== Meeting information == * #ubuntu-meeting Meeting, 07 Aug at 16:30 — 16:51 UTC * Full logs at [[http://ubottu.com/meetingology/logs/ubuntu-meeting/2017/ubuntu-meeting.2017-08-07-16.30.log.html]] == Meeting summary == ''LINK:'' https://wiki.ubuntu.com/SecurityTeam/Meeting === Announcements === The discussion about "Announcements" started at 16:31. === Weekly stand-up report === The discussion about "Weekly stand-up report" started at 16:32. === Highlighted packages === The discussion about "Highlighted packages" started at 16:45. * ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/unrar-nonfree.html * ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/yaml-cpp.html * ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/qpid-proton.html * ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/freeciv.html * ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/inspircd.html === Miscellaneous and Questions === The discussion about "Miscellaneous and Questions" started at 16:45. == Vote results == == Done items == * (none) == People present (lines said) == * tyhicks (38) * jdstrand (10) * sbeattie (8) * leosilva (6) * ubottu (6) * jjohansen (6) * tsimonq2 (5) * mdeslaur (5) * chrisccoulson (4) * sarnold (3) * meetingology` (3) * ratliff (3) * meetingology (2) == Full Log == 16:30 #startmeeting 16:30 Meeting started Mon Aug 7 16:30:50 2017 UTC. The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:30 16:30 Available commands: action commands idea info link nick 16:30 Meeting started Mon Aug 7 16:30:50 2017 UTC. The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:30 Available commands: action commands idea info link nick 16:30 * sbeattie waves 16:30 o/ 16:30 o/ 16:31 The meeting agenda can be found at: 16:31 [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:31 [TOPIC] Announcements 16:31 heh, zero meeting bots last week and two meeting bots this week 16:31 oooh! bot fight! 16:31 James Lu (tacocat) provided debdiffs for xenial-zesty for gnome-exe-thumbnailer (LP: #651610) 16:31 Launchpad bug 651610 in gnome-exe-thumbnailer (Ubuntu) "[CVE-2017-11421] Version number for .msi thumbnail is obtained from unreliable source" [Critical,Fix released] https://launchpad.net/bugs/651610 16:31 Simon Quigley (tsimonq2) provided debdiffs for trusty-xenial for lxterminal (LP: #1690416) 16:31 Launchpad bug 1690416 in lxterminal (Ubuntu Artful) "[CVE] socket can be blocked by another user" [Undecided,Fix released] https://launchpad.net/bugs/1690416 16:31 Simon Quigley (tsimonq2) provided debdiffs for trusty-zesty for pcmanfm (LP: #1708542) 16:31 Launchpad bug 1708542 in pcmanfm (Ubuntu Zesty) "Fix potential access violation, use runtime user dir instead of tmp dir" [Undecided,Fix released] https://launchpad.net/bugs/1708542 16:31 Otto Kekäläinen (otto) provided debdiffs for trusty for mariadb-5.5 (LP: #1705944) 16:31 Launchpad bug 1705944 in mariadb-5.5 (Ubuntu) "USN-3357-1: partially applies to MariaDB too" [Medium,Fix released] https://launchpad.net/bugs/1705944 16:32 Otto Kekäläinen (otto) provided debdiffs for xenial for mariadb-10.0 (LP: #1698689) 16:32 Launchpad bug 1698689 in mariadb-10.1 (Ubuntu Artful) "USN-3269-1: partially applies to MariaDB too" [Undecided,New] https://launchpad.net/bugs/1698689 16:32 Otto Kekäläinen (otto) provided debdiffs for zesty for mariadb-10.1 (LP: #1698689) 16:32 Roger Light (ral) provided debdiffs for trusty-zesty for mosquitto (LP: #1700490) 16:32 Launchpad bug 1700490 in mosquitto (Ubuntu) "Persistence file is world readable" [Undecided,Fix released] https://launchpad.net/bugs/1700490 16:32 Thank you for your assistance in keeping Ubuntu users secure! :) 16:32 [TOPIC] Weekly stand-up report 16:32 jdstrand: you're up 16:33 hey 16:33 Last week I focused a lot on interface reviews (broadcom-asic-control, udev tagging,kvm, spi, avahi reimplementation. I also coordinated with the Desktop team wrt snaps on 17.10 desktop. I triaged the snapd-interface bugs and picked up the wayland work a bit. 16:33 This week I plan to: 16:33 - finish going through the wayland interface (this has required quite a bit of investigation wrt interactions with snapd's setting of XDG_RUNTIME_DIR 16:33 - be responsive to various