== Meeting information == * #ubuntu-meeting Meeting, 02 Apr at 16:30 — 16:45 UTC * Full logs at [[http://ubottu.com/meetingology/logs/ubuntu-meeting/2018/ubuntu-meeting.2018-04-02-16.30.log.html]] == Meeting summary == ''LINK:'' https://wiki.ubuntu.com/SecurityTeam/Meeting === Announcements === The discussion about "Announcements" started at 16:31. === Weekly stand-up report === The discussion about "Weekly stand-up report" started at 16:32. === Highlighted packages === The discussion about "Highlighted packages" started at 16:40. === Miscellaneous and Questions === The discussion about "Miscellaneous and Questions" started at 16:41. == Vote results == == Done items == * (none) == People present (lines said) == * ratliff (27) * jdstrand (7) * sbeattie (7) * sarnold (4) * leosilva (4) * ubottu (4) * meetingology (3) == Full Log == 16:30 #startmeeting 16:30 Meeting started Mon Apr 2 16:30:59 2018 UTC. The chair is ratliff. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:30 16:30 Available commands: action commands idea info link nick 16:31 The meeting agenda can be found at: 16:31 [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:31 [TOPIC] Announcements 16:31 Thanks to Simon Quigley (tsimonq2) for providing debdiffs for xenial-artful for atril (LP: #1759069) and 16:31 debdiffs for trusty-xenial for kdepim (LP: #1698180)! 16:31 Launchpad bug 1759069 in atril (Ubuntu Artful) "[CVE] Arbitrary command injection via DVI filename injection when printing to PDF" [Medium,Fix released] https://launchpad.net/bugs/1759069 16:31 Launchpad bug 1698180 in kdepim (Ubuntu Xenial) "[CVE] Send Later with Delay bypasses OpenPGP" [High,Fix released] https://launchpad.net/bugs/1698180 16:32 Thanks to Ray Link (rlink) for providint the debdiff for xenial for xmltooling (LP: #1752306)! 16:32 Launchpad bug 1752306 in xmltooling (Ubuntu Artful) "Security bug in XMLTooling-C before 1.6.4 [CVE-2018-0489]" [Undecided,Incomplete] https://launchpad.net/bugs/1752306 16:32 or providing it, rather 16:32 Your work is very much appreciated and will keep Ubuntu users secure. 16:32 [TOPIC] Weekly stand-up report 16:33 jdstrand: you're up (if you are around) 16:33 I'm here :) 16:33 This week I plan to work on: 16:33 - address conntrack deprecation issues in ufw for 18.04 16:33 - apparmor upload to 18.04 to fix webbrowser-app and mediascanner2 upgrades 16:33 - finish up miscellaneous updates branches for snapd 16:33 - pick up the snap/usn notification work as have time 16:33 that's it from me 16:34 thanks, jdstrand! m_deslaur is on national holiday today 16:34 sbeattie: you are up! 16:34 I'm in the happy place this week 16:34 I'm publishing openjdk packages this morning 16:34 There should be kernel USNs to publish later this week, I believe. 16:35 I'm still slowly making progress on my gcc retpoline backport for precise 16:35 Between that and catching up on a weeks worth of email, that'll probably consume my week. 16:35 that's it from me 16:36 sarnold: I think you're up? 16:37 I'm on community this week; I'll start the MIRs with pysmi today, and keep on moving down the line 16:37 I'm leaning towards accepting openjpeg2; it's still got a long way to go :( but it's come so far and is probably a better jpeg2000 library than what we're already using 16:37 .. any comments about that would be welcome :) 16:37 that's it for me, uh .. leosilva? 16:38 I'm on bug triage 16:38 I'm hunting this week and researching cves. 16:38 tons of ruby CVEs about to land, leosilva 16:38 ratliff: I believe it's back to yo 16:38 \o/ 16:38 I'm in the happy place this week. 16:39 My goal is to get the old kpi scripts checked into UCT along with some new kpi scripts and get all of the new kpis converted over to influx 16:40 Also a ton of internal work. 16:40 That's it for me. 16:40 [TOPIC] Highlighted packages 16:40 The Ubuntu Security team suggests that contributors look into merging Debian security updates in community-supported packages. If you would like to help Ubuntu but are not sure where to start, this is a great way to do so. See http://people.canonical.com/~ubuntu-security/d2u/ for available merges and https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details on preparing Ubuntu security updates. If you have any questions, feel 16:40 free to ask in #ubuntu-hardened. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 16:41 [TOPIC] Miscellaneous and Questions 16:41 Does anyone have any other questions or items to discuss? 16:42 Quick meeting this week! 16:43 We are seeing scattered reports of problems with the intel-microcode package. If you are experiencing any difficulties, please add your comments to LP #1760264 16:43 Launchpad bug 1759920 in linux (Ubuntu Artful) "duplicate for #1760264 intel-microcode 3.20180312.0 causes lockup at login screen(w/ linux-image-4.13.0-37-generic)" [High,Confirmed] https://launchpad.net/bugs/1759920 16:45 jdstrand, sbeattie, sarnold, leosilva: Thanks! 16:45 #endmeeting Generated by MeetBot 0.1.5 (http://wiki.ubuntu.com/meetingology)