#openstack-security: security

Meeting started by fungi at 15:01:19 UTC (full logs).

Meeting summary

    1. Agenda is at https://etherpad.opendev.org/p/security-agenda (fungi, 15:01:41)

  2. Picking a new meeting schedule (fungi, 15:01:56)
    1. Polls to work out a new meeting schedule https://lists.openstack.org/pipermail/openstack-discuss/2023-January/031908.html (fungi, 15:02:31)

  3. Virtual PTG (fungi, 15:06:31)
    1. Virtual PTG March 27-31 https://openinfra.dev/ptg (fungi, 15:07:30)
    2. Brainstorming topics https://etherpad.opendev.org/p/mar2023-ptg-openstack-security (fungi, 15:09:11)

  4. Recent OSSAs (fungi, 15:10:24)
    1. Arbitrary file access through custom S3 XML entities https://security.openstack.org/ossa/OSSA-2023-001.html (fungi, 15:11:10)
    2. Arbitrary file access through custom VMDK flat descriptor https://security.openstack.org/ossa/OSSA-2023-002.html (fungi, 15:11:21)
    3. Downstream stakeholders https://security.openstack.org/vmt-process.html#downstream-stakeholders (fungi, 15:15:27)

  5. Newly public bug reports (fungi, 15:18:46)
    1. CVE-2019-10768 in Angular libs < 1.7.9 https://launchpad.net/bugs/1997545 duplicate of https://launchpad.net/bugs/1955556 (fungi, 15:20:22)

  6. Anything else? (fungi, 15:22:47)
    1. Please remember to fill out the surveys in the ML post linked earlier so we can find a better time when people will be able to participate (fungi, 15:29:42)


Meeting ended at 15:30:01 UTC (full logs).

Action items

  1. (none)


People present (lines said)

  1. fungi (38)
  2. opendevmeet (3)


Generated by MeetBot 0.1.4.