16:36 <tyhicks> #startmeeting
16:36 <meetingology> Meeting started Mon Jun 12 16:36:38 2017 UTC.  The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
16:36 <meetingology> 
16:36 <meetingology> Available commands: action commands idea info link nick
16:36 <tyhicks> The meeting agenda can be found at:
16:36 <tyhicks> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
16:36 <tyhicks> [TOPIC] Announcements
16:36 <tyhicks> Balint Reczey (rbalint) provided debdiffs for xenial-zesty for kodi (LP: #1694249)
16:36 <ubottu> Launchpad bug 1694249 in kodi (Ubuntu) "CVE-2017-8314: malicious subtitle zip files vulnerability" [Undecided,Fix released] https://launchpad.net/bugs/1694249
16:37 <tyhicks> Balint Reczey (rbalint) provided debdiffs for trusty-zesty for wireshark (LP: #1397091)
16:37 <ubottu> Launchpad bug 1397091 in wireshark (Ubuntu) "[Security] Update Wireshark in Precise, Trusty, and Utopic to include relevant security patches." [High,Confirmed] https://launchpad.net/bugs/1397091
16:37 <tyhicks> Gianfranco Costamagna (LocutusOfBorg) provided debdiffs for trusty-zesty for ettercap (LP: #1695722)
16:37 <ubottu> Launchpad bug 1695722 in ettercap (Ubuntu) "ettercap security vulnerabilities" [Undecided,Fix released] https://launchpad.net/bugs/1695722
16:37 <tyhicks> Thank you for your assistance in keeping Ubuntu users secure! :)
16:37 <tyhicks> The Ubuntu Security Team is excited to announce that leosilva has joined the team!
16:37 <jdstrand> welcome leosilva! :)
16:37 <leosilva> o/ Hello there!
16:37 <sbeattie> woot! welcome leosilva!
16:38 <ratliff> :-) welcome!
16:38 <tyhicks> leosilva: we've very happy to have you :)
16:38 <tyhicks> [TOPIC] Weekly stand-up report
16:38 <mdeslaur> \o
16:38 <tyhicks> jdstrand: you're up
16:38 <leosilva> tks ppl, hope to keep the high standars on our team :)
16:39 <jdstrand> I was out last Monday so giving two weeks status. I worked with the snappy team quite a bit on:
16:39 <jdstrand> - 2.25 revert issues surrounding racy profile generation
16:39 <jdstrand> - workarounds for gadget snap not influencing interface auto-connections
16:39 <jdstrand> - various snappy PR reviews
16:39 <jdstrand> I also worked on:
16:39 <jdstrand> - lots of store reviews and forum requests for store actions
16:39 <jdstrand> - greengrass-support interface (lots of investigations, apparmor namespaces/stacking documentation, various upstream apparmor discussions/bug reports, implement the interface
16:39 <jdstrand> - updating click-apparmor and apparmor-easyprof-ubuntu projects to reflect new support status (ie, same as unity8). sync with others
16:39 <jdstrand> - planning security team's snappy work for this cycle with ratliff and tyhicks
16:40 <jdstrand> This week I plan to work on
16:40 <jdstrand> - various PR reviews for fixing racy profile generation (at least bpf caching
16:40 <jdstrand> and system-key PRs)
16:40 <jdstrand> - respond to greengrass-support feedback and/or iterate on the policy if receive functional devmode snap
16:40 <jdstrand> - password-manager-service PR
16:40 <jdstrand> - file various overlay/apparmor bugs as a result of my investigation
16:40 <jdstrand> As have time:
16:40 <jdstrand> - finish snappy-debug changes for journald/lack of syslog
16:40 <jdstrand> - miscellaneous policy updates
16:40 <jdstrand> that's it from me
16:40 <mdeslaur> guess it's my turn
16:40 <jdstrand> ah yes
16:40 <mdeslaur> I'm on community this week
16:40 <jdstrand> mdeslaur: you're up :)
16:41 <mdeslaur> I just published some irssi updates
16:41 <mdeslaur> and am working on gnutls and libiberty updates
16:41 <mdeslaur> If I have time, I'll pick something else off the list
16:41 <mdeslaur> that's about it.
