16:32 #startmeeting 16:32 Meeting started Mon Apr 16 16:32:21 2018 UTC. The chair is ratliff. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:32 16:32 Available commands: action commands idea info link nick 16:32 The meeting agenda can be found at: 16:32 [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:32 [TOPIC] Announcements 16:32 Thanks to James Cowgill (jcowgill) for providing a debdiff for xenial for ffmpeg (LP: #1697785)! 16:32 Launchpad bug 1697785 in ffmpeg (Ubuntu Xenial) "Update to 2.8.14 in Xenial" [Undecided,Fix released] https://launchpad.net/bugs/1697785 16:33 Thanks to Simon Quigley (tsimonq2) providing debdiffs for trusty-artful for calibre (LP: #1758699)! 16:33 Launchpad bug 1758699 in calibre (Ubuntu Artful) "[CVE] JavaScript in a book can access local files using XMLHttpRequest" [Medium,Fix released] https://launchpad.net/bugs/1758699 16:33 Your work is very much appreciated and will keep Ubuntu users secure. Thank you! 16:33 [TOPIC] Weekly stand-up report 16:33 Jamie's off today so, mdeslaur: you're up 16:33 I'm on community this week 16:33 I just published some tasty perl updates 16:34 and I'm trying to get some things migrated in bionic 16:34 that's about it, I need to pick something from the cve list 16:34 sbeattie: you're up 16:34 I'm on bug triage this week 16:34 I'm still working on my gcc-4.6 retpoline backport 16:34 I have some kernel cve triage tasks to do 16:35 And I need to pick something off the cve list 16:35 That's probably the highlights for my week 16:35 jjohansen: I think you're next? 16:35 ah does that mean I don't get to jump in at the end again :) 16:36 I'll figure out our team order eventually. 16:36 so this week I am 16:36 working with cboltz on finish up 2.13 bug fixes and problems he is having around packaging 16:36 coordinate with cboltz on opensuse presentation proposals, and get those submitted 16:36 merge rc1 into apparmor-next and then drop on the next set of patches targeted for 4.18 16:36 do follow-up on on last weeks bugs 1750594, 1679704 16:36 bug 1750594 in AppArmor "Eventual OOM with profile reloads" [Undecided,Fix committed] https://launchpad.net/bugs/1750594 16:36 bug 1679704 in apparmor (Ubuntu) "libvirt profile is blocking global setrlimit despite having no rlimit rule" [Critical,In progress] https://launchpad.net/bugs/1679704 16:36 do some revisions for policy hashing and policy versioning patching so I can get those up as wip: merge requests 16:36 proper upstreamable fix for 1750594 to replace the single case fix being used as a short term work around 16:37 finish up further rlimit fixes for bugs discovered while working on 1679704 16:37 continue work on my LSM stacking review for Casey 16:37 work on prompting prototype 16:37 uhmm I think that is it for /me 16:37 jjohansen: let me know if I can help on the packaging front 16:37 not sure that you left time to sleep, jjohansen 16:37 sbeattie: ack 16:38 ratliff: oh right, I need to add the critical item of track down time to sleep 16:38 I haven't seen sarnold yet this morning, so chrisccoulson you go next 16:39 he just say morning right now :) 16:39 yeah, I spoke to soon 16:39 :) 16:39 sarnold: you are up 16:39 I'm in the happy place this week, working down the mirs 16:39 I'm on socat now 16:39 oh, I did start typing :) 16:39 sorry chrisccoulson :( 16:40 socat might finish today or tomorrow, if there's any others needing bumping up to the head of the queue let me know .. 16:40 that's it 16:40 I'm still working on rust 1.25 updates. Currently 73 tests fail across armhf and arm64 because the tests appear to crash, so I'll be spending time trying to figure that out 16:41 I'd like to pretend I'll have some time left over to do something useful, but I have a feeling this is going to end up wasting another week 16:41 that's me done 16:41 I'll check around, but I haven't received any other requests so far, sarnold 16:41 good luck, chrisccoulson 16:41 I'm on CVE triage this week. 16:42 I have sprint prep and other internal work including starting a white paper. 16:42 I have a couple more kpi scripts to clean up and check in, but the dashboard is full again. 16:42 leosilva: on to you 16:42 I'm in the happy place this week :) 16:43 I'm did an USN for patch-esm this morning 16:43 I'm finally finished ruby updates and I'm publishing it right now *the crow says: yeahhhhh* 16:43 other than that I'll keep my hunting to get something from cve-list 16:43 it's back to you ratliff 16:44 [TOPIC] Highlighted packages 16:44 The Ubuntu Security team suggests that contributors look into merging Debian security updates in community-supported packages. If you would like to help Ubuntu but are not sure where to start, this is a great way to do so. 16:44 See http://people.canonical.com/~ubuntu-security/d2u/ for available merges and https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details on preparing Ubuntu security updates. If you have any questions, feel free to ask in #ubuntu-hardened. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 16:44 [TOPIC] Miscellaneous and Questions 16:44 Does anyone have any other questions or items to discuss? 16:44 Thanks for the mention. :) 16:45 thanks for the debdiffs! 16:46 mdeslaur, sbeattie, jjohansen, sarnold, chrisccoulson, leosilva: Thanks! 16:46 #endmeeting