16:31 <tyhicks> #startmeeting 16:31 <meetingology> Meeting started Mon Sep 11 16:31:46 2017 UTC. The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:31 <meetingology> 16:31 <meetingology> Available commands: action commands idea info link nick 16:31 <mdeslaur> \o 16:31 <tyhicks> The meeting agenda can be found at: 16:31 <tyhicks> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:32 <tyhicks> [TOPIC] Announcements 16:32 <tyhicks> Gianfranco Costamagna provided a debdiff for xenial for check-all-the-things (LP: #1597245) 16:32 <ubottu> Launchpad bug 1597245 in check-all-the-things (Ubuntu Xenial) "[SRU] update check-all-the-things to xenial" [Undecided,Fix released] https://launchpad.net/bugs/1597245 16:32 <tyhicks> Simon Quigley (tsimonq2) provided a debdiff for xenial for karchive (LP: #1712948) 16:32 <ubottu> Launchpad bug 1712948 in karchive (Ubuntu Xenial) "[CVE] KNewstuff downloads can install files outside the extraction directory" [Medium,Fix released] https://launchpad.net/bugs/1712948 16:32 <tyhicks> James Cowgill (jcowgill) provided debdiffs for xenial and zesty for mbedtls (LP: #1714640) 16:32 <ubottu> Launchpad bug 1714640 in mbedtls (Ubuntu Artful) "CVE-2017-14032 - certificate authentication bypass" [Medium,Fix released] https://launchpad.net/bugs/1714640 16:32 <tyhicks> Thank you for your assistance in keeping Ubuntu users secure! :) 16:32 <tyhicks> [TOPIC] Weekly stand-up report 16:32 <tyhicks> jdstrand: you're up 16:32 <jdstrand> This week I plan to work on: 16:32 <jdstrand> * updating the review tools for new license yaml, better error reporting and a few smaller fixes 16:32 <jdstrand> * continuing reviews in support of snapd layouts feature (PR 3621) 16:32 <jdstrand> * investigate device cgroup issues in snapd 16:32 <jdstrand> * miscellaneous policy updates for snapd as have time 16:32 <jdstrand> * start next steps of my parts of uid/gid work in snapd as have time 16:32 <jdstrand> that's it from me. mdeslaur, you're up 16:33 <mdeslaur> I'm just back from vacation, so I'll be catching up on email 16:33 <mdeslaur> I think I have qemu packages to publish tomorow 16:33 <mdeslaur> and I'll be going down the list after that 16:33 <mdeslaur> that's it, sbeattie, you're up 16:33 <sbeattie> I'm in the happy place this week. 16:33 <sbeattie> I have a couple of embargoed issues I'm looking at 16:34 <sbeattie> I'm also working on a libxml2 update 16:35 <sbeattie> I'll have the usual kernel triage bits to go through. 16:35 <sbeattie> I have some apparmor stuff to review, and I think a couple of qrt tasks to investigate 16:36 <sbeattie> that's probably it for me. 16:36 <sbeattie> tyhicks: you're up 16:36 <tyhicks> I'm in the happy place this week 16:37 <tyhicks> I'm here for the first half of the week and then I'll be traveling to and attending the Linux Security Summit in the last half 16:37 <tyhicks> I'll be working on packaging/testing fscrypt 0.2.1 16:37 <tyhicks> I'll test the latest LSM stacking patches prior to LSS 16:38 <tyhicks> (I quickly reviewed the patches a week or two ago) 16:38 <jjohansen> tyhicks: I have a tree with them on artful 4.13 I'll point you at 16:38 <tyhicks> and I'll see if I can fit any libseccomp backports/uploads in if the PR gets an ack 16:38 <tyhicks> that's it for me 16:38 <tyhicks> jjohansen: thanks, that'll be helpful 16:38 <tyhicks> jjohansen: you're up 16:39 <jjohansen> I am at Linux plumbers and the linux security conference this week, today I am prepping for presentations and discussions around apparmor, LSM stacking, and LSM namespacing 16:40 <jjohansen> that is it for me I haven't seen sarnold so back to you tyhicks 16:40 <ratliff> if you want any reviewers, please let us know, jjohansen 16:40 <jjohansen> ratliff: ah, thanks that would be good 16:42 <tyhicks> chrisccoulson: are you back around? 16:42 <sarnold> tyhicks: i'm finally in :) 16:42 <tyhicks> sarnold: hey - go ahead 16:42 <sarnold> I'm on bug triage this week 16:43 <sarnold> i'm helping jj with apparmor patch reviews as he generates them 16:43 <sarnold> working on nghttp2 mir ATM and moving on to the python elftools one once that's finished 16:44 <sarnold> that'll probably account for the week, so token back to chrisccoulson or ratliff? 16:44 <ratliff> I'll give chrisccoulson a minute to pipe up, then I'll go 16:45 <tyhicks> he had to step away for an errand and was iffy on returning in time 16:45 <tyhicks> you can go ahead 16:45 <ratliff> I'm on community this week. 16:45 <ratliff> I have a number of organizational and technical documentation tasks to do. 16:46 <ratliff> I also need to start doing sprint prep for the two upcoming sprints. 16:46 <ratliff> leosilva: on to you 16:46 <leosilva> I'm in CVE triage this week. 16:47 <leosilva> Soon I finish it for today I'm planning to get gdk-pixbuf and retest the issues to see if it can or not patched 16:47 <leosilva> also planning to hunting more pkgs to update. 16:47 <leosilva> that is for me. 16:47 <leosilva> tyhicks: it's back to you 16:48 <tyhicks> thanks 16:48 <tyhicks> [TOPIC] Highlighted packages 16:48 <tyhicks> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 16:48 <tyhicks> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 16:48 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/python-jwcrypto.html 16:48 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/libid3tag.html 16:48 <tyhicks> [TOPIC] Miscellaneous and Questions 16:48 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/atheme-services.html 16:48 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/golang-github-appc-docker2aci.html 16:48 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/mxml.html 16:48 <tyhicks> Does anyone have any other questions or items to discuss? 16:49 <tyhicks> I'll give a quick summary of Chris' plans for the week and then we'll end the meeting: 16:49 <tyhicks> * finish updating rustc to 1.19 16:49 <tyhicks> * start on updating rustc to 1.20 16:49 <tyhicks> * thunderbird update 16:49 <tyhicks> * sponsor chromium-browser update 16:49 <tyhicks> * fix bugs for Firefox 56 16:49 <tyhicks> * menubar 16:50 <tyhicks> * FTBFS on Trusty 16:50 <tyhicks> * armhf issue 16:50 <tyhicks> jdstrand, mdeslaur, sbeattie, jjohansen, sarnold, ratliff, leosilva: Thanks! 16:50 <ratliff> thank you, tyhicks! 16:50 <tyhicks> #endmeeting