16:41 <mdeslaur> sbeattie: you're up
16:41 <sbeattie> I'm on bug triage this week
16:42 <sbeattie> I have an embargoed issue
16:42 <sbeattie> I need to pick back up the sudo update I was also working on
16:43 <sbeattie> I have some UCT tracking stuff to do, with the kernel team adding a few new kernels.
16:43 <sbeattie> That's probably it for me.
16:43 <sbeattie> tyhicks: over to you
16:43 <tyhicks> I'm on cve triage this week
16:44 <tyhicks> I've got two remaining ecryptfs patches to review (1 kernel, 1 userspace)
16:44 <tyhicks> then I expect to make some progress on fscrypto evaluation for home dir encryption
16:44 <tyhicks> I also want to sync up with kees and finalize one last design detail for the seccomp logging changes
16:45 <tyhicks> that's it for me
16:45 <tyhicks> jjohansen: you're up
16:45 <jjohansen> I need to catch up on upstream review, Casey has posted a new revision of his stacking patches, their is the review for Tetsuo I need to do as well
16:46 <jjohansen> I need to poke at some bugs that I left to languish that last couple of weeks 1696552, 1696552, 1696547, 1696544, 1676565, ...
16:46 <jjohansen> There might be a few more LSS duties to do. And I need to register, and book travel
16:46 <jjohansen> I need to do some updating of Fate and on suse to support the snappy request
16:46 <jjohansen> And maybe, just maybe get back to the next round of patches for upstream
16:47 <jjohansen> I think that is it for me sarnold you back yet?
16:48 <jjohansen> I guess not tyhicks back to you
16:48 <tyhicks> chrisccoulson: go ahea
16:49 <tyhicks> ahead
16:49 <chrisccoulson> heh
16:49 <chrisccoulson> I've got a firefox update to publish (and test again as well, as it was respun at the end of last week)
16:49 <chrisccoulson> Hopefully Chromium as well - the build I tested last week has a couple of serious bugs, so hoping for a new one this week
16:50 <chrisccoulson> Other than that, a couple of embargoed issues
16:50 <chrisccoulson> that's me done
16:50 <ratliff> sarnold: are you back? if so, you go next
16:51 <sarnold> I'm back, drink in hand! :)
16:51 <sarnold> I'm in the happy place this week; finishing off xdelta3 mir today, I figured I'd re-start gdm3 mir this afternoon
16:51 <sarnold> and apparmor patch reviews if those would be useful to jj
16:51 <sarnold> that's it for me, ratliff?
16:52 <ratliff> I'm in the happy place this week.
16:52 <ratliff> my internally focused work is tapering off for the moment
16:52 <ratliff> that should give me some time to work on Ubuntu Core 15 updates and reports
16:52 <ratliff> that's it for me
16:53 <ratliff> back to you, tyhicks
16:53 <tyhicks> thanks
16:53 <tyhicks> [TOPIC] Highlighted packages
16:53 <tyhicks> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
16:53 <tyhicks> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
16:53 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/transifex-client.html
16:53 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/node-moment.html
16:53 <tyhicks> [TOPIC] Miscellaneous and Questions
16:53 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/insighttoolkit4.html
16:54 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/gradle.html
16:54 <tyhicks> http://people.canonical.com/~ubuntu-security/cve/pkg/node-qs.html
16:54 <tyhicks> Does anyone have any other questions or items to discuss?
16:54 <tyhicks> leosilva: starting next week, you'd mention what you're working on after ratliff states her work
16:55 <leosilva> ok!
16:55 <tyhicks> we all know that you'll be busy setting up your work machine and the proper build/test environment this week :)
16:56 <sarnold> and fixing the documentation as you go :D
16:56 <leosilva> tyhicks: yep, but feel free to send me anything I should to read , pleaseeeee
16:56 <tyhicks> will do!
16:57 <tyhicks> leosilva: don't hesitate to ask for help if you hit problems in the documentation (as sarnold alluded to)
16:57 <tyhicks> jdstrand, mdeslaur, sbeattie, jjohansen, sarnold, ChrisCoulson, ratliff, leosilva: Thanks!
16:57 <ratliff> thank you, tyhicks!
16:57 <tyhicks> #endmeeting