16:31 #startmeeting 16:31 Meeting started Mon Nov 27 16:31:45 2017 UTC. The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:31 16:31 Available commands: action commands idea info link nick 16:31 The meeting agenda can be found at: 16:31 [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:31 [TOPIC] Announcements 16:32 \o 16:32 Simon Quigley (tsimonq2) provided debdiffs for trusty-artful for konversation (LP: #1731797) 16:32 Launchpad bug 1731797 in Kubuntu PPA "[CVE] Crash in IRC message parsing" [High,In progress] https://launchpad.net/bugs/1731797 16:32 Thank you for your assistance in keeping Ubuntu users secure! :) 16:32 [TOPIC] Weekly stand-up report 16:32 jdstrand: you're up 16:34 mdeslaur: go ahead 16:34 I'm in the happy place this week 16:35 I have three updates I'm about to release, including the remote code execution issue found in exim this weekend 16:35 we have exim compiled with PIE, so I don't think we have code execution 16:35 but updates are ready anyway 16:35 after that, I'll pick something up from the list, if leosilva left me any 16:35 that's about it 16:35 sbeattie: you're up 16:35 hehe 16:35 I'm also in the happy place this week 16:36 My primary focus is on CVE notifications for snap owners 16:36 I have an openjdk-7 update from td daitx to test and publish 16:36 I have some upstream apparmor tasks open 16:37 * jdstrand is here (sorry) 16:37 and I have the usual bits of kernel cve triage to watch over. 16:37 that's probably my week. 16:37 jdstrand: you want to jump in? 16:37 jdstrand: go ahead 16:37 yeah 16:37 This week I am focusing on: 16:37 * email catchup from short week last week 16:37 * fix a review tools/store bug 16:37 * snapd PR reviews 16:37 * pickup the ssh/gpg interfaces PR 16:37 * investigate/implement proper fix for hotplugged devices not being added to device cgroup (mir input forum issue) 16:37 * investigate tun/tap intermittent spread failure as have time 16:37 * add kmod spread test as have time 16:37 * uid/gid privilege dropping as have time 16:37 * everything from ssh/gpg and after might change depending on an embargoed issue I might be asked to help with 16:37 that's it from me. back to you tyhicks :) 16:39 I'm on community this week 16:39 I'll be catching up on email from being off all last week 16:40 I have several things that I need to nudge along this week but shouldn't require any real work on my side (snapd seccomp logging PR, libseccomp xenial SRU, audit SRUs, libseccomp-golang upstream PR) 16:41 I plan to focus on reproducable squashfs images 16:41 there are two more ecryptfs kernel fixes that need to go into a 4.15 -rc release so I'll get to them as I have time 16:41 that's it for me 16:41 jj is out 16:41 sarnold: you're up 16:44 I'm on cve triage this week, and getting caught up on whatever I missed while enjoying a nice long weekend 16:44 apparmor patch reviews as I can, and finishing the embargoed review, starting on the next MIR on the list 16:44 that should cover me, chrisccoulson? 16:45 I've got a thunderbird update to do this week (started already), and a firefox publication to finish off 16:46 And then rust and cargo updates. I'm reasonably optimistic this one will go better than the last, and it shouldn't be too difficult 16:46 I also need to figure out how hard it is to backport python versions for the firefox build 16:47 how many weeks before that's needed? 16:47 tyhicks, python or rust? 16:47 chrisccoulson: python' 16:47 tyhicks, march for the actual release 16:48 but anytime now for trunk 16:48 ack, glad you're thinking about it this early 16:48 And then hopefully I'll have some time left to look at other things, finally 16:48 that's me done 16:48 ratliff: your turn 16:49 I'm on bug triage this week 16:49 After that I will continue to be focused on internal tasks. 16:49 on to you leosilva 16:49 I`m the happy place this week 16:49 I also will have a short week (Tuesday is my Friday) 16:50 I have a postgresql-common to work and USN and some python that I'm waiting to push to ppas. 16:50 I also want to hunt some pkg and push in my list of TODO. 16:50 that ` all, tyhicks it is back to you 16:51 thanks 16:51 [TOPIC] Highlighted packages 16:51 The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 16:51 See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 16:51 https://people.canonical.com/~ubuntu-security/cve/pkg/python-rsa.html 16:51 https://people.canonical.com/~ubuntu-security/cve/pkg/percona-xtrabackup.html 16:51 https://people.canonical.com/~ubuntu-security/cve/pkg/libpgf.html 16:51 [TOPIC] Miscellaneous and Questions 16:51 https://people.canonical.com/~ubuntu-security/cve/pkg/python3.7.html 16:51 Does anyone have any other questions or items to discuss? 16:51 https://people.canonical.com/~ubuntu-security/cve/pkg/xine-ui.html 16:53 jdstrand, mdeslaur, sbeattie, sarnold, ChrisCoulson, ratliff, leosilva: Thanks! 16:53 #endmeeting