16:31 #startmeeting 16:31 Meeting started Mon Mar 6 16:31:39 2017 UTC. The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:31 16:31 Available commands: action commands idea info link nick 16:31 The meeting agenda can be found at: 16:31 [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:31 [TOPIC] Announcements 16:31 Jeremy Bicha (jbicha) provided debdiffs for xenial-yakkety for iio-sensor-proxy (LP: #1666358) 16:32 Launchpad bug 1666358 in iio-sensor-proxy (Ubuntu Yakkety) "iio-sensor-proxy: Insecure configuration of dbus service" [High,Fix released] https://launchpad.net/bugs/1666358 16:32 Vishnu Naini (visred) provided debdiffs for xenial-yakkety for kde4libs and kio (LP: #1668871) 16:32 Launchpad bug 1668871 in kde4libs (Ubuntu Trusty) "kio: Information Leak when accessing https when using a malicious PAC file" [Undecided,New] https://launchpad.net/bugs/1668871 16:32 Thank you for your assistance in keeping Ubuntu users secure! :) 16:32 [TOPIC] Weekly stand-up report 16:32 jdstrand: you're up 16:35 * mdeslaur poked jdstrand with sharp stick 16:35 meh, I'll go 16:35 I'm in the happy place this week 16:35 thanks 16:35 I'm currently working on an embargoed issue 16:36 and I have imagemagick updates to test and release 16:36 if I have time left over, I need to do the gigantic apache2 backport 16:36 that's about it 16:36 sbeattie: tag 16:36 I'm on community this week 16:37 I have one embargoed issue partially on my plate and may have a second, pending discussion 16:37 sorry, hard crash due to intel driver issue 16:37 jdstrand: bummer - you can go next after Steve 16:37 I'm also working on glibc updates 16:38 after that I'll look at the list of updates needed 16:38 that's pretty much it for me. jdstrand? 16:38 short week (off thursday, back friday, off next week) 16:38 last week I did a bunch of reviews, did some simple policy updates and continued on netlink mediation as part of seccomp arg filtering (phase 1 PR is up for review). Note that all seccomp arg filtering branches are blocked on a PR for something called snap-confine reexec. I'm just allowing them to queue up and following up with the snappy team on that PR 16:38 This week I plan to: 16:38 review tools updates for recent issues 16:38 PR and store reviews 16:38 more policy updates, especially surrounding mir on dragonboard (some issues were reported on this that I need to look into) 16:38 continue with seccomp arg filtering (eg, continue 'users and groups' PR and phase 2 netlink mediation) as have time 16:38 that's it for me 16:40 I'm on bug triage this week 16:41 Jamie and I (mostly Jamie) came up with a good design for a technical blocker of the seccomp patches 16:41 I need to propose that to upstream and start working on a new patch to implement the feature 16:41 I still have a design review to do 16:41 and I have 1-2 embargoed issues 16:41 that's it for me 16:41 jjohansen: you're up 16:43 he may not be around 16:43 sarnold: go ahead 16:43 I'm on cve triage this week 16:43 I'd very much like to finish up the shadow usn and lasso mir 16:44 and probably some patch reviwes 16:44 that's it for me, chrisccoulson? 16:44 I've got a firefox update to do this week 16:45 I also need to get thunderbird ready 16:45 I made a start revewing one of the big oxide merge proposals last week, and I need to finish that 16:46 Also, I need to get cargo bootstrapped everywhere, but that's slightly more difficult than I anticipated 16:46 other than that, I'll be working on oxide stuff as usual 16:46 that's me done 16:47 I'm in the happy place this week 16:47 I'll be looking at the notification task some more 16:47 I have a variety of internal tasks (sizings, etc) to do 16:48 If I have additional time, I'll continue working on updates for vivid based core and touch 16:48 back to you tyhicks 16:48 thanks! 16:48 [TOPIC] Highlighted packages 16:48 The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 16:48 See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 16:48 See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 16:49 oops 16:49 See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 16:49 wut 16:49 http://people.canonical.com/~ubuntu-security/cve/pkg/midgard2-core.html 16:49 http://people.canonical.com/~ubuntu-security/cve/pkg/libquicktime.html 16:49 http://people.canonical.com/~ubuntu-security/cve/pkg/steam.html 16:49 http://people.canonical.com/~ubuntu-security/cve/pkg/gpw.html 16:49 http://people.canonical.com/~ubuntu-security/cve/pkg/revelation.html 16:49 [TOPIC] Miscellaneous and Questions 16:49 Does anyone have any other questions or items to discuss? 16:51 jdstrand, mdeslaur, sbeattie, jjohansen, sarnold, ChrisCoulson, ratliff: Thanks! 16:51 #endmeeting