#openstack-meeting log

15:00:46 <gagehugo> #startmeeting security
15:00:56 <openstack> Meeting started Thu Mar 14 15:00:46 2019 UTC and is due to finish in 60 minutes.  The chair is gagehugo. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:00:58 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:01:01 <openstack> The meeting name has been set to 'security'
15:01:17 * gagehugo dislikes DST
15:01:22 <gagehugo> ping fungi gagehugo lhinds nickthetait browne redrobot
15:01:35 <gagehugo> #link https://etherpad.openstack.org/p/security-agenda agenda
15:01:37 <Luzi> o/
15:01:49 <fungi> aloha
15:02:17 * fungi is also in tc office hour and trying to nail down ci job failures due to yesterday's default node change
15:02:36 <gagehugo> yeah I'm dual meetings right now :)
15:03:26 <gagehugo> So there's a new CVE for one of the bugs listed last week
15:03:31 <gagehugo> #link https://bugs.launchpad.net/neutron/+bug/1818385
15:03:33 <openstack> Launchpad bug 1818385 in neutron "It's possible to add a security group rule for VRRP with a dport (CVE-2019-9735)" [Critical,In progress] - Assigned to Brian Haley (brian-haley)
15:04:09 <redrobot> In a work meeting, so only partially o/
15:04:25 <gagehugo> #link https://nvd.nist.gov/vuln/detail/CVE-2019-9735
15:05:04 <gagehugo> There was also another public security bug reported regarding caching
15:05:08 <gagehugo> #link https://bugs.launchpad.net/oslo.cache/+bug/1819957
15:05:10 <openstack> Launchpad bug 1819957 in oslo.cache "Caching with stale data when a server disconnects due to network partition and reconnects" [High,New] - Assigned to Morgan Fainberg (mdrnstm)
15:07:23 <gagehugo> Also does anyone know if they will make it to the PTG? I'd like to get a somewhat official estimate so I can book a space for us
15:09:43 <Luzi> well I will be there
15:10:11 <gagehugo> \o/
15:12:35 <gagehugo> #link https://etherpad.openstack.org/p/DEN-securitysig-topics
15:12:57 <gagehugo> If you are planning to attend and/or have a topic you want to discuss, feel free to put it down there ^
15:14:14 <gagehugo> Did anyone have anything they wanted to talk about this week?
15:16:00 <fungi> on 1818385 i think we're still waiting on the stable/pike fix to merge before issuing an advisory, but i haven't had time to look at it again this morning
15:16:42 <fungi> there's also public bug 1813007 which is quite possibly needing an advisory but would be useful if someone could help nudge the diagnosis along
15:16:44 <openstack> bug 1813007 in neutron "Unable to install new flows on compute nodes when having broken security group rules" [Critical,In progress] https://launchpad.net/bugs/1813007 - Assigned to IWAMOTO Toshihiro (iwamoto)
15:26:16 <gagehugo> fungi ack
15:28:15 <gagehugo> Luzi redrobot fungi if you know of any topics for the PTG please feel free to add it to the etherpad, I will get a room booked for us for probably a day
15:28:36 <gagehugo> otherwise, everyone have a good rest of the week & weekend!
15:28:44 * gagehugo has another meeting :(
15:28:49 <gagehugo> thanks for coming everyone!
15:28:51 <fungi> thanks!
15:28:51 <gagehugo> #endmeeting