== Meeting information == * #ubuntu-meeting Meeting, 05 May at 16:34 — 16:58 UTC * Full logs at [[http://ubottu.com/meetingology/logs/ubuntu-meeting/2014/ubuntu-meeting.2014-05-05-16.34.log.html]] == Meeting summary == ''LINK:'' https://wiki.ubuntu.com/SecurityTeam/Meeting === Weekly stand-up report === The discussion about "Weekly stand-up report" started at 16:35. === Highlighted packages === The discussion about "Highlighted packages" started at 16:50. * ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/libkdcraw.html * ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/redis.html * ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/plib.html * ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/tinymce.html * ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/libtar.html === Miscellaneous and Questions === The discussion about "Miscellaneous and Questions" started at 16:51. == Vote results == == Done items == * (none) == People present (lines said) == * jdstrand (27) * sarnold (5) * mdeslaur (5) * sbeattie (5) * jjohansen (5) * tyhicks (5) * meetingology (3) == Full Log == 16:34 #startmeeting 16:34 Meeting started Mon May 5 16:34:57 2014 UTC. The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:34 16:34 Available commands: action commands idea info link nick 16:34 The meeting agenda can be found at: 16:35 [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:35 [TOPIC] Weekly stand-up report 16:35 I'll go first 16:35 I got the openjdk updates out last week 16:35 I'm on triage this week 16:37 I went through the blueprints last week and think 14.04 is up to date 16:37 as a first pass, I carried over the work from 14.04 to 14.10 blueprints 16:37 I plan on discussing this with mdeslaur and then we can go over it all as a team this week 16:38 then I have sprint planning 16:38 there are also some 14.10 apparmor policy updates (apparmor-easyprof-ubuntu) that I hope to do this week 16:39 and I am looking at various open CVEs to fix 16:39 mdeslaur: you're up 16:39 I'm on community this week 16:39 I have some updates I just published, and am continuing to down down the never ending CVE list :) 16:39 that's about it from me! 16:40 also, some blueprint discussion with jdstrand 16:40 sbeattie: you're up! 16:41 I'm continuing some work I started last week on improving gcc hardening. 16:42 I have a patch that updates the default to -fstack-protector-strong (and fixes some issues with -Wformat-security patch), but am currently exploring alternate approaches discovered while trying to figure out the best way to make the default be PIE for amd64 only. 16:43 I also need to investigate seem reports that apache mod_apparmor may be not working correctly in trusty 16:43 that's pretty much it for me this week. 16:43 tyhicks, you're up 16:44 I'm still hacking on kdbus from last week 16:44 I also need to merge dbus from debian and refresh our mediation patches with the latest set that I've attached in the upstream bug 16:45 oh, and I have a short week this week since I'm off on Friday 16:45 that's it for me 16:45 jjohansen: you're up 16:45 I have an embargoed issue to finish up with, then more testing of the newest images with the trusty backport kernels. 16:45 I need to get a set of patches together for upstream and push them so they are ready for the next merge window 16:45 then I need to get back to finishing off the stacking work for apparmor 16:46 - the patches for upstream this time are mostly around enabling dbus mediation with the upstream kernel 16:47 thats it for me sarnold your up 16:49 I'm in the happy place this week; I need to return to getting the qrt test-django script to function on saucy and newer (I got distracted last week by libvirt 'issues'. ugh.) I haven't made much forward progress on test-django yet, it's been frustrating so far. 16:49 but now that I've got shiny new VMs, hopefully there aren't many new hurdles to finishing it off :) 16:50 depending upon how that goes I may pick up an update 16:50 I tihnk that's it for me, chrisccoulson? 16:50 chrisccoulson is off today 16:50 (or is it bank holiday?) 16:50 [TOPIC] Highlighted packages 16:51 The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 16:51 See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 16:51 http://people.canonical.com/~ubuntu-security/cve/pkg/libkdcraw.html 16:51 http://people.canonical.com/~ubuntu-security/cve/pkg/redis.html 16:51 http://people.canonical.com/~ubuntu-security/cve/pkg/plib.html 16:51 http://people.canonical.com/~ubuntu-security/cve/pkg/tinymce.html 16:51 http://people.canonical.com/~ubuntu-security/cve/pkg/libtar.html 16:51 [TOPIC] Miscellaneous and Questions 16:51 Does anyone have any other questions or items to discuss? 16:58 thanks mdeslaur, sbeattie, tyhicks, jjohansen and sarnold :) 16:58 #endmeeting Generated by MeetBot 0.1.5 (http://wiki.ubuntu.com/meetingology)