16:29 #startmeeting 16:29 Meeting started Mon Apr 3 16:29:57 2017 UTC. The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:29 16:29 Available commands: action commands idea info link nick 16:30 The meeting agenda can be found at: 16:30 [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:30 [TOPIC] Announcements 16:30 Jeremy Bicha (jbicha) provided debdiffs for xenial and yakkety for epiphany-browser (LP: #1661805) 16:30 \o 16:30 Launchpad bug 1661805 in epiphany-browser (Ubuntu Yakkety) "Saved passwords for HTTPS sites can be accessed by HTTP sites" [High,Fix released] https://launchpad.net/bugs/1661805 16:30 Vishnu Naini (visred) provided the debdiff for xenial for ktnef (LP: #1668552) 16:30 Launchpad bug 1668552 in kdepim (Ubuntu Trusty) "KDE Project Security Advisory: ktnef: Directory Traversal" [Undecided,Incomplete] https://launchpad.net/bugs/1668552 16:30 Thank you for your assistance in keeping Ubuntu users secure! :) 16:30 [TOPIC] Weekly stand-up report 16:30 jdstrand: you're up 16:31 hey 16:31 - short week for me 16:31 - I went through all the store reviews (which lead to unplanned store work) and almost all of the snappy PR reviews last week 16:31 - this week I need to followup on those and get to the console interface PR, which will require quite a bit of investigation 16:31 - kubernetes interface is blocked until I get a response from the reporter, so I plan to respond to feedback to my recent unity7 update PR and have one other profiling fix 16:31 mdeslaur: you're up 16:31 I'm on community this week 16:31 I'm about to release some nagios3 packages 16:31 and I have an embargoed issue 16:31 after that, I'll be working on the next round of qemu updates 16:31 that's it, sbeattie? 16:32 I'm on bug triage this week 16:32 I have an embargoed issue 16:32 I was off most of last week, so catching up on email/discussions etc. 16:33 I'll try to pick up another update this week 16:33 There's also some apparmor and qa-r-t issues I need to poke at. 16:33 That's probably it for me. tyhicks? 16:34 sbeattie: are those apparmor/QRT issues new failures? 16:35 the QRT stuff is semi-new, I'd been letting them slide for a bit. 16:35 apparmor stuff is commenting on some of the mailing list stuff 16:35 sbeattie: if it is a new failure (new as of last week) in a test that sets the profile disable symlink, talk to me because I broke that test and forgot to push the fix for a few days 16:35 ok 16:36 I'm on cve triage this week 16:36 I have an embargoed issue 16:36 I am prepping for 12.04 ESM 16:37 hope to have seccomp patches to send back upstream this week 16:37 someone has been extremely active in upstream ecryptfs bug triage and has even prepared a few merge requests - I really need to spend some time on that this week as well 16:38 that's it for me 16:38 jjohansen: you're up 16:38 I have some catching up to do from being off last week 16:39 and then I need to finish up with the mess from the apparmor patch reverts. The kt has pulled most of the patches back in for the next SRU cycle but I have 5 patches to go through 16:40 valid, or fix and in the case of one make sure the snappy collision has worked its way out before I resubmit it 16:41 I need to take stock of the dconf/gsettings patches 16:41 which I managed to completely avoid last week 16:41 I have upstreaming work todo 16:41 trying to slip in another upstream pull request for 4.12 is a higher prio than dconf/gsettings since it is slipping to z+1 16:42 ack 16:43 and discuss with tyhicks potential solutions to the dominance x rule issue we have in zesty 16:43 that is it for me, sarnold you are up 16:43 i'm in the happy place this week 16:44 finishing the shadow update and the lasso mir 16:44 istr an outstanding patch or two from apparmor left over from last week that I may get to unless someone beats me 16:44 then walking down the mir list 16:44 that's it for me, no chris coulson on tab complete? 16:45 he's on holiday 16:45 so perhaps on to ratliff? 16:45 good for him :) 16:45 I'm in the happy place this week. 16:45 I have a number of internal tasks to complete as my first priority. 16:45 Then I will investigate adding an option to query by CRD date to ubuntu-table. 16:46 I should have time to do at least one update for vivid based touch/core - that is my goal. 16:46 back to you, tyhicks 16:46 thanks 16:46 [TOPIC] Highlighted packages 16:47 The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 16:47 See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 16:47 http://people.canonical.com/~ubuntu-security/cve/pkg/linkchecker.html 16:47 http://people.canonical.com/~ubuntu-security/cve/pkg/pywbem.html 16:47 http://people.canonical.com/~ubuntu-security/cve/pkg/inspircd.html 16:47 http://people.canonical.com/~ubuntu-security/cve/pkg/t-coffee.html 16:47 http://people.canonical.com/~ubuntu-security/cve/pkg/runc.html 16:47 [TOPIC] Miscellaneous and Questions 16:47 Does anyone have any other questions or items to discuss? 16:50 hmm... I think those runc CVEs are possibly already fixed 16:50 I'll check later 16:50 jdstrand, mdeslaur, sbeattie, jjohansen, sarnold, ratliff: Thanks! 16:50 #endmeeting