#ubuntu-meeting log

16:31 <tyhicks> #startmeeting
16:31 <meetingology> Meeting started Mon Nov 27 16:31:45 2017 UTC.  The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
16:31 <meetingology> 
16:31 <meetingology> Available commands: action commands idea info link nick
16:31 <tyhicks> The meeting agenda can be found at:
16:31 <tyhicks> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
16:31 <tyhicks> [TOPIC] Announcements
16:32 <mdeslaur> \o
16:32 <tyhicks> Simon Quigley (tsimonq2) provided debdiffs for trusty-artful for konversation (LP: #1731797)
16:32 <ubottu> Launchpad bug 1731797 in Kubuntu PPA "[CVE] Crash in IRC message parsing" [High,In progress] https://launchpad.net/bugs/1731797
16:32 <tyhicks> Thank you for your assistance in keeping Ubuntu users secure! :)
16:32 <tyhicks> [TOPIC] Weekly stand-up report
16:32 <tyhicks> jdstrand: you're up
16:34 <tyhicks> mdeslaur: go ahead
16:34 <mdeslaur> I'm in the happy place this week
16:35 <mdeslaur> I have three updates I'm about to release, including the remote code execution issue found in exim this weekend
16:35 <mdeslaur> we have exim compiled with PIE, so I don't think we have code execution
16:35 <mdeslaur> but updates are ready anyway
16:35 <mdeslaur> after that, I'll pick something up from the list, if leosilva left me any
16:35 <mdeslaur> that's about it
16:35 <mdeslaur> sbeattie: you're up
16:35 <leosilva> hehe
16:35 <sbeattie> I'm also in the happy place this week
16:36 <sbeattie> My primary focus is on CVE notifications for snap owners
16:36 <sbeattie> I have an openjdk-7 update from td daitx to test and publish
16:36 <sbeattie> I have some upstream apparmor tasks open
16:37 * jdstrand is here (sorry)
16:37 <sbeattie> and I have the usual bits of kernel cve triage to watch over.
16:37 <sbeattie> that's probably my week.
16:37 <sbeattie> jdstrand: you want to jump in?
16:37 <tyhicks> jdstrand: go ahead
16:37 <jdstrand> yeah
16:37 <jdstrand> This week I am focusing on:
16:37 <jdstrand> * email catchup from short week last week
16:37 <jdstrand> * fix a review tools/store bug
16:37 <jdstrand> * snapd PR reviews
16:37 <jdstrand> * pickup the ssh/gpg interfaces PR
16:37 <jdstrand> * investigate/implement proper fix for hotplugged devices not being added to device cgroup (mir input forum issue)
16:37 <jdstrand> * investigate tun/tap intermittent spread failure as have time
16:37 <jdstrand> * add kmod spread test as have time
16:37 <jdstrand> * uid/gid privilege dropping as have time
16:37 <jdstrand> * everything from ssh/gpg and after might change depending on an embargoed issue I might be asked to help with
16:37 <jdstrand> that's it from me. back to you tyhicks :)
16:39 <tyhicks> I'm on community this week
16:39 <tyhicks> I'll be catching up on email from being off all last week
16:40 <tyhicks> I have several things that I need to nudge along this week but shouldn't require any real work on my side (snapd seccomp logging PR, libseccomp xenial SRU, audit SRUs, libseccomp-golang upstream PR)
16:41 <tyhicks> I plan to focus on reproducable squashfs images
16:41 <tyhicks> there are two more ecryptfs kernel fixes that need to go into a 4.15 -rc release so I'll get to them as I have time
16:41 <tyhicks> that's it for me
16:41 <tyhicks> jj is out
16:41 <tyhicks> sarnold: you're up
16:44 <sarnold> I'm on cve triage this week, and getting caught up on whatever I missed while enjoying a nice long weekend
16:44 <sarnold> apparmor patch reviews as I can, and finishing the embargoed review, starting on the next MIR on the list
16:44 <sarnold> that should cover me, chrisccoulson?
16:45 <chrisccoulson> I've got a thunderbird update to do this week (started already), and a firefox publication to finish off
16:46 <chrisccoulson> And then rust and cargo updates. I'm reasonably optimistic this one will go better than the last, and it shouldn't be too difficult
16:46 <chrisccoulson> I also need to figure out how hard it is to backport python versions for the firefox build
16:47 <tyhicks> how many weeks before that's needed?
16:47 <chrisccoulson> tyhicks, python or rust?
16:47 <tyhicks> chrisccoulson: python'
16:47 <chrisccoulson> tyhicks, march for the actual release
16:48 <chrisccoulson> but anytime now for trunk
16:48 <tyhicks> ack, glad you're thinking about it this early
16:48 <chrisccoulson> And then hopefully I'll have some time left to look at other things, finally
16:48 <chrisccoulson> that's me done
16:48 <tyhicks> ratliff: your turn
16:49 <ratliff> I'm on bug triage this week
16:49 <ratliff> After that I will continue to be focused on internal tasks.
16:49 <ratliff> on to you leosilva
16:49 <leosilva> I`m the happy place this week
16:49 <leosilva> I also will have  a short week (Tuesday is my Friday)
16:50 <leosilva> I have a postgresql-common to work and USN and some python that I'm waiting to push to ppas.
16:50 <leosilva> I also want to hunt some pkg and push in my list of TODO.
16:50 <leosilva> that ` all, tyhicks it is back to you
16:51 <tyhicks> thanks
16:51 <tyhicks> [TOPIC] Highlighted packages
16:51 <tyhicks> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
16:51 <tyhicks> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
16:51 <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/python-rsa.html
16:51 <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/percona-xtrabackup.html
16:51 <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/libpgf.html
16:51 <tyhicks> [TOPIC] Miscellaneous and Questions
16:51 <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/python3.7.html
16:51 <tyhicks> Does anyone have any other questions or items to discuss?
16:51 <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/xine-ui.html
16:53 <tyhicks> jdstrand, mdeslaur, sbeattie, sarnold, ChrisCoulson, ratliff, leosilva: Thanks!
16:53 <tyhicks> #endmeeting