== Meeting information == * #ubuntu-meeting Meeting, 12 Jun at 16:36 — 16:57 UTC * Full logs at [[http://ubottu.com/meetingology/logs/ubuntu-meeting/2017/ubuntu-meeting.2017-06-12-16.36.log.html]] == Meeting summary == ''LINK:'' https://wiki.ubuntu.com/SecurityTeam/Meeting === Announcements === The discussion about "Announcements" started at 16:36. === Weekly stand-up report === The discussion about "Weekly stand-up report" started at 16:38. === Highlighted packages === The discussion about "Highlighted packages" started at 16:53. * ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/transifex-client.html * ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/node-moment.html === Miscellaneous and Questions === The discussion about "Miscellaneous and Questions" started at 16:53. * ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/insighttoolkit4.html * ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/gradle.html * ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/node-qs.html == Vote results == == Done items == * (none) == People present (lines said) == * tyhicks (37) * jdstrand (22) * mdeslaur (8) * ratliff (8) * sbeattie (7) * jjohansen (7) * sarnold (5) * chrisccoulson (5) * leosilva (4) * ubottu (3) * meetingology (3) == Full Log == 16:36 #startmeeting 16:36 Meeting started Mon Jun 12 16:36:38 2017 UTC. The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:36 16:36 Available commands: action commands idea info link nick 16:36 The meeting agenda can be found at: 16:36 [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:36 [TOPIC] Announcements 16:36 Balint Reczey (rbalint) provided debdiffs for xenial-zesty for kodi (LP: #1694249) 16:36 Launchpad bug 1694249 in kodi (Ubuntu) "CVE-2017-8314: malicious subtitle zip files vulnerability" [Undecided,Fix released] https://launchpad.net/bugs/1694249 16:37 Balint Reczey (rbalint) provided debdiffs for trusty-zesty for wireshark (LP: #1397091) 16:37 Launchpad bug 1397091 in wireshark (Ubuntu) "[Security] Update Wireshark in Precise, Trusty, and Utopic to include relevant security patches." [High,Confirmed] https://launchpad.net/bugs/1397091 16:37 Gianfranco Costamagna (LocutusOfBorg) provided debdiffs for trusty-zesty for ettercap (LP: #1695722) 16:37 Launchpad bug 1695722 in ettercap (Ubuntu) "ettercap security vulnerabilities" [Undecided,Fix released] https://launchpad.net/bugs/1695722 16:37 Thank you for your assistance in keeping Ubuntu users secure! :) 16:37 The Ubuntu Security Team is excited to announce that leosilva has joined the team! 16:37 welcome leosilva! :) 16:37 o/ Hello there! 16:37 woot! welcome leosilva! 16:38 :-) welcome! 16:38 leosilva: we've very happy to have you :) 16:38 [TOPIC] Weekly stand-up report 16:38 \o 16:38 jdstrand: you're up 16:38 tks ppl, hope to keep the high standars on our team :) 16:39 I was out last Monday so giving two weeks status. I worked with the snappy team quite a bit on: 16:39 - 2.25 revert issues surrounding racy profile generation 16:39 - workarounds for gadget snap not influencing interface auto-connections 16:39 - various snappy PR reviews 16:39 I also worked on: 16:39 - lots of store reviews and forum requests for store actions 16:39 - greengrass-support interface (lots of investigations, apparmor namespaces/stacking documentation, various upstream apparmor discussions/bug reports, implement the interface 16:39 - updating click-apparmor and apparmor-easyprof-ubuntu projects to reflect new support status (ie, same as unity8). sync with others 16:39 - planning security team's snappy work for this cycle with ratliff and tyhicks 16:40 This week I plan to work on 16:40 - various PR reviews for fixing racy profile generation (at least bpf caching 16:40 and system-key PRs) 16:40 - respond to greengrass-support feedback and/or iterate on the policy if receive functional devmode snap 16:40 - password-manager-service PR 16:40 - file various overlay/apparmor bugs as a result of my investigation 