15:00:26 <gagehugo> #startmeeting security 15:00:31 <openstack> Meeting started Thu Jan 21 15:00:26 2021 UTC and is due to finish in 60 minutes. The chair is gagehugo. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:00:32 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 15:00:35 <openstack> The meeting name has been set to 'security' 15:00:40 <gagehugo> #link https://etherpad.opendev.org/p/security-agenda agenda 15:01:26 <fungi> ahoy 15:01:56 <gagehugo> o/ 15:05:50 <redrobot> \o 15:06:02 <gagehugo> Nothing on the agenda today 15:06:07 <gagehugo> #topic open discussion 15:06:12 <gagehugo> Anyone have anything? 15:08:18 <fungi> #link https://bugs.launchpad.net/ossa Public reports of suspected vulnerabilities in need of review 15:08:58 <fungi> i think there are 29 at the moment (if you're logged in as a vulnerability manager you may see a higher number) 15:10:00 <fungi> revisiting private reports, it seems we have one where the embargo has expired too, i'll open it up now 15:11:50 <fungi> #link https://launchpad.net/bugs/1892848 XSS in adding JavaScript into the ‘Subnet Name’ field 15:11:51 <openstack> Launchpad bug 1892848 in OpenStack Security Advisory "XSS in adding JavaScript into the ‘Subnet Name’ field" [Undecided,Incomplete] 15:12:48 <fungi> so that brings the total up to 30 which would be nice to get some folks to weigh in on 15:13:10 <fungi> i should revisit my earlier idea to sort them by project and send a list to th eopenstack-discuss ml 15:13:44 <redrobot> I'll try to make some time to review some of those. Not sure how useful I'll be though. 😅 15:18:54 <gagehugo> thanks fungi, anyone else have anything? 15:19:46 <fungi> that was all i had for this week. i'll try to send something to the ml, but infra fires have dominated my available time recently 15:22:23 <gagehugo> yeah, coming back from vacation has consumed most of my time lately 15:22:38 <gagehugo> thanks fungi, redrobot! Have a good rest of the week! 15:22:43 <gagehugo> #endmeeting