#mageia-qa log

19:03:32 <DavidWHodgins> #startmeeting
19:03:32 <Inigo_Montoya> Meeting started Thu Oct  7 19:03:32 2021 UTC.  The chair is DavidWHodgins. Information about MeetBot at http://wiki.debian.org/MeetBot.
19:03:32 <Inigo_Montoya> Useful Commands: #action #agreed #help #info #idea #link #topic.
19:03:40 <DavidWHodgins> #chair wilcal MageiaTJ
19:03:40 <Inigo_Montoya> Current chairs: DavidWHodgins MageiaTJ wilcal
19:03:46 <DavidWHodgins> #topic * Who's new? - If you are then come and say hello
19:04:03 <DavidWHodgins> Anyone here who hasn't been to a qa team irc meeting before?
19:04:23 * MageiaTJ is trying not to let the power go to his head.
19:04:29 <DavidWHodgins> #topic * Testing and using Mageia 8
19:04:48 <wilcal> Latest updates here went through just fine
19:05:08 <wilcal> Apache httpd restarted just fine
19:05:28 <wilcal> crises update of Apache
19:05:49 <DavidWHodgins> The httpd one was being exploited in the wild so was pushed by Thomas quickly
19:06:08 <wilcal> what was the exploit
19:06:16 <MageiaTJ> We were right on top of that Apache crisis.
19:06:16 <DavidWHodgins> I'm not sure
19:06:28 <wilcal> I saw it in the news
19:06:32 <DavidWHodgins> Directory transversal iirc
19:07:21 <Luigi12> apparently affected non-default but common configurations and could also be used to get code execution (reported this morning)
19:07:21 <DavidWHodgins> We run httpd in a chroot so it's impact would have been limited anyway, depending on what you use apache for
19:07:43 <Luigi12> it's in a chroot?
19:07:47 <DavidWHodgins> Haven't seen that report yet.
19:07:51 <DavidWHodgins> Luigi12: Yes
19:08:06 <Luigi12> are you sure?
19:08:11 <Luigi12> https://www.openwall.com/lists/oss-security/2021/10/07/1  report I referenced
19:08:12 <[mbot> oss-security - RE: CVE-2021-41773: Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49
19:08:29 <wilcal> IS the quick update to Firefox related to it?
19:08:31 <wilcal> https://bugs.mageia.org/show_bug.cgi?id=29525
19:08:33 <[mbot> 29525 – Firefox 91.2
19:09:54 <Luigi12> no
19:10:12 <Luigi12> we do need to get that validated...we took too long with the last Thunderbird update so now it needs another update
19:10:34 <DavidWHodgins> Argh. Sorry, I was thinking of named which runs in a chroot. Apache does not.
19:10:37 <Luigi12> JC there's another Apache update already
19:10:56 <bri_an> testing last firefox now
19:11:11 <wilcal> Any sugested ways to test a browser? Seems all the test sites want $$$$$
19:11:12 <bri_an> thunderbird isn't my thing --- so can't help you there
19:11:42 <MageiaTJ> I can probably validate FF and T-bird after the meeting, if no problems have come up.
19:11:48 <DavidWHodgins> wilcal: Just test it under your normal usage
19:12:14 <MageiaTJ> I've been using both for a few days now.
19:12:22 <DavidWHodgins> Please do. I'll get their advisories into svn to be ready to push
19:13:00 <Luigi12> https://www.openwall.com/lists/oss-security/2021/10/07/6  new Apache issue  :facepalm:
19:13:01 <[mbot> oss-security - CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773)
19:13:05 <Luigi12> so expect another update soon
19:13:16 <DavidWHodgins> Ouch. :-)
19:13:27 <bri_an> okay - will keep an eye out for it
19:14:43 <DavidWHodgins> Any other specific updates anyone would like to discuss?
19:14:52 <wilcal> Not from me
19:15:12 <Luigi12> OK I assigned Tbird 91.1.2 back to QA so it can be validated before 91.2.0 is built
19:15:14 <wilcal> David keeps these things short and sweet :-))
19:15:22 <DavidWHodgins> :-)
19:15:25 <DavidWHodgins> #topic * Anything else?
19:15:31 <wilcal> nope
19:15:47 <DavidWHodgins> Looks like countdown time
19:15:50 <Guygoye> Nope
19:15:53 <DavidWHodgins> t - 5
19:15:55 <wilcal> See ya next week
19:15:56 <DavidWHodgins> 4
19:15:57 <wilcal> thanks Dav
19:16:00 <DavidWHodgins> 3
19:16:04 <DavidWHodgins> 2
19:16:06 <DavidWHodgins> 1
19:16:13 <DavidWHodgins> Thanks for coming everyone
19:16:18 <DavidWHodgins> #endmeeting