16:31 <tyhicks> #startmeeting 16:31 <meetingology> Meeting started Mon Nov 27 16:31:45 2017 UTC. The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:31 <meetingology> 16:31 <meetingology> Available commands: action commands idea info link nick 16:31 <tyhicks> The meeting agenda can be found at: 16:31 <tyhicks> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:31 <tyhicks> [TOPIC] Announcements 16:32 <mdeslaur> \o 16:32 <tyhicks> Simon Quigley (tsimonq2) provided debdiffs for trusty-artful for konversation (LP: #1731797) 16:32 <ubottu> Launchpad bug 1731797 in Kubuntu PPA "[CVE] Crash in IRC message parsing" [High,In progress] https://launchpad.net/bugs/1731797 16:32 <tyhicks> Thank you for your assistance in keeping Ubuntu users secure! :) 16:32 <tyhicks> [TOPIC] Weekly stand-up report 16:32 <tyhicks> jdstrand: you're up 16:34 <tyhicks> mdeslaur: go ahead 16:34 <mdeslaur> I'm in the happy place this week 16:35 <mdeslaur> I have three updates I'm about to release, including the remote code execution issue found in exim this weekend 16:35 <mdeslaur> we have exim compiled with PIE, so I don't think we have code execution 16:35 <mdeslaur> but updates are ready anyway 16:35 <mdeslaur> after that, I'll pick something up from the list, if leosilva left me any 16:35 <mdeslaur> that's about it 16:35 <mdeslaur> sbeattie: you're up 16:35 <leosilva> hehe 16:35 <sbeattie> I'm also in the happy place this week 16:36 <sbeattie> My primary focus is on CVE notifications for snap owners 16:36 <sbeattie> I have an openjdk-7 update from td daitx to test and publish 16:36 <sbeattie> I have some upstream apparmor tasks open 16:37 * jdstrand is here (sorry) 16:37 <sbeattie> and I have the usual bits of kernel cve triage to watch over. 16:37 <sbeattie> that's probably my week. 16:37 <sbeattie> jdstrand: you want to jump in? 16:37 <tyhicks> jdstrand: go ahead 16:37 <jdstrand> yeah 16:37 <jdstrand> This week I am focusing on: 16:37 <jdstrand> * email catchup from short week last week 16:37 <jdstrand> * fix a review tools/store bug 16:37 <jdstrand> * snapd PR reviews 16:37 <jdstrand> * pickup the ssh/gpg interfaces PR 16:37 <jdstrand> * investigate/implement proper fix for hotplugged devices not being added to device cgroup (mir input forum issue) 16:37 <jdstrand> * investigate tun/tap intermittent spread failure as have time 16:37 <jdstrand> * add kmod spread test as have time 16:37 <jdstrand> * uid/gid privilege dropping as have time 16:37 <jdstrand> * everything from ssh/gpg and after might change depending on an embargoed issue I might be asked to help with 16:37 <jdstrand> that's it from me. back to you tyhicks :) 16:39 <tyhicks> I'm on community this week 16:39 <tyhicks> I'll be catching up on email from being off all last week 16:40 <tyhicks> I have several things that I need to nudge along this week but shouldn't require any real work on my side (snapd seccomp logging PR, libseccomp xenial SRU, audit SRUs, libseccomp-golang upstream PR) 16:41 <tyhicks> I plan to focus on reproducable squashfs images 16:41 <tyhicks> there are two more ecryptfs kernel fixes that need to go into a 4.15 -rc release so I'll get to them as I have time 16:41 <tyhicks> that's it for me 16:41 <tyhicks> jj is out 16:41 <tyhicks> sarnold: you're up 16:44 <sarnold> I'm on cve triage this week, and getting caught up on whatever I missed while enjoying a nice long weekend 16:44 <sarnold> apparmor patch reviews as I can, and finishing the embargoed review, starting on the next MIR on the list 16:44 <sarnold> that should cover me, chrisccoulson? 16:45 <chrisccoulson> I've got a thunderbird update to do this week (started already), and a firefox publication to finish off 16:46 <chrisccoulson> And then rust and cargo updates. I'm reasonably optimistic this one will go better than the last, and it shouldn't be too difficult 16:46 <chrisccoulson> I also need to figure out how hard it is to backport python versions for the firefox build 16:47 <tyhicks> how many weeks before that's needed? 16:47 <chrisccoulson> tyhicks, python or rust? 16:47 <tyhicks> chrisccoulson: python' 16:47 <chrisccoulson> tyhicks, march for the actual release 16:48 <chrisccoulson> but anytime now for trunk 16:48 <tyhicks> ack, glad you're thinking about it this early 16:48 <chrisccoulson> And then hopefully I'll have some time left to look at other things, finally 16:48 <chrisccoulson> that's me done 16:48 <tyhicks> ratliff: your turn 16:49 <ratliff> I'm on bug triage this week 16:49 <ratliff> After that I will continue to be focused on internal tasks. 16:49 <ratliff> on to you leosilva 16:49 <leosilva> I`m the happy place this week 16:49 <leosilva> I also will have a short week (Tuesday is my Friday) 16:50 <leosilva> I have a postgresql-common to work and USN and some python that I'm waiting to push to ppas. 16:50 <leosilva> I also want to hunt some pkg and push in my list of TODO. 16:50 <leosilva> that ` all, tyhicks it is back to you 16:51 <tyhicks> thanks 16:51 <tyhicks> [TOPIC] Highlighted packages 16:51 <tyhicks> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 16:51 <tyhicks> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 16:51 <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/python-rsa.html 16:51 <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/percona-xtrabackup.html 16:51 <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/libpgf.html 16:51 <tyhicks> [TOPIC] Miscellaneous and Questions 16:51 <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/python3.7.html 16:51 <tyhicks> Does anyone have any other questions or items to discuss? 16:51 <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/xine-ui.html 16:53 <tyhicks> jdstrand, mdeslaur, sbeattie, sarnold, ChrisCoulson, ratliff, leosilva: Thanks! 16:53 <tyhicks> #endmeeting