== Meeting information == * #ubuntu-meeting Meeting, 14 Aug at 16:30 — 16:50 UTC * Full logs at [[http://ubottu.com/meetingology/logs/ubuntu-meeting/2017/ubuntu-meeting.2017-08-14-16.30.log.html]] == Meeting summary == ''LINK:'' https://wiki.ubuntu.com/SecurityTeam/Meeting === Announcements === The discussion about "Announcements" started at 16:30. === Weekly stand-up report === The discussion about "Weekly stand-up report" started at 16:30. === Highlighted packages === The discussion about "Highlighted packages" started at 16:46. * ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/jython.html * ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/libcsoap.html === Miscellaneous and Questions === The discussion about "Miscellaneous and Questions" started at 16:46. * ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/webfs.html * ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/prewikka.html * ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/slim.html == Vote results == == Done items == * (none) == People present (lines said) == * tyhicks (34) * jdstrand (10) * ratliff (8) * sbeattie (6) * mdeslaur (6) * tsimonq2 (6) * leosilva (5) * chrisccoulson (4) * jjohansen (4) * sarnold (3) * meetingology (3) * meetingology` (2) * ubottu (2) == Full Log == 16:30 #startmeeting 16:30 Meeting started Mon Aug 14 16:30:24 2017 UTC. The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:30 16:30 Available commands: action commands idea info link nick 16:30 Meeting started Mon Aug 14 16:30:24 2017 UTC. The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:30 Available commands: action commands idea info link nick 16:30 The meeting agenda can be found at: 16:30 [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:30 [TOPIC] Announcements 16:30 Simon Quigley (tsimonq2) provided debdiffs for trusty-zesty for vlc (LP: #1709420) 16:30 Launchpad bug 1709420 in vlc (Ubuntu) "[CVE] flac: Fix heap write overflow on frame format change" [Medium,Fix released] https://launchpad.net/bugs/1709420 16:30 Simon Quigley (tsimonq2) provided debdiffs for trusty-zesty for menu-cache (LP: #1703564) 16:30 Launchpad bug 1703564 in menu-cache (Ubuntu Zesty) "[CVE] Socket may be blocked by another user" [Medium,Fix released] https://launchpad.net/bugs/1703564 16:30 Thank you for your assistance in keeping Ubuntu users secure! :) 16:30 [TOPIC] Weekly stand-up report 16:30 jdstrand: you're up 16:31 :D 16:31 Last week's work is now being captured in the https://wiki.ubuntu.com/SecurityTeam/WeeklyReports so I'll typically not report on that here any more. 16:31 This week I plan to focus on: 16:31 - finishing my part of the wayland work. This is close to done and the wayland interface is already committed to master, but I'd like to add a spread test, finish my sway investigation, incorporate some snappy xdg-open changes and verify the new wayland-cursor in artful 16:31 - finish desktop and accessibility PRs (respond to feedback, finalize services to expose, etc) 16:31 - when investigating wayland-cursor for snapd, update apparmor to fix evince crash on startup in 17.10 16:31 - be responsive to snappy PRs (in particular, Solus distro support, 'Using udev tagging for snap interfaces' and related refactoring PRs, portals PR if it comes in, layouts PRs, race-free profile generation next steps, dbus session services, etc) 16:31 - add an execstack check (with advice on how to fix) to the review tools (this has come up 3 times in the last month) 16:31 - try to push forward the open questions regarding snappy users/groups (including privilege dropping) with nie meyer as have time 16:31 - add systemd-notify interface as have time (request from Chipaca) 16:31 that's it from me. mdeslaur, you're up 16:31 I'm on bug triage this week 16:31 and I'm currently working on postgresql updates 16:32 I have a couple of updates in the ppa that I've been putting off testing for a while, I should probably get to them 16:32 after that, I'll go down the list, as usual 16:32 that's about it 16:32 sbeattie: you're up 16:34 I'll hop in and we'll come back to sbeattie 16:35 now that the seccomp kernel patches look like they're on the path to landing, I will finish my libseccomp patch set and submit the PR 16:35 still need to get to review pam_fscrypt 16:36 upload fscrypt to the archive once the 32 bit architecture FTBFS issue is sorted out upstream 16:36 that's probably all I'm goign to get to this week as I have a short week (off Thurs and Fri) 16:36 jjohansen: you're up 16:37 * sbeattie can jump in 16:37 go ahea 16:37 I'm on cve triage this week 16:38 I'll likely have an openjdk-7 update from td aitx to test and publish 16:38 I'll pick up more updates from the list 16:38 I also have some backlogged apparmor and qrt stuff to look at. 16:39 that's it for me. 16:39 jjohansen: go ahead if you're around 16:39 I am working on upstreaming apparmor, I have a few more minor patches/cleanups to finish before sending out the next pull request 16:39 and then I need to get back to finishing up the typesplitting work 16:40 I suppose I also need to finish booking my travel for the ralley and uh need to give some feedback to Casey on the LSM stacking patches 16:40 that is it for me sarnold you're up 16:41 I'm in the happy place this week; I'll be reviewing apparmor patches if john wants it, working on MIRs (pcp at the moment), and booking travel 16:41 that's it for me, ratliff? 16:41 I'm here 16:41 go ahead chrisccoulson 16:42 Short week for me - I'm off on holiday at the end of the week. I need to get Firefox 55.0.1 published (later today), and then I'll be spending time on the rust 1.19 updates 16:42 although it looks like I'll be doing another firefox update 16:42 that's me done 16:43 I'm in the happy place this week 16:44 I made good progress on kpis last week. I have a few more charts to create with the data that we already have on hand. 16:44 Then I need to document everything and check the scripts into UCT. After that, we need a couple more kpis but will be blocked awaiting access to data. 16:45 so kpis will be my main focus again this week 16:45 leosilva: you are up 16:45 This week I'm community 16:45 I want to finish libgd2 *stucking in tests on zesty* 16:46 Also want to pick more pkgs to up in the list. 16:46 that is for me. 16:46 tyhicks: it's up to you 16:46 thanks 16:46 [TOPIC] Highlighted packages 16:46 The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 16:46 See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 16:46 http://people.canonical.com/~ubuntu-security/cve/pkg/jython.html 16:46 http://people.canonical.com/~ubuntu-security/cve/pkg/libcsoap.html 16:46 [TOPIC] Miscellaneous and Questions 16:47 http://people.canonical.com/~ubuntu-security/cve/pkg/webfs.html 16:47 http://people.canonical.com/~ubuntu-security/cve/pkg/prewikka.html 16:47 http://people.canonical.com/~ubuntu-security/cve/pkg/slim.html 16:47 Does anyone have any other questions or items to discuss? 16:47 * tsimonq2 smiles 16:47 tsimonq2: hey - you've got something to discuss? 16:48 tyhicks: Nope, I just really enjoy the previous meeting item :P 16:48 * tsimonq2 hides 16:49 the highlighted packages part? that list is randomly generated without much thought put into it 16:49 involved contributors have a better idea of updates that would be useful 16:49 Thanks for noting that :) 16:50 tyhicks: probably more the part where we thanked him for contributing :-) 16:50 thanks again tsimonq2 :-) 16:50 yes, thank you! :) 16:50 \o/ 16:50 You're welcome :) 16:50 jdstrand, mdeslaur, sbeattie, jjohansen, sarnold, ChrisCoulson, ratliff, leosilva: Thanks! 16:50 #endmeeting Generated by MeetBot 0.1.5 (http://wiki.ubuntu.com/meetingology)