============================= #openstack-security: security ============================= Meeting started by fungi at 15:01:11 UTC. The full logs are available at https://meetings.opendev.org/meetings/security/2022/security.2022-10-06-15.01.log.html . Meeting summary --------------- * LINK: https://etherpad.opendev.org/p/security-agenda Meeting Agenda (fungi, 15:03:13) * Prior Actions (fungi, 15:04:13) * LINK: https://meetings.opendev.org/meetings/security/2022/security.2022-09-01-15.02.html (previous minutes) (fungi, 15:05:01) * ACTION: fungi propose xstatic discussion topic on horizon ptg agenda (fungi, 15:09:06) * ACTION: fungi update ossn/security-doc members in gerrit and launchpad (fungi, 15:10:45) * LINK: https://review.opendev.org/850003 Gracefully ERROR in _init_instance if vnic_type changed (fungi, 15:11:50) * LINK: https://launchpad.net/bugs/1981813 Compute service fails to restart if the vnic_type of a bound port changed from direct to macvtap (CVE-2022-37394) (fungi, 15:18:59) * Public Bug Reports (fungi, 15:22:31) * LINK: https://storyboard.openstack.org/#!/story/2010004 Remote code execution: Trove backup (fungi, 15:23:29) * LINK: https://launchpad.net/bugs/1989008 Lax rulesets leading to privilege escalation vulnerabilities (fungi, 15:24:07) * LINK: https://bugzilla.redhat.com/show_bug.cgi?id=2105419 Application credential token remains valid longer than expected (fungi, 15:25:01) * PTG Planning (fungi, 15:27:22) * LINK: https://etherpad.opendev.org/p/oct2022-ptg-openstack-security (fungi, 15:28:45) * Open Discussion (fungi, 15:32:46) * LINK: https://wiki.openstack.org/wiki/Security-SIG (fungi, 15:33:25) * LINK: https://lists.openstack.org/pipermail/openstack-discuss/2022-October/030755.html Openstack Security Assessments (fungi, 15:35:06) Meeting ended at 15:45:34 UTC. Action items, by person ----------------------- * fungi * fungi propose xstatic discussion topic on horizon ptg agenda * fungi update ossn/security-doc members in gerrit and launchpad People present (lines said) --------------------------- * fungi (61) * opendevmeet (3) * gagehugo (3) Generated by `MeetBot`_ 0.1.4