19:03:32 <DavidWHodgins> #startmeeting 19:03:32 <Inigo_Montoya> Meeting started Thu Oct 7 19:03:32 2021 UTC. The chair is DavidWHodgins. Information about MeetBot at http://wiki.debian.org/MeetBot. 19:03:32 <Inigo_Montoya> Useful Commands: #action #agreed #help #info #idea #link #topic. 19:03:40 <DavidWHodgins> #chair wilcal MageiaTJ 19:03:40 <Inigo_Montoya> Current chairs: DavidWHodgins MageiaTJ wilcal 19:03:46 <DavidWHodgins> #topic * Who's new? - If you are then come and say hello 19:04:03 <DavidWHodgins> Anyone here who hasn't been to a qa team irc meeting before? 19:04:23 * MageiaTJ is trying not to let the power go to his head. 19:04:29 <DavidWHodgins> #topic * Testing and using Mageia 8 19:04:48 <wilcal> Latest updates here went through just fine 19:05:08 <wilcal> Apache httpd restarted just fine 19:05:28 <wilcal> crises update of Apache 19:05:49 <DavidWHodgins> The httpd one was being exploited in the wild so was pushed by Thomas quickly 19:06:08 <wilcal> what was the exploit 19:06:16 <MageiaTJ> We were right on top of that Apache crisis. 19:06:16 <DavidWHodgins> I'm not sure 19:06:28 <wilcal> I saw it in the news 19:06:32 <DavidWHodgins> Directory transversal iirc 19:07:21 <Luigi12> apparently affected non-default but common configurations and could also be used to get code execution (reported this morning) 19:07:21 <DavidWHodgins> We run httpd in a chroot so it's impact would have been limited anyway, depending on what you use apache for 19:07:43 <Luigi12> it's in a chroot? 19:07:47 <DavidWHodgins> Haven't seen that report yet. 19:07:51 <DavidWHodgins> Luigi12: Yes 19:08:06 <Luigi12> are you sure? 19:08:11 <Luigi12> https://www.openwall.com/lists/oss-security/2021/10/07/1 report I referenced 19:08:12 <[mbot> oss-security - RE: CVE-2021-41773: Path traversal and file disclosure vulnerability in Apache HTTP Server 2.4.49 19:08:29 <wilcal> IS the quick update to Firefox related to it? 19:08:31 <wilcal> https://bugs.mageia.org/show_bug.cgi?id=29525 19:08:33 <[mbot> 29525 – Firefox 91.2 19:09:54 <Luigi12> no 19:10:12 <Luigi12> we do need to get that validated...we took too long with the last Thunderbird update so now it needs another update 19:10:34 <DavidWHodgins> Argh. Sorry, I was thinking of named which runs in a chroot. Apache does not. 19:10:37 <Luigi12> JC there's another Apache update already 19:10:56 <bri_an> testing last firefox now 19:11:11 <wilcal> Any sugested ways to test a browser? Seems all the test sites want $$$$$ 19:11:12 <bri_an> thunderbird isn't my thing --- so can't help you there 19:11:42 <MageiaTJ> I can probably validate FF and T-bird after the meeting, if no problems have come up. 19:11:48 <DavidWHodgins> wilcal: Just test it under your normal usage 19:12:14 <MageiaTJ> I've been using both for a few days now. 19:12:22 <DavidWHodgins> Please do. I'll get their advisories into svn to be ready to push 19:13:00 <Luigi12> https://www.openwall.com/lists/oss-security/2021/10/07/6 new Apache issue :facepalm: 19:13:01 <[mbot> oss-security - CVE-2021-42013: Path Traversal and Remote Code Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete fix of CVE-2021-41773) 19:13:05 <Luigi12> so expect another update soon 19:13:16 <DavidWHodgins> Ouch. :-) 19:13:27 <bri_an> okay - will keep an eye out for it 19:14:43 <DavidWHodgins> Any other specific updates anyone would like to discuss? 19:14:52 <wilcal> Not from me 19:15:12 <Luigi12> OK I assigned Tbird 91.1.2 back to QA so it can be validated before 91.2.0 is built 19:15:14 <wilcal> David keeps these things short and sweet :-)) 19:15:22 <DavidWHodgins> :-) 19:15:25 <DavidWHodgins> #topic * Anything else? 19:15:31 <wilcal> nope 19:15:47 <DavidWHodgins> Looks like countdown time 19:15:50 <Guygoye> Nope 19:15:53 <DavidWHodgins> t - 5 19:15:55 <wilcal> See ya next week 19:15:56 <DavidWHodgins> 4 19:15:57 <wilcal> thanks Dav 19:16:00 <DavidWHodgins> 3 19:16:04 <DavidWHodgins> 2 19:16:06 <DavidWHodgins> 1 19:16:13 <DavidWHodgins> Thanks for coming everyone 19:16:18 <DavidWHodgins> #endmeeting