16:30 <tyhicks> #startmeeting 16:30 <meetingology> Meeting started Mon Oct 2 16:30:57 2017 UTC. The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:30 <meetingology> 16:30 <meetingology> Available commands: action commands idea info link nick 16:31 <tyhicks> The meeting agenda can be found at: 16:31 <tyhicks> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:31 <tyhicks> [TOPIC] Announcements 16:31 <tyhicks> Simon Quigley (tsimonq2) provided debdiffs for trusty-zesty for jython (LP: #1714728) 16:31 <ubottu> Launchpad bug 1714728 in jython (Ubuntu Zesty) "[CVEs] Creates executables class files with wrong permissions, Unsafe deserialization leads to code execution" [High,Fix released] https://launchpad.net/bugs/1714728 16:31 <tyhicks> Thank you for your assistance in keeping Ubuntu users secure! :) 16:31 <tyhicks> [TOPIC] Weekly stand-up report 16:31 <tyhicks> jdstrand: you're up 16:31 <jdstrand> hi 16:31 <jdstrand> This week I plan to work on: 16:31 <jdstrand> * PR reviews for layouts (snappy team), per user mounts (desktop team) and other PRs as needed 16:31 <jdstrand> * continue uid/gid work 16:31 <jdstrand> that's it from me 16:31 <jdstrand> * prepare for sprint 16:32 <tyhicks> mdeslaur: you're up 16:33 <mdeslaur> I'm on community this week... 16:33 <mdeslaur> just published a few updates 16:33 <mdeslaur> I have to see what else to work on 16:33 <mdeslaur> that's about it, sbeattie, you're up 16:33 <sbeattie> I'm on bug triage this week 16:34 <sbeattie> I have some tasks from the sprint to finish up: finishing some conversions from bzr to git, and some other process things to look at. 16:34 <sbeattie> I'm working on a perl update, and will look at other updates for this week 16:35 <sbeattie> will have the usual kernel triage to do 16:35 <sbeattie> that's it for me. tyhicks? 16:35 <tyhicks> I'm on CVE triage 16:36 <tyhicks> I may try to make some changes to the CVE triage utilities to match a new workflow that we identified/discussed at the rally last week 16:36 <jdstrand> oh I forget one: 16:36 <tyhicks> I'm about to test my new fscrypt package that contains the pam module and other new work 16:36 <jdstrand> * miscellaneous policy updates based on last week's sprint feedback 16:37 <tyhicks> I need to work on a one-off CVE reporting script 16:37 <tyhicks> I'll finalize and prepare a PR against snapd for dynamic seccomp logging features 16:37 <tyhicks> I think that's it 16:37 <tyhicks> jjohansen: you're up 16:38 <jjohansen> well I am working on the 4.15 pull request, so that is type splitting and unix domain sockets revisions 16:39 <jjohansen> but I am also going to spend some time helping jdstrand with some sprint prep (a demo) 16:40 <jdstrand> oh, am I demo'ing that? 16:40 <jjohansen> I also need to spend some time reviewing mjg's patches, get the latest revision of the LSM stacking patches to the kt, and clean up said LSM stacking patches and kick them back to Casey for his feedback 16:40 <jdstrand> I thought I was going to help you get a demo together for someone to demo :P 16:41 <jjohansen> jdstrand: uh well that is what I thought was going to happen, /me certainly isn't 16:41 <jdstrand> that can be discussed elsewhere 16:41 <jjohansen> okay, the /me revises to help jdstrand get a demo together for some brave soul to demo 16:42 <jjohansen> thats it for /me, sarnold isn't around today so back to you tyhicks 16:42 <tyhicks> chrisccoulson: you're up 16:43 <chrisccoulson> I've got firefox and chromium updates to test and publish, as well as a thunderbird update to do 16:43 <chrisccoulson> I need to get cargo updated to 0.20 - hoping that will go ok 16:43 <chrisccoulson> and then I'll be working on the apparmor audit change we discussed last week 16:44 <chrisccoulson> oh, I need to prepare a mock up of the start page for will, but that shouldn't take long 16:44 <chrisccoulson> that's me done 16:44 <chrisccoulson> fingers crossed my laptop doesn't die :) 16:44 <ratliff> I'm in the happy place this week. 16:44 <ratliff> I will complete the release audits 16:45 <ratliff> I have a high priority internal task and a few tasks to complete as part of sprint prep. 16:45 <ratliff> on to you, leosilva 16:45 <leosilva> I'm in the happy place this week. 16:46 <leosilva> I'll do the usual hunting pkgs to update, as well I have a dnsmasq to try to update (old code it seems, cross fingers( 16:46 <leosilva> that's it from me. 16:46 <leosilva> tyhicks: it's back to you 16:46 <tyhicks> thanks 16:46 <tyhicks> [TOPIC] Highlighted packages 16:46 <tyhicks> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 16:46 <tyhicks> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 16:46 <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/not-yet-commons-ssl.html 16:46 <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/blueman.html 16:46 <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/pycsw.html 16:46 <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/yaml-cpp0.3.html 16:47 <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/openttd.html 16:47 <tyhicks> [TOPIC] Miscellaneous and Questions 16:47 <tyhicks> Does anyone have any other questions or items to discuss? 16:47 <tyhicks> the next meeting will be in two weeks (Oct 16th) 16:48 <tyhicks> jdstrand, mdeslaur, sbeattie, jjohansen, ChrisCoulson, ratliff, leosilva: Thanks! 16:48 <tyhicks> #endmeeting