16:43 <tyhicks> #startmeeting
16:43 <meetingology> Meeting started Mon Jan 22 16:43:28 2018 UTC.  The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
16:43 <meetingology> 
16:43 <meetingology> Available commands: action commands idea info link nick
16:43 <tyhicks> The meeting agenda can be found at:
16:43 <tyhicks> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
16:43 <tyhicks> [TOPIC] Announcements
16:43 <tyhicks> Otto Kekäläinen provided debdiffs for mariadb-5.5, mariadb-10.0, and mariadb-10.1 (LP: #1740608) (LP: #740768)
16:43 <ubottu> Launchpad bug 1740608 in mariadb-5.5 (Ubuntu) "USN-3459-1: partially applies to MariaDB too" [Medium,Fix released] https://launchpad.net/bugs/1740608
16:43 <ubottu> Launchpad bug 740768 in Datum soerepro "soerepro: cultural practices extraction, Fatal error: Method CForm::__toString() must not throw an exception" [Critical,Fix released] https://launchpad.net/bugs/740768
16:44 <tyhicks> that's not the right bug
16:44 <tyhicks> I dropped a digit
16:44 <tyhicks> (LP: #1740768)
16:44 <ubottu> Launchpad bug 1740768 in mariadb-10.1 (Ubuntu) "CVE-2017-15365: Replication in sql/event_data_objects.cc occurs before ACL checks" [Undecided,Fix released] https://launchpad.net/bugs/1740768
16:44 <mdeslaur> \o
16:45 <tyhicks> Ray Link (rlink) provided a debdiff for xenial for xmltooling (LP: #1743762)
16:45 <ubottu> Launchpad bug 1743762 in xmltooling (Ubuntu Bionic) "Security bug in XMLTooling-C before 1.6.3 [CVE-2018-0486]" [Undecided,Triaged] https://launchpad.net/bugs/1743762
16:45 <tyhicks> Thank you for your assistance in keeping Ubuntu users secure! :)
16:45 <tyhicks> [TOPIC] Weekly stand-up report
16:45 <tyhicks> jdstrand: you're up
16:46 <jdstrand> hi
16:46 <jdstrand> Last week I attended the product sprint so this week I will be playing catch-up and working through sprint outcomes. In addition to that, I plan to focus on:
16:46 <jdstrand> * snappy PR reviews, esp wrt the layouts feature, portals and the x11 interface slot policy
16:46 <jdstrand> * look at an lxd snap regression wrt to 'partial apparmor confinement' feature
16:46 <jdstrand> * prepare a demo with tyhicks wrt lsm stacking
16:46 <jdstrand> * review tools updates as have time
16:46 <jdstrand> * create screecast interface as have time
16:46 <jdstrand> * strict mode snaps on livecd as have time
16:46 <jdstrand> that's it from me. mdeslaur, you're up
16:47 <mdeslaur> I'm on triage this week
16:47 <mdeslaur> and I'm in the process of publishing a few usns
16:47 <mdeslaur> I need to take a look at the state of qemu patches
16:47 <mdeslaur> and will either work on that this week, or something else depending on priority
16:47 <mdeslaur> that's about it for me, sbeattie?
16:48 <sbeattie> I'm in the happy place this week
16:48 <sbeattie> I'm working on backporting the gcc retpoline patchset back to trusty + precise-esm, after having respun them.
16:49 <sbeattie> (those are x86 only)
16:49 <sbeattie> I'm also trying to track down chat toolchain changes are needed for other arches.
16:50 <sbeattie> There'll be some kernel USNs to publish as the first attempt at spectre mitigations lands.
16:50 <sbeattie> (and the usual kernel cve triage)
16:50 <sbeattie> There's also likely openjdk packages coming down the pike.
16:50 <sbeattie> That's it for me.
16:50 <sbeattie> tyhicks: you're up.
