#ubuntu-meeting log

16:31 <tyhicks> #startmeeting
16:31 <meetingology> Meeting started Mon Sep 11 16:31:46 2017 UTC.  The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
16:31 <meetingology> 
16:31 <meetingology> Available commands: action commands idea info link nick
16:31 <mdeslaur> \o
16:31 <tyhicks> The meeting agenda can be found at:
16:31 <tyhicks> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
16:32 <tyhicks> [TOPIC] Announcements
16:32 <tyhicks> Gianfranco Costamagna provided a debdiff for xenial for check-all-the-things (LP: #1597245)
16:32 <ubottu> Launchpad bug 1597245 in check-all-the-things (Ubuntu Xenial) "[SRU] update check-all-the-things to xenial" [Undecided,Fix released] https://launchpad.net/bugs/1597245
16:32 <tyhicks> Simon Quigley (tsimonq2) provided a debdiff for xenial for karchive (LP: #1712948)
16:32 <ubottu> Launchpad bug 1712948 in karchive (Ubuntu Xenial) "[CVE] KNewstuff downloads can install files outside the extraction directory" [Medium,Fix released] https://launchpad.net/bugs/1712948
16:32 <tyhicks> James Cowgill (jcowgill) provided debdiffs for xenial and zesty for mbedtls (LP: #1714640)
16:32 <ubottu> Launchpad bug 1714640 in mbedtls (Ubuntu Artful) "CVE-2017-14032 - certificate authentication bypass" [Medium,Fix released] https://launchpad.net/bugs/1714640
16:32 <tyhicks> Thank you for your assistance in keeping Ubuntu users secure! :)
16:32 <tyhicks> [TOPIC] Weekly stand-up report
16:32 <tyhicks> jdstrand: you're up
16:32 <jdstrand> This week I plan to work on:
16:32 <jdstrand> * updating the review tools for new license yaml, better error reporting and a few smaller fixes
16:32 <jdstrand> * continuing reviews in support of snapd layouts feature (PR 3621)
16:32 <jdstrand> * investigate device cgroup issues in snapd
16:32 <jdstrand> * miscellaneous policy updates for snapd as have time
16:32 <jdstrand> * start next steps of my parts of uid/gid work in snapd as have time
16:32 <jdstrand> that's it from me. mdeslaur, you're up
16:33 <mdeslaur> I'm just back from vacation, so I'll be catching up on email
16:33 <mdeslaur> I think I have qemu packages to publish tomorow
16:33 <mdeslaur> and I'll be going down the list after that
16:33 <mdeslaur> that's it, sbeattie, you're up
16:33 <sbeattie> I'm in the happy place this week.
16:33 <sbeattie> I have a couple of embargoed issues I'm looking at
16:34 <sbeattie> I'm also working on a libxml2 update
16:35 <sbeattie> I'll have the usual kernel triage bits to go through.
16:35 <sbeattie> I have some apparmor stuff to review, and I think a couple of qrt tasks to investigate
16:36 <sbeattie> that's probably it for me.
16:36 <sbeattie> tyhicks: you're up
16:36 <tyhicks> I'm in the happy place this week
16:37 <tyhicks> I'm here for the first half of the week and then I'll be traveling to and attending the Linux Security Summit in the last half
16:37 <tyhicks> I'll be working on packaging/testing fscrypt 0.2.1
16:37 <tyhicks> I'll test the latest LSM stacking patches prior to LSS
16:38 <tyhicks> (I quickly reviewed the patches a week or two ago)
16:38 <jjohansen> tyhicks: I have a tree with them on artful 4.13 I'll point you at
16:38 <tyhicks> and I'll see if I can fit any libseccomp backports/uploads in if the PR gets an ack
16:38 <tyhicks> that's it for me
16:38 <tyhicks> jjohansen: thanks, that'll be helpful
16:38 <tyhicks> jjohansen: you're up
16:39 <jjohansen> I am at Linux plumbers and the linux security conference this week, today I am prepping for presentations and discussions around apparmor, LSM stacking, and LSM namespacing
16:40 <jjohansen> that is it for me I haven't seen sarnold so back to you tyhicks
16:40 <ratliff> if you want any reviewers, please let us know, jjohansen
16:40 <jjohansen> ratliff: ah, thanks that would be good
16:42 <tyhicks> chrisccoulson: are you back around?
16:42 <sarnold> tyhicks: i'm finally in :)
16:42 <tyhicks> sarnold: hey - go ahead
16:42 <sarnold> I'm on bug triage this week
16:43 <sarnold> i'm helping jj with apparmor patch reviews as he generates them
16:43 <sarnold> working on nghttp2 mir ATM and moving on to the python elftools one once that's finished
16:44 <sarnold> that'll probably account for the week, so token back to chrisccoulson or ratliff?
16:44 <ratliff> I'll give chrisccoulson a minute to pipe up, then I'll go
16:45 <tyhicks> he had to step away for an errand and was iffy on returning in time
16:45 <tyhicks> you can go ahead
16:45 <ratliff> I'm on community this week.
16:45 <ratliff> I have a number of organizational and technical documentation tasks to do.
16:46 <ratliff> I also need to start doing sprint prep for the two upcoming sprints.
16:46 <ratliff> leosilva: on to you
16:46 <leosilva> I'm in CVE triage this week.
16:47 <leosilva> Soon I finish it for today I'm planning to get gdk-pixbuf and retest the issues to see if it can or not patched
16:47 <leosilva> also planning to hunting more pkgs to update.
16:47 <leosilva> that is for me.
16:47 <leosilva> tyhicks: it's back to you
16:48 <tyhicks> thanks
16:48 <tyhicks> [TOPIC] Highlighted packages
16:48 <tyhicks> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
16:48 <tyhicks> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
16:48 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/python-jwcrypto.html
16:48 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/libid3tag.html
16:48 <tyhicks> [TOPIC] Miscellaneous and Questions
16:48 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/atheme-services.html
16:48 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/golang-github-appc-docker2aci.html
16:48 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/mxml.html
16:48 <tyhicks> Does anyone have any other questions or items to discuss?
16:49 <tyhicks> I'll give a quick summary of Chris' plans for the week and then we'll end the meeting:
16:49 <tyhicks> * finish updating rustc to 1.19
16:49 <tyhicks> * start on updating rustc to 1.20
16:49 <tyhicks> * thunderbird update
16:49 <tyhicks> * sponsor chromium-browser update
16:49 <tyhicks> * fix bugs for Firefox 56
16:49 <tyhicks> * menubar
16:50 <tyhicks> * FTBFS on Trusty
16:50 <tyhicks> * armhf issue
16:50 <tyhicks> jdstrand, mdeslaur, sbeattie, jjohansen, sarnold, ratliff, leosilva: Thanks!
16:50 <ratliff> thank you, tyhicks!
16:50 <tyhicks> #endmeeting