16:40 As have time: 16:40 - finish snappy-debug changes for journald/lack of syslog 16:40 - miscellaneous policy updates 16:40 that's it from me 16:40 guess it's my turn 16:40 ah yes 16:40 I'm on community this week 16:40 mdeslaur: you're up :) 16:41 I just published some irssi updates 16:41 and am working on gnutls and libiberty updates 16:41 If I have time, I'll pick something else off the list 16:41 that's about it. 16:41 sbeattie: you're up 16:41 I'm on bug triage this week 16:42 I have an embargoed issue 16:42 I need to pick back up the sudo update I was also working on 16:43 I have some UCT tracking stuff to do, with the kernel team adding a few new kernels. 16:43 That's probably it for me. 16:43 tyhicks: over to you 16:43 I'm on cve triage this week 16:44 I've got two remaining ecryptfs patches to review (1 kernel, 1 userspace) 16:44 then I expect to make some progress on fscrypto evaluation for home dir encryption 16:44 I also want to sync up with kees and finalize one last design detail for the seccomp logging changes 16:45 that's it for me 16:45 jjohansen: you're up 16:45 I need to catch up on upstream review, Casey has posted a new revision of his stacking patches, their is the review for Tetsuo I need to do as well 16:46 I need to poke at some bugs that I left to languish that last couple of weeks 1696552, 1696552, 1696547, 1696544, 1676565, ... 16:46 There might be a few more LSS duties to do. And I need to register, and book travel 16:46 I need to do some updating of Fate and on suse to support the snappy request 16:46 And maybe, just maybe get back to the next round of patches for upstream 16:47 I think that is it for me sarnold you back yet? 16:48 I guess not tyhicks back to you 16:48 chrisccoulson: go ahea 16:49 ahead 16:49 heh 16:49 I've got a firefox update to publish (and test again as well, as it was respun at the end of last week) 16:49 Hopefully Chromium as well - the build I tested last week has a couple of serious bugs, so hoping for a new one this week 16:50 Other than that, a couple of embargoed issues 16:50 that's me done 16:50 sarnold: are you back? if so, you go next 16:51 I'm back, drink in hand! :) 16:51 I'm in the happy place this week; finishing off xdelta3 mir today, I figured I'd re-start gdm3 mir this afternoon 16:51 and apparmor patch reviews if those would be useful to jj 16:51 that's it for me, ratliff? 16:52 I'm in the happy place this week. 16:52 my internally focused work is tapering off for the moment 16:52 that should give me some time to work on Ubuntu Core 15 updates and reports 16:52 that's it for me 16:53 back to you, tyhicks 16:53 thanks 16:53 [TOPIC] Highlighted packages 16:53 The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 16:53 See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 16:53 http://people.canonical.com/~ubuntu-security/cve/pkg/transifex-client.html 16:53 http://people.canonical.com/~ubuntu-security/cve/pkg/node-moment.html 16:53 [TOPIC] Miscellaneous and Questions 16:53 http://people.canonical.com/~ubuntu-security/cve/pkg/insighttoolkit4.html 16:54 http://people.canonical.com/~ubuntu-security/cve/pkg/gradle.html 16:54 http://people.canonical.com/~ubuntu-security/cve/pkg/node-qs.html 16:54 Does anyone have any other questions or items to discuss? 16:54 leosilva: starting next week, you'd mention what you're working on after ratliff states her work 16:55 ok! 16:55 we all know that you'll be busy setting up your work machine and the proper build/test environment this week :) 16:56 and fixing the documentation as you go :D 16:56 tyhicks: yep, but feel free to send me anything I should to read , pleaseeeee 16:56 will do! 16:57 leosilva: don't hesitate to ask for help if you hit problems in the documentation (as sarnold alluded to) 16:57 jdstrand, mdeslaur, sbeattie, jjohansen, sarnold, ChrisCoulson, ratliff, leosilva: Thanks! 16:57 thank you, tyhicks! 16:57 #endmeeting Generated by MeetBot 0.1.5 (http://wiki.ubuntu.com/meetingology)