16:32 <tyhicks> #startmeeting 16:32 <meetingology> Meeting started Mon Sep 18 16:32:13 2017 UTC. The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:32 <meetingology> 16:32 <meetingology> Available commands: action commands idea info link nick 16:32 <tyhicks> The meeting agenda can be found at: 16:32 <tyhicks> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:32 <tyhicks> [TOPIC] Announcements 16:32 <tyhicks> Ismail Belkacim provided a debdiff for xenial for phpldapadmin (LP: #1701731) 16:32 <ubottu> Launchpad bug 1701731 in phpldapadmin (Ubuntu) "phpLDAPadmin <= 1.2.3 'entry_chooser.php' Multiple Cross-Site Scripting" [Undecided,Triaged] https://launchpad.net/bugs/1701731 16:32 <tyhicks> Thank you for your assistance in keeping Ubuntu users secure! :) 16:32 <tyhicks> [TOPIC] Weekly stand-up report 16:32 <tyhicks> jdstrand: you're up 16:32 <jdstrand> hey 16:32 <jdstrand> This week I plan to: 16:32 <jdstrand> * finish the reviews surrounding snapd layouts feature PR reviews (PR 3621) 16:32 <jdstrand> * get back to investigating device cgroup issues in snapd 16:33 <jdstrand> * start next steps of uid/gid work in snapd 16:33 <jdstrand> that's it for me. mdeslaur, you're up 16:33 <mdeslaur> I'm on triage this week 16:33 <mdeslaur> I'm working on apache updates 16:33 <mdeslaur> and I'm about to publish a bind9 regression fix that also contains new dnssec keys 16:33 <mdeslaur> I'll be picking up something else from the list after that 16:33 <mdeslaur> that's it, sbeattie, you're up 16:33 <sbeattie> I'm in the happy place this week 16:33 <tyhicks> oh, good idea bundling the two 16:34 <sbeattie> yeah, that's a nice one 16:34 <sbeattie> I'm working on publishing kernel USNs, as they went out this morning. 16:34 <sbeattie> I'm also working on libxml2 updates 16:35 <sbeattie> I'll pick up another one or two updates this week 16:35 <sbeattie> I need to do a bit of sprint prep 16:35 <sbeattie> and I have some apparmor reviews that have been languishing. 16:35 <sbeattie> that's it for me. tyhicks? 16:36 <tyhicks> I'm in the happy place this week 16:36 <tyhicks> I just finished addressing (and retesting) feedback items that came up in my libseccomp PR 16:37 <tyhicks> I'll be updating the PR shortly 16:37 <tyhicks> I'm also going to prepare a very minimal libseccomp upload for artful 16:37 <tyhicks> I have some Linux Security Summit followups 16:37 <tyhicks> need to finish packaging/testing fscrypt 0.2.1 16:37 <tyhicks> I'll likely have some Rally prep 16:37 <tyhicks> and I have an embargoed issue 16:37 <tyhicks> that's it for me 16:37 <tyhicks> jjohansen: you're up 16:38 <jjohansen> so I have to do a few followup items from hallway track discussions, get some pointers to things posted etc. 16:39 <jjohansen> I have a bit of prep to do for the upcoming Ralley 16:39 <jjohansen> I have a revision of the LSM stacking patches to get ready for the kt 16:40 <jjohansen> and then its back to working on the revision of apparmor unix socket mediation so we can get it into the next pull request 16:40 <jjohansen> thats it for me, sarnold you're up 16:41 <sarnold> I'm on community this week; I own john some apparmor patch reviews, then return to the python-pyelftools MIR, then rally prep 16:41 <sarnold> s/own/owe/ 16:41 <sarnold> I'll probably start another MIR this week so I'd appreciate a new top priority MIR pointer 16:41 <sarnold> that's it for me, chrisccoulson? 16:42 <chrisccoulson> I've got firefox to update this week, although I'm still working through some issues with that 16:42 <chrisccoulson> last week I had to spend quite a bit of time making the unity menubar patch work again, which is quite neglected now that I'm not using unity 16:43 <chrisccoulson> I've got a trusty build failure to fix, which I think I've figured out just now 16:44 <chrisccoulson> And there's an issue with safe browsing to figure out too (it doesn't work in our builds since mozilla switched to the new API) 16:44 <chrisccoulson> Other than that, I've got chromium to test and publish 16:44 <chrisccoulson> And no doubt I'll be spending more time updating rust and pulling hair out 16:44 <chrisccoulson> that's me done 16:44 <ratliff> I'm in the happy place this week. 16:45 <ratliff> I will spend some time doing default install audits 16:45 <ratliff> I want to pull some images from the kpis to put into the weekly reports, so I will spend some time there and on other technical documentation tasks, and organizational tasks. 16:46 <ratliff> leosilva: you are up next 16:46 <leosilva> I'm bug triage this week. 16:46 <leosilva> I get some updates to do and will keep hunting them during this week. 16:46 <leosilva> that is for me, tyhicks , it's back to you 16:47 <tyhicks> thanks 16:47 <tyhicks> [TOPIC] Highlighted packages 16:47 <tyhicks> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 16:47 <tyhicks> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 16:47 <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/festival.html 16:47 <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/torbrowser-launcher.html 16:47 <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/gosa.html 16:47 <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/thrift-compiler.html 16:47 <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/ceph-deploy.html 16:48 <tyhicks> [TOPIC] Miscellaneous and Questions 16:48 <tyhicks> Does anyone have any other questions or items to discuss? 16:50 <tyhicks> jdstrand, mdeslaur, sbeattie, jjohansen, sarnold, ChrisCoulson, ratliff, leosilva: Thanks! 16:50 <ratliff> thank you, tyhicks! 16:50 <tyhicks> #endmeeting