snappy PRs and feature discussions (eg, udev tagging, avahi, snapd user/groups, portals, etc) 16:34 - perform several PRs against snapd 2.27 for recent PRs that need to be in the next release 16:34 - pickup new 'desktop' interface for gnome-shell, plasma and sway as have time 16:34 that's it from me 16:34 mdeslaur: you're up 16:34 I'm on triage this week 16:34 and I have a couple of updates to publish 16:34 and after down, down the list, as usual 16:34 sbeattie: you're up 16:34 I'm in the happy place this week 16:35 I have a couple of kernel USNs to publish this morning 16:35 I have an embargoed issue on my plate 16:36 I'm stll waiting on openjdk-7 from td aitx, but might have that to publish this week 16:36 I'll look at picking up other updates as well 16:36 tyhicks: :D 16:36 I also have some apparmor bits and qrt bits to poke at. 16:37 that's it for me. tyhicks, over to you... 16:37 I'm in the happy place this week 16:37 I will finish making changes to seccomp v6 kernel patch set, test, and submit upstream 16:37 need to do fscrypt pam module review and packaging 16:37 still need to familiarize myself with the latest LSM stacking patch set 16:37 I also still need to review jdstrand's snapd users/groups writeup 16:38 jjohansen: you're up 16:38 I am still working on upstreaming apparmor, specifically the type splitting needed to fixed the stored path issue in our unix domain sockets. 16:38 I will be doing some more testing of the LSM stacking kernel, and getting my feedback to Casey 16:38 I have some Ralley prep to take care of this week. 16:39 and if there is time some misc apparmor test suite issues to poke at 16:39 tyhicks: fyi, niemeyer ack'd that the users/groups write-up is accurate which I think is a precursor to his full review/comment 16:40 thats it for me sarnold you're up 16:40 I'm on community this week; also setting up rally travel, and working down the MIRs. Maybe review a patch or two from jjohansen if he think it'd be helpful. 16:40 that's it for me, chrisccoulson? 16:40 I've got firefox and chromium updates this week 16:41 sarnold: oh yes 16:41 I'm also in the process of updating rust to 1.19, but I've got an issue with 1.18 first. I imagine this will take up most of my week 16:41 That's me done 16:41 I'm in the happy place this week 16:42 I will be focusing on KPIs for the foreseeable future 16:42 leosilva: you are up 16:43 I worked in a couple of update/finished the publishment today morning 16:43 this week I'm bug triage and also finish triage hope to get some updates too 16:43 that's it for me 16:43 tyhicks: it's back to you 16:44 duh, I mean, soon finish triage* 16:44 * tyhicks is catching up 16:45 [TOPIC] Highlighted packages 16:45 The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 16:45 See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 16:45 http://people.canonical.com/~ubuntu-security/cve/pkg/unrar-nonfree.html 16:45 http://people.canonical.com/~ubuntu-security/cve/pkg/yaml-cpp.html 16:45 http://people.canonical.com/~ubuntu-security/cve/pkg/qpid-proton.html 16:45 http://people.canonical.com/~ubuntu-security/cve/pkg/freeciv.html 16:45 http://people.canonical.com/~ubuntu-security/cve/pkg/inspircd.html 16:45 [TOPIC] Miscellaneous and Questions 16:45 Does anyone have any other questions or items to discuss? 16:47 probably it's worth adding http://people.canonical.com/~ubuntu-security/cve/pkg/varnish.html to that list, four or so community folks filed bugs but I don't recall seeing any debdiffs http://people.canonical.com/~ubuntu-security/cve/pkg/varnish.html 16:47 good thought 16:48 I think varnish updates would be more useful than any of the ones I listed 16:50 I can provide debdiffs within the next hour if someone can help me test them. 16:50 Because it's a Universe package right? 16:50 (yes, answered my own question) 16:51 tsimonq2: you could post debdiffs, sarnold could sponsor them to the ubuntu-security-proposed PPA, and then we could ask for testing in the bug 16:51 tyhicks: Works for me. 16:51 tsimonq2: thanks! 16:51 jdstrand, mdeslaur, sbeattie, jjohansen, sarnold, ChrisCoulson, ratliff, leosilva: thank you! 16:51 #endmeeting Generated by MeetBot 0.1.5 (http://wiki.ubuntu.com/meetingology)