16:34 <jdstrand> #startmeeting 16:34 <meetingology> Meeting started Mon May 5 16:34:57 2014 UTC. The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:34 <meetingology> 16:34 <meetingology> Available commands: action commands idea info link nick 16:34 <jdstrand> The meeting agenda can be found at: 16:35 <jdstrand> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:35 <jdstrand> [TOPIC] Weekly stand-up report 16:35 <jdstrand> I'll go first 16:35 <jdstrand> I got the openjdk updates out last week 16:35 <jdstrand> I'm on triage this week 16:37 <jdstrand> I went through the blueprints last week and think 14.04 is up to date 16:37 <jdstrand> as a first pass, I carried over the work from 14.04 to 14.10 blueprints 16:37 <jdstrand> I plan on discussing this with mdeslaur and then we can go over it all as a team this week 16:38 <jdstrand> then I have sprint planning 16:38 <jdstrand> there are also some 14.10 apparmor policy updates (apparmor-easyprof-ubuntu) that I hope to do this week 16:39 <jdstrand> and I am looking at various open CVEs to fix 16:39 <jdstrand> mdeslaur: you're up 16:39 <mdeslaur> I'm on community this week 16:39 <mdeslaur> I have some updates I just published, and am continuing to down down the never ending CVE list :) 16:39 <mdeslaur> that's about it from me! 16:40 <mdeslaur> also, some blueprint discussion with jdstrand 16:40 <mdeslaur> sbeattie: you're up! 16:41 <sbeattie> I'm continuing some work I started last week on improving gcc hardening. 16:42 <sbeattie> I have a patch that updates the default to -fstack-protector-strong (and fixes some issues with -Wformat-security patch), but am currently exploring alternate approaches discovered while trying to figure out the best way to make the default be PIE for amd64 only. 16:43 <sbeattie> I also need to investigate seem reports that apache mod_apparmor may be not working correctly in trusty 16:43 <sbeattie> that's pretty much it for me this week. 16:43 <sbeattie> tyhicks, you're up 16:44 <tyhicks> I'm still hacking on kdbus from last week 16:44 <tyhicks> I also need to merge dbus from debian and refresh our mediation patches with the latest set that I've attached in the upstream bug 16:45 <tyhicks> oh, and I have a short week this week since I'm off on Friday 16:45 <tyhicks> that's it for me 16:45 <tyhicks> jjohansen: you're up 16:45 <jjohansen> I have an embargoed issue to finish up with, then more testing of the newest images with the trusty backport kernels. 16:45 <jjohansen> I need to get a set of patches together for upstream and push them so they are ready for the next merge window 16:45 <jjohansen> then I need to get back to finishing off the stacking work for apparmor 16:46 <jjohansen> - the patches for upstream this time are mostly around enabling dbus mediation with the upstream kernel 16:47 <jjohansen> thats it for me sarnold your up 16:49 <sarnold> I'm in the happy place this week; I need to return to getting the qrt test-django script to function on saucy and newer (I got distracted last week by libvirt 'issues'. ugh.) I haven't made much forward progress on test-django yet, it's been frustrating so far. 16:49 <sarnold> but now that I've got shiny new VMs, hopefully there aren't many new hurdles to finishing it off :) 16:50 <sarnold> depending upon how that goes I may pick up an update 16:50 <sarnold> I tihnk that's it for me, chrisccoulson? 16:50 <jdstrand> chrisccoulson is off today 16:50 <sarnold> (or is it bank holiday?) 16:50 <jdstrand> [TOPIC] Highlighted packages 16:51 <jdstrand> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 16:51 <jdstrand> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 16:51 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/libkdcraw.html 16:51 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/redis.html 16:51 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/plib.html 16:51 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/tinymce.html 16:51 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/libtar.html 16:51 <jdstrand> [TOPIC] Miscellaneous and Questions 16:51 <jdstrand> Does anyone have any other questions or items to discuss? 16:58 <jdstrand> thanks mdeslaur, sbeattie, tyhicks, jjohansen and sarnold :) 16:58 <jdstrand> #endmeeting