#ubuntu-meeting log

16:37 <tyhicks> #startmeeting
16:37 <meetingology> Meeting started Mon Dec 12 16:37:43 2016 UTC.  The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
16:37 <meetingology> 
16:37 <meetingology> Available commands: action commands idea info link nick
16:37 <tyhicks> The meeting agenda can be found at:
16:37 <tyhicks> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
16:37 <tyhicks> [TOPIC] Announcements
16:37 <tyhicks> Brian Morton provided debdiffs for precise-trusty for proftpd-dfsg (LP: #1462311)
16:37 <ubottu> Launchpad bug 1462311 in Proftpd Dfsg "proftpd mod_copy issue (CVE-2015-3306)" [Critical,Fix released] https://launchpad.net/bugs/1462311
16:37 <tyhicks> Otto Kekäläinen (otto) provided debdiffs for yakkety-xenial for mariadb-10.0 (LP: #1638125)
16:37 <ubottu> Launchpad bug 1638125 in mariadb-10.0 (Ubuntu Zesty) "USN-3109-1: MySQL vulnerabilities partially applies to MariaDB too" [High,Fix committed] https://launchpad.net/bugs/1638125
16:38 <tyhicks> Otto Kekäläinen (otto) provided debdiffs for trusty for mariadb-5.5 (LP: #1638125)
16:38 <tyhicks> Thank you for your assistance in keeping Ubuntu users secure! :)
16:38 <tyhicks> [TOPIC] Weekly stand-up report
16:38 <tyhicks> mdeslaur: go ahead (we'll circle back to Jamie since he's in the middle of another conversation)
16:38 <mdeslaur> I'm on triage
16:39 <mdeslaur> but i'm only here today, I'm off for the holidays starting tomorrow
16:39 <tyhicks> ratliff will take over triage after today
16:39 <tyhicks> cve triage, that is
16:39 <mdeslaur> I'm currently working on embargoed issues
16:39 <mdeslaur> that's it from me
16:39 <tyhicks> sbeattie: you're up
16:39 <sbeattie> I'm in the happy place this week
16:39 <sbeattie> it's a short week for me, I'm off thursday and friday
16:41 <sbeattie> I'll try to pick up an update this week, possibly one or more of the embargoed issue mdeslaur is working on
16:41 <sbeattie> I have some apparmor work to do to get the release out
16:41 <tyhicks> do you plan on getting the release out before you go on vacation?
16:41 <sbeattie> I also have some misc kernel triage/tasks to look after.
16:42 <sbeattie> tyhicks: I'll be back next week (for another short week)
16:42 <tyhicks> oh
16:42 <tyhicks> ok
16:42 <sbeattie> but yes, planning to get the release out before the holidays
16:42 <sbeattie> anyway, that'll likely consume my week.
16:42 <sbeattie> tyhicks: on to you
16:43 <tyhicks> I'm going to be taking over bug triage this week
16:44 <tyhicks> I'm going to be verifying the trusty dbus and apparmor SRUs (LP: #1641243)
16:44 <ubottu> Launchpad bug 1641243 in apparmor (Ubuntu Trusty) "Provide full AppArmor confinement for snaps on 14.04" [High,Fix committed] https://launchpad.net/bugs/1641243
16:44 <tyhicks> I hope to finish up the seccomp logging changes - I think I only need to finish adding tests to libseccomp
16:45 <tyhicks> however, the kernel merge window just opened up so the kernel changes aren't likely to land until the next kernel
16:45 <tyhicks> I am going to publish some embargoed issues that mdeslaur and others are working on
16:45 <tyhicks> I have some sprint prep to do
16:46 <tyhicks> and I still have a number of ecryptfs issues on my plate (haven't been able to work on them at all)
16:46 <tyhicks> that's it for me
16:46 <tyhicks> I don't see jj
16:46 <tyhicks> sarnold_: go ahead
16:46 <sarnold_> I'm on community this week
16:47 <sarnold_> I seem to recall seeing some sponsored updates from last week, and I'm not sure what state my schroots or vms are in, so it' spossible much of this week will be yak shaving to do the updates
16:47 <sarnold_> with what time is left I'll head on to swift-s3-something-mumble MIR
16:48 <tyhicks> I got through all of the sponsorings (d2u and debdiff) last week
16:48 <sarnold_> libav too?
16:48 <sarnold_> or was that ffmpeg?
16:48 <tyhicks> didn't see that one, so I guess I didn't get through them all
16:48 <ratliff> ffmpeg
16:49 <sarnold_> that's me done, jjohansen?
16:49 <jjohansen> yep
16:50 <jjohansen> Its a short week for me again, I friday off
16:50 <jjohansen> I am following up with a couple of bugs that got fixed last week
16:50 <jjohansen> I still need to look into the mount issue, that jdstrand encountered
16:51 <jjohansen> and I need to work on gsettings
16:51 <tyhicks> by following up, you mean SRU verification?
16:52 <jjohansen> tyhicks: well, bugging people to ensure the patches worked for them, and sending them up to the kt
16:52 <tyhicks> jjohansen: ^
16:52 <tyhicks> ah
16:52 <tyhicks> thanks
16:53 <jjohansen> thats it for /me back to you tyhicks
16:54 <tyhicks> ratliff: you're up
16:54 <ratliff> I'm on bug triage today, CVE triage after today.
16:55 <ratliff> I have some reviews pending to complete and I need to prepare the zesty ghostscript debdiff.
16:55 <ratliff> back to you tyhicks
16:56 <tyhicks> jdstrand: go ahead
16:56 <jdstrand> finialize dbus PR
16:56 <jdstrand> finalize network-namespace-control PR
16:56 <jdstrand> various PR reviews
16:56 <jdstrand> various snappy personal reviews/design discussions
16:56 <jdstrand> start working on seccomp arg filtering
16:56 <jdstrand> last week I actually got to work on a few things, so I think dbus and network-namespace PRs may land soon
16:57 <jdstrand> that's it from me
16:57 <tyhicks> thanks jdstrand
16:58 <tyhicks> [TOPIC] Highlighted packages
16:58 <tyhicks> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
16:58 <tyhicks> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
16:58 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/node-uuid.html
16:58 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/node-qs.html
16:58 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/transifex-client.html
16:58 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/blender.html
16:58 <tyhicks> [TOPIC] Miscellaneous and Questions
16:58 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/pdns.html
16:58 <tyhicks> Does anyone have any other questions or items to discuss?
16:59 <tyhicks> jdstrand, mdeslaur, sbeattie, jjohansen, sarnold, ratliff: Thanks!
16:59 <tyhicks> #endmeeting