15:00:46 <gagehugo> #startmeeting security 15:00:56 <openstack> Meeting started Thu Mar 14 15:00:46 2019 UTC and is due to finish in 60 minutes. The chair is gagehugo. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:00:58 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 15:01:01 <openstack> The meeting name has been set to 'security' 15:01:17 * gagehugo dislikes DST 15:01:22 <gagehugo> ping fungi gagehugo lhinds nickthetait browne redrobot 15:01:35 <gagehugo> #link https://etherpad.openstack.org/p/security-agenda agenda 15:01:37 <Luzi> o/ 15:01:49 <fungi> aloha 15:02:17 * fungi is also in tc office hour and trying to nail down ci job failures due to yesterday's default node change 15:02:36 <gagehugo> yeah I'm dual meetings right now :) 15:03:26 <gagehugo> So there's a new CVE for one of the bugs listed last week 15:03:31 <gagehugo> #link https://bugs.launchpad.net/neutron/+bug/1818385 15:03:33 <openstack> Launchpad bug 1818385 in neutron "It's possible to add a security group rule for VRRP with a dport (CVE-2019-9735)" [Critical,In progress] - Assigned to Brian Haley (brian-haley) 15:04:09 <redrobot> In a work meeting, so only partially o/ 15:04:25 <gagehugo> #link https://nvd.nist.gov/vuln/detail/CVE-2019-9735 15:05:04 <gagehugo> There was also another public security bug reported regarding caching 15:05:08 <gagehugo> #link https://bugs.launchpad.net/oslo.cache/+bug/1819957 15:05:10 <openstack> Launchpad bug 1819957 in oslo.cache "Caching with stale data when a server disconnects due to network partition and reconnects" [High,New] - Assigned to Morgan Fainberg (mdrnstm) 15:07:23 <gagehugo> Also does anyone know if they will make it to the PTG? I'd like to get a somewhat official estimate so I can book a space for us 15:09:43 <Luzi> well I will be there 15:10:11 <gagehugo> \o/ 15:12:35 <gagehugo> #link https://etherpad.openstack.org/p/DEN-securitysig-topics 15:12:57 <gagehugo> If you are planning to attend and/or have a topic you want to discuss, feel free to put it down there ^ 15:14:14 <gagehugo> Did anyone have anything they wanted to talk about this week? 15:16:00 <fungi> on 1818385 i think we're still waiting on the stable/pike fix to merge before issuing an advisory, but i haven't had time to look at it again this morning 15:16:42 <fungi> there's also public bug 1813007 which is quite possibly needing an advisory but would be useful if someone could help nudge the diagnosis along 15:16:44 <openstack> bug 1813007 in neutron "Unable to install new flows on compute nodes when having broken security group rules" [Critical,In progress] https://launchpad.net/bugs/1813007 - Assigned to IWAMOTO Toshihiro (iwamoto) 15:26:16 <gagehugo> fungi ack 15:28:15 <gagehugo> Luzi redrobot fungi if you know of any topics for the PTG please feel free to add it to the etherpad, I will get a room booked for us for probably a day 15:28:36 <gagehugo> otherwise, everyone have a good rest of the week & weekend! 15:28:44 * gagehugo has another meeting :( 15:28:49 <gagehugo> thanks for coming everyone! 15:28:51 <fungi> thanks! 15:28:51 <gagehugo> #endmeeting