15:00:26 <gagehugo> #startmeeting security
15:00:31 <openstack> Meeting started Thu Jan 21 15:00:26 2021 UTC and is due to finish in 60 minutes.  The chair is gagehugo. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:00:32 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:00:35 <openstack> The meeting name has been set to 'security'
15:00:40 <gagehugo> #link https://etherpad.opendev.org/p/security-agenda agenda
15:01:26 <fungi> ahoy
15:01:56 <gagehugo> o/
15:05:50 <redrobot> \o
15:06:02 <gagehugo> Nothing on the agenda today
15:06:07 <gagehugo> #topic open discussion
15:06:12 <gagehugo> Anyone have anything?
15:08:18 <fungi> #link https://bugs.launchpad.net/ossa Public reports of suspected vulnerabilities in need of review
15:08:58 <fungi> i think there are 29 at the moment (if you're logged in as a vulnerability manager you may see a higher number)
15:10:00 <fungi> revisiting private reports, it seems we have one where the embargo has expired too, i'll open it up now
15:11:50 <fungi> #link https://launchpad.net/bugs/1892848 XSS in adding JavaScript into the ‘Subnet Name’ field
15:11:51 <openstack> Launchpad bug 1892848 in OpenStack Security Advisory "XSS in adding JavaScript into the ‘Subnet Name’ field" [Undecided,Incomplete]
15:12:48 <fungi> so that brings the total up to 30 which would be nice to get some folks to weigh in on
15:13:10 <fungi> i should revisit my earlier idea to sort them by project and send a list to th eopenstack-discuss ml
15:13:44 <redrobot> I'll try to make some time to review some of those. Not sure how useful I'll be though. 😅
15:18:54 <gagehugo> thanks fungi, anyone else have anything?
15:19:46 <fungi> that was all i had for this week. i'll try to send something to the ml, but infra fires have dominated my available time recently
15:22:23 <gagehugo> yeah, coming back from vacation has consumed most of my time lately
15:22:38 <gagehugo> thanks fungi, redrobot! Have a good rest of the week!
15:22:43 <gagehugo> #endmeeting