions 16:39 <jdstrand> - greengrass-support interface (lots of investigations, apparmor namespaces/stacking documentation, various upstream apparmor discussions/bug reports, implement the interface 16:39 <jdstrand> - updating click-apparmor and apparmor-easyprof-ubuntu projects to reflect new support status (ie, same as unity8). sync with others 16:39 <jdstrand> - planning security team's snappy work for this cycle with ratliff and tyhicks 16:40 <jdstrand> This week I plan to work on 16:40 <jdstrand> - various PR reviews for fixing racy profile generation (at least bpf caching 16:40 <jdstrand> and system-key PRs) 16:40 <jdstrand> - respond to greengrass-support feedback and/or iterate on the policy if receive functional devmode snap 16:40 <jdstrand> - password-manager-service PR 16:40 <jdstrand> - file various overlay/apparmor bugs as a result of my investigation 16:40 <jdstrand> As have time: 16:40 <jdstrand> - finish snappy-debug changes for journald/lack of syslog 16:40 <jdstrand> - miscellaneous policy updates 16:40 <jdstrand> that's it from me 16:40 <mdeslaur> guess it's my turn 16:40 <jdstrand> ah yes 16:40 <mdeslaur> I'm on community this week 16:40 <jdstrand> mdeslaur: you're up :) 16:41 <mdeslaur> I just published some irssi updates 16:41 <mdeslaur> and am working on gnutls and libiberty updates 16:41 <mdeslaur> If I have time, I'll pick something else off the list 16:41 <mdeslaur> that's about it. 16:41 <mdeslaur> sbeattie: you're up 16:41 <sbeattie> I'm on bug triage this week 16:42 <sbeattie> I have an embargoed issue 16:42 <sbeattie> I need to pick back up the sudo update I was also working on 16:43 <sbeattie> I have some UCT tracking stuff to do, with the kernel team adding a few new kernels. 16:43 <sbeattie> That's probably it for me. 16:43 <sbeattie> tyhicks: over to you 16:43 <tyhicks> I'm on cve triage this week 16:44 <tyhicks> I've got two remaining ecryptfs patches to review (1 kernel, 1 userspace) 16:44 <tyhicks> then I expect to make some progress on fscrypto evaluation for home dir encryption 16:44 <tyhicks> I also want to sync up with kees and finalize one last design detail for the seccomp logging changes 16:45 <tyhicks> that's it for me 16:45 <tyhicks> jjohansen: you're up 16:45 <jjohansen> I need to catch up on upstream review, Casey has posted a new revision of his stacking patches, their is the review for Tetsuo I need to do as well 16:46 <jjohansen> I need to poke at some bugs that I left to languish that last couple of weeks 1696552, 1696552, 1696547, 1696544, 1676565, ... 16:46 <jjohansen> There might be a few more LSS duties to do. And I need to register, and book travel 16:46 <jjohansen> I need to do some updating of Fate and on suse to support the snappy request 16:46 <jjohansen> And maybe, just maybe get back to the next round of patches for upstream 16:47 <jjohansen> I think that is it for me sarnold you back yet? 16:48 <jjohansen> I guess not tyhicks back to you 16:48 <tyhicks> chrisccoulson: go ahea 16:49 <tyhicks> ahead 16:49 <chrisccoulson> heh 16:49 <chrisccoulson> I've got a firefox update to publish (and test again as well, as it was respun at the end of last week) 16:49 <chrisccoulson> Hopefully Chromium as well - the build I tested last week has a couple of serious bugs, so hoping for a new one this week 16:50 <chrisccoulson> Other than that, a couple of embargoed issues 16:50 <chrisccoulson> that's me done 16:50 <ratliff> sarnold: are you back? if so, you go next 16:51 <sarnold> I'm back, drink in hand! :) 16:51 <sarnold> I'm in the happy place this week; finishing off xdelta3 mir today, I figured I'd re-start gdm3 mir this afternoon 16:51 <sarnold> and apparmor patch reviews if those would be useful to jj 16:51 <sarnold> that's it for me, ratliff? 16:52 <ratliff> I'm in the happy place this week. 16:52 <ratliff> my internally focused work is tapering off for the moment 16:52 <ratliff> that should give me some time to work on Ubuntu Core 15 updates and reports 16:52 <ratliff> that's it for me 16:53 <ratliff> back to you, tyhicks 16:53 <tyhicks> thanks 16:53 <tyhicks> [TOPIC] Highlighted packages 16:53 <tyhicks> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 16:53 <tyhicks> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 16:53 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/transifex-client.html 16:53 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/node-moment.html 16:53 <tyhicks> [TOPIC] Miscellaneous and Questions 16:53 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/insighttoolkit4.html 16:54 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/gradle.html 16:54 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/node-qs.html 16:54 <tyhicks> Does anyone have any other questions or items to discuss? 16:54 <tyhicks> leosilva: starting next week, you'd mention what you're working on after ratliff states her work 16:55 <leosilva> ok! 16:55 <tyhicks> we all know that you'll be busy setting up your work machine and the proper build/test environment this week :) 16:56 <sarnold> and fixing the documentation as you go :D 16:56 <leosilva> tyhicks: yep, but feel free to send me anything I should to read , pleaseeeee 16:56 <tyhicks> will do! 16:57 <tyhicks> leosilva: don't hesitate to ask for help if you hit problems in the documentation (as sarnold alluded to) 16:57 <tyhicks> jdstrand, mdeslaur, sbeattie, jjohansen, sarnold, ChrisCoulson, ratliff, leosilva: Thanks! 16:57 <ratliff> thank you, tyhicks! 16:57 <tyhicks> #endmeeting