16:29 <tyhicks> #startmeeting
16:29 <meetingology> Meeting started Mon Apr  3 16:29:57 2017 UTC.  The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
16:29 <meetingology> 
16:29 <meetingology> Available commands: action commands idea info link nick
16:30 <tyhicks> The meeting agenda can be found at:
16:30 <tyhicks> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
16:30 <tyhicks> [TOPIC] Announcements
16:30 <tyhicks> Jeremy Bicha (jbicha) provided debdiffs for xenial and yakkety for epiphany-browser (LP: #1661805)
16:30 <mdeslaur> \o
16:30 <ubottu> Launchpad bug 1661805 in epiphany-browser (Ubuntu Yakkety) "Saved passwords for HTTPS sites can be accessed by HTTP sites" [High,Fix released] https://launchpad.net/bugs/1661805
16:30 <tyhicks> Vishnu Naini (visred) provided the debdiff for xenial for ktnef (LP: #1668552)
16:30 <ubottu> Launchpad bug 1668552 in kdepim (Ubuntu Trusty) "KDE Project Security Advisory: ktnef: Directory Traversal" [Undecided,Incomplete] https://launchpad.net/bugs/1668552
16:30 <tyhicks> Thank you for your assistance in keeping Ubuntu users secure! :)
16:30 <tyhicks> [TOPIC] Weekly stand-up report
16:30 <tyhicks> jdstrand: you're up
16:31 <jdstrand> hey
16:31 <jdstrand> - short week for me
16:31 <jdstrand> - I went through all the store reviews (which lead to unplanned store work) and almost all of the snappy PR reviews last week
16:31 <jdstrand> - this week I need to followup on those and get to the console interface PR, which will require quite a bit of investigation
16:31 <jdstrand> - kubernetes interface is blocked until I get a response from the reporter, so I plan to respond to feedback to my recent unity7 update PR and have one other profiling fix
16:31 <jdstrand> mdeslaur: you're up
16:31 <mdeslaur> I'm on community this week
16:31 <mdeslaur> I'm about to release some nagios3 packages
16:31 <mdeslaur> and I have an embargoed issue
16:31 <mdeslaur> after that, I'll be working on the next round of qemu updates
16:31 <mdeslaur> that's it, sbeattie?
16:32 <sbeattie> I'm on bug triage this week
16:32 <sbeattie> I have an embargoed issue
16:32 <sbeattie> I was off most of last week, so catching up on email/discussions etc.
16:33 <sbeattie> I'll try to pick up another update this week
16:33 <sbeattie> There's also some apparmor and qa-r-t issues I need to poke at.
16:33 <sbeattie> That's probably it for me. tyhicks?
16:34 <tyhicks> sbeattie: are those apparmor/QRT issues new failures?
16:35 <sbeattie> the QRT stuff is semi-new, I'd been letting them slide for a bit.
16:35 <sbeattie> apparmor stuff is commenting on some of the mailing list stuff
16:35 <tyhicks> sbeattie: if it is a new failure (new as of last week) in a test that sets the profile disable symlink, talk to me because I broke that test and forgot to push the fix for a few days
16:35 <tyhicks> ok
16:36 <tyhicks> I'm on cve triage this week
16:36 <tyhicks> I have an embargoed issue
16:36 <tyhicks> I am prepping for 12.04 ESM
16:37 <tyhicks> hope to have seccomp patches to send back upstream this week
16:37 <tyhicks> someone has been extremely active in upstream ecryptfs bug triage and has even prepared a few merge requests - I really need to spend some time on that this week as well
16:38 <tyhicks> that's it for me
16:38 <tyhicks> jjohansen: you're up
16:38 <jjohansen> I have some catching up to do from being off last week
16:39 <jjohansen> and then I need to finish up with the mess from the apparmor patch reverts. The kt has pulled most of the patches back in for the next SRU cycle but I have 5 patches to go through
16:40 <jjohansen> valid, or fix and in the case of one make sure the snappy collision has worked its way out before I resubmit it
16:41 <jjohansen> I need to take stock of the dconf/gsettings patches
16:41 <jjohansen> which I managed to completely avoid last week
16:41 <jjohansen> I have upstreaming work todo
16:41 <tyhicks> trying to slip in another upstream pull request for 4.12 is a higher prio than dconf/gsettings since it is slipping to z+1
16:42 <jjohansen> ack
16:43 <jjohansen> and discuss with tyhicks potential solutions to the dominance x rule issue we have in zesty
16:43 <jjohansen> that is it for me, sarnold you are up
16:43 <sarnold> i'm in the happy place this week
16:44 <sarnold> finishing the shadow update and the lasso mir
16:44 <sarnold> istr an outstanding patch or two from apparmor left over from last week that I may get to unless someone beats me
16:44 <sarnold> then walking down the mir list
16:44 <sarnold> that's it for me, no chris coulson on tab complete?
16:45 <ratliff> he's on holiday
16:45 <sarnold> so perhaps on to ratliff?
16:45 <sarnold> good for him :)
16:45 <ratliff> I'm in the happy place this week.
16:45 <ratliff> I have a number of internal tasks to complete as my first priority.
16:45 <ratliff> Then I will investigate adding an option to query by CRD date to ubuntu-table.
16:46 <ratliff> I should have time to do at least one update for vivid based touch/core - that is my goal.
16:46 <ratliff> back to you, tyhicks
16:46 <tyhicks> thanks
16:46 <tyhicks> [TOPIC] Highlighted packages
16:47 <tyhicks> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
16:47 <tyhicks> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
16:47 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/linkchecker.html
16:47 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/pywbem.html
16:47 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/inspircd.html
16:47 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/t-coffee.html
16:47 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/runc.html
16:47 <tyhicks> [TOPIC] Miscellaneous and Questions
16:47 <tyhicks> Does anyone have any other questions or items to discuss?
16:50 <tyhicks> hmm... I think those runc CVEs are possibly already fixed
16:50 <tyhicks> I'll check later
16:50 <tyhicks> jdstrand, mdeslaur, sbeattie, jjohansen, sarnold, ratliff: Thanks!
16:50 <tyhicks> #endmeeting