#ubuntu-meeting log

16:30 <tyhicks> #startmeeting
16:30 <meetingology> Meeting started Mon Jan 23 16:30:14 2017 UTC.  The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
16:30 <meetingology> 
16:30 <meetingology> Available commands: action commands idea info link nick
16:30 <tyhicks> The meeting agenda can be found at:
16:30 <tyhicks> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
16:30 <tyhicks> [TOPIC] Announcements
16:30 <tyhicks> Ahmed Farag provided notifications for false positive virus identification for files in the archive (pnsnap, ettercap-common, dbacl, and libmail-deliverystatus-bounceparser-perl).
16:30 <tyhicks> Scott Kitterman (ScottK) provided a debdiff for trusty for pdns-recursor (LP: #1656931)
16:30 <ubottu> Launchpad bug 1656931 in pdns-recursor (Ubuntu Trusty) "Security update for pdns-recursor on trusty" [High,Fix released] https://launchpad.net/bugs/1656931
16:30 <tyhicks> Clive Johnston (clivejo) provided a debdiff for xenial for ark (LP: #1655507)
16:30 <ubottu> Launchpad bug 1655507 in ark (Ubuntu Yakkety) "CVE-2017-5330 - Ark: unintended execution of scripts and executable files" [High,Fix released] https://launchpad.net/bugs/1655507
16:30 <mdeslaur> \o
16:30 <tyhicks> Vishnu Vardhan Reddy Naini (visred) provided a debdiff for yakkety for ark (LP: #1655507)
16:30 <tyhicks> Thank you for your assistance in keeping Ubuntu users secure! :)
16:30 <tyhicks> [TOPIC] Weekly stand-up report
16:31 <tyhicks> jdstrand: you're up
16:31 <jdstrand> This week I plan to work on:
16:31 <jdstrand> - various PR reviews (8 new ones since friday)
16:31 <jdstrand> - miscellaneous apparmor policy updates
16:31 <jdstrand> - prepare snap for testing security policy
16:31 <jdstrand> - seccomp arg filtering policy
16:31 <jdstrand> that's it from me. mdeslaur, you're up
16:31 <mdeslaur> I'm on community this week, so i'll be sponsoring a bunch of stuff
16:32 <mdeslaur> I have a short week, I'm off on friday
16:32 <mdeslaur> I plan on publishing a couple of usns this afternoon, and if I have time I'll be picking something from the list
16:32 <mdeslaur> that's it from me, sbeattie, you're up
16:32 <sbeattie> I'm on bug triage this week
16:33 <sbeattie> I'll have openjdk-8 packages from tdaitx to test and publish
16:34 <sbeattie> I need to push some packages to the security pocket that recent linux-raspi2 kernels depend on.
16:34 <sbeattie> after that, I'll be going through the list looking for updates as well
16:34 <sbeattie> that's it for me, tyhicks?
16:34 <tyhicks> I'm on cve triage this week
16:35 <tyhicks> I will finish and submit the second revision of seccomp/libseccomp patches to upstream
16:35 <tyhicks> I am also working on uploading AppArmor 2.11.0 to zesty but have hit some test failures that need to be sorted out first
16:35 <tyhicks> I have an embargoed issue
16:35 <tyhicks> any free time will go towards a security update
16:35 <tyhicks> that's it for me
16:35 <tyhicks> jjohansen: go ahead
16:36 <jjohansen> I will be looking into some outstanding bugs 1658219, and 1656121
16:36 <ubottu> bug 1658219 in AppArmor "flock not mediated by 'k'" [Undecided,New] https://launchpad.net/bugs/1658219
16:36 <jjohansen> and probably a couple more
16:37 <jjohansen> I have a nice stack of patches for the xenial/yakketty kernels that I need to cleanup and send up to the kteam
16:38 <jjohansen> I will be doing some work on revising the dconf/gsetting patches and synching with will on them
16:39 <jjohansen> and if I have any time I will be working on the next steps in upstreaming, likely the securityfs modification RFC
16:40 <jjohansen> thats it for me, sarnold? you're up
16:41 <sarnold> I'm in the happy place this week; I expect to finish the uvp-monitor sorta-mir today, I'll file some bugs with upstream project for things i've found so far. I'm having trouble seeing the point of the thing compared to e.g. collectd or other popular tools...
16:41 <sarnold> so tyhicks, another suggestion for the next thing to undertake soon, but not immediately :)
16:42 <sarnold> also I'm losing verbs at an astounding rate. good luck.
16:42 <tyhicks> sarnold: what's the suggestion?
16:42 <sarnold> tyhicks: hehe, the missing bit, "I need another suggestion" :) if it's another MIR or reactive or whatever
16:43 <ratliff> I would vote for libapache2-mod-auth-mellon
16:43 <tyhicks> I think there are some new MIRs that I need to add to the list
16:44 <tyhicks> I bet ratliff's suggestion is the right one to take next
16:44 <sarnold> works for me, thanks :)
16:44 <sarnold> that's it for me, chrisccoulson?
16:44 <chrisccoulson> It's firefox update week this week
16:45 <chrisccoulson> In addition to that, I need to fix some issues in the ubufox extension caused by breaking changes in firefox 53 (removal of the non-standard 'for each' syntax)
16:46 <chrisccoulson> I'll also be spending time trying to get rust backported, but I need to talk to foundations first to agree how to split the work
16:46 <chrisccoulson> Other than that, I'll be working on oxide stuff, particularly work around JS dialogs
16:47 <chrisccoulson> that's me done
16:47 <ratliff> I'm in the happy place this week
16:47 <ratliff> I will spend time working on updates for snappy-prev
16:47 <ratliff> back to you tyhicks
16:48 <tyhicks> thanks!
16:48 <tyhicks> [TOPIC] Highlighted packages
16:48 <tyhicks> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
16:48 <tyhicks> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
16:48 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/pxz.html
16:48 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/ckeditor.html
16:48 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/radicale.html
16:48 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/elog.html
16:48 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/gksu.html
16:48 <tyhicks> [TOPIC] Miscellaneous and Questions
16:48 <tyhicks> Does anyone have any other questions or items to discuss?
16:49 <tyhicks> chrisccoulson: I wanted to ask what sort of deadline are we looking at for having rustc available in the archive in old stable releases that don't already include it?
16:52 <chrisccoulson> tyhicks, I'm not entirely sure yet. Mozilla said firefox will depend on it in "early 2017", but that will give us between 12-18 weeks before it reaches stable
16:52 <tyhicks> chrisccoulson: ok, thanks
16:52 <chrisccoulson> So we've still got 3 months, at least
16:52 * tyhicks nods
16:53 <tyhicks> jdstrand, mdeslaur, sbeattie, jjohansen, sarnold, ChrisCoulson, ratliff: Thanks!
16:53 <tyhicks> #endmeeting