16:51 <tyhicks> sbeattie: that sounds like a lot going on at once so pull me in when needed
16:51 <tyhicks> I have sprint followups
16:51 <tyhicks> need to transcribe my notes
16:51 <tyhicks> (from the sprint)
16:51 <tyhicks> working on an LSM stacking demo
16:52 <tyhicks> meltdown and spectre coordination will continue to take quite a bit of my time
16:52 <tyhicks> that's probably enough for this week
16:52 <tyhicks> jjohansen: you're up
16:53 <jdstrand> oh I forgot to mention the chrony upload
16:53 <jdstrand> I plan to upload chrony with an apparmor profile
16:53 <jjohansen> I am working on updating our stacking patches against the latest revision of the LSM stacking patches
16:54 <jjohansen> once I get that done it will be back to looking at the mount patches
16:54 <jjohansen> and fosdem prep
16:54 <jjohansen> and of course working on the 4.16 pull request
16:55 <jjohansen> that is it for me, sarnold you are up
16:55 <tyhicks> jjohansen: the mount patches are for the 4.16 pull request, right?
16:56 <jjohansen> tyhicks: I know David would like to get them in, whether they are actually going 4.16 I am unsure
16:56 <tyhicks> oh, that's for David
16:56 <jjohansen> yeah, the whole mount system rework
16:56 <tyhicks> right
16:57 <tyhicks> I forgot about that
16:58 <jjohansen> atm I am working with it as if they are going to be part of a 4.16 pull request, and will be happy if they aren't
16:58 <tyhicks> ack, thanks
16:58 <tyhicks> sarnold: go ahead
16:58 <sarnold> I'm on community this week; I'm starting the libsdl2 MIR
16:59 <sarnold> at least I think that's the one to start; ratliff said a few weeks ago that it'd be next in the queue, but now I see that cpae lzer intends to switch qemu to use the new sdl in 18.10 ..
16:59 <sarnold> which makes me curious what the plan ought to be
17:00 <sarnold> there's nothing too wrong with doing a mir 'earlier' than it's needed of course but it'd probably be nice to have just one sdl in 18.04 main
17:00 <tyhicks> sarnold: lets sync with cpae lzer after this meeting and get his opinion on that vs chrony vs something else
17:00 <sarnold> tyhicks: okay, makes sense
17:00 <sarnold> chrisccoulson, you're up :)
17:00 <chrisccoulson> I've got firefox updates this week, and a chromium update to test and publish
17:01 <chrisccoulson> I also need to start the first rust update of 2018. Hoping it will be an easy one
17:02 <chrisccoulson> I did finally start on the changes to the apparmor audit logging last week, so I intend to carry on with that this week
17:03 <tyhicks> oh, nice
17:03 <chrisccoulson> and I can step in if sbeattie wants any help with openjdk updates too
17:03 <chrisccoulson> that's me done
17:04 <tyhicks> leosilva: you're up
17:04 <leosilva> I'm in bug triage this week
17:04 <leosilva> I have a gimp USN to push and rsync too.
17:04 <leosilva> Also have a libvirt updates to re-test and figure out what is happening in precise version.
17:05 <leosilva> besided that I'll push mysql to my update stack and keepg looking for others pkgs.
17:05 <leosilva> That's all from me.
17:05 <leosilva> tyhicks: you are back.
17:05 <tyhicks> thanks!
17:05 <tyhicks> [TOPIC] Highlighted packages
17:05 <tyhicks> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
17:05 <tyhicks> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
17:05 <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/nip2.html
17:05 <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/simple-xml.html
17:05 <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/pjproject.html
17:05 <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/open-iscsi.html
17:05 <tyhicks> Does anyone have any other questions or items to discuss?
17:06 <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/python-tablib.html
17:06 <tyhicks> [TOPIC] Miscellaneous and Questions
17:09 <tyhicks> jdstrand, mdeslaur, sbeattie, jjohansen, sarnold, ChrisCoulson, leosilva: Thanks!
17:09 <tyhicks> #endmeeting