{"update": {"autokarma": true, "autotime": false, "stable_karma": 3, "stable_days": 0, "unstable_karma": -3, "require_bugs": true, "require_testcases": true, "display_name": "", "notes": "Update to xerces-c 3.1.4, fixing CVE-2016-2099 and CVE-2016-4463", "type": "security", "status": "stable", "request": null, "severity": "unspecified", "suggest": "unspecified", "locked": false, "pushed": true, "critpath": false, "critpath_groups": null, "close_bugs": true, "date_submitted": "2016-06-30 07:44:14", "date_modified": null, "date_approved": null, "date_testing": "2016-06-30 21:40:06", "date_stable": "2016-07-02 13:28:24", "alias": "FEDORA-2016-9284772686", "test_gating_status": null, "from_tag": null, "date_pushed": "2016-07-02 13:28:24", "meets_testing_requirements": false, "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2016-9284772686", "title": "xerces-c-3.1.4-1.fc24", "version_hash": "1c4bf00938e82fdd5b04cb33aafa0569bac63139", "release": {"name": "F24", "long_name": "Fedora 24", "version": "24", "id_prefix": "FEDORA", "branch": "f24", "dist_tag": "f24", "stable_tag": "f24-updates", "testing_tag": "f24-updates-testing", "candidate_tag": "f24-updates-candidate", "pending_signing_tag": "f24-signing-pending", "pending_testing_tag": "f24-updates-testing-pending", "pending_stable_tag": "f24-updates-pending", "override_tag": "f24-override", "mail_template": "fedora_errata_template", "state": "archived", "composed_by_bodhi": true, "create_automatic_updates": null, "package_manager": "dnf", "testing_repository": "updates-testing", "released_on": null, "eol": null, "critpath_mandatory_days_in_testing": 14, "mandatory_days_in_testing": 7, "critpath_min_karma": 2, "min_karma": 1, "setting_status": null}, "user": {"name": "kalev", "email": "klember@redhat.com", "id": 285, "avatar": "https://seccdn.libravatar.org/avatar/1105ed098c11649b8ff3db479b7a7585e47ce1e6a93139c2989b37fa89f808ad?s=24&d=retro", "openid": "kalev.id.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "packager"}, {"name": "provenpackager"}, {"name": "gnome-sig"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "gitspin-kickstarts"}, {"name": "rust-sig"}, {"name": "hosted-content"}, {"name": "flatpak-sig"}]}, "comments": [{"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for testing by kalev. ", "timestamp": "2016-06-30 07:44:14", "update_id": 61586, "user_id": 91, "id": 452855, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to testing.", "timestamp": "2016-06-30 22:27:19", "update_id": 61586, "user_id": 91, "id": 453107, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 1, "karma_critpath": 0, "text": "works for me", "timestamp": "2016-07-01 05:48:50", "update_id": 61586, "user_id": 739, "id": 453275, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "cserpentis", "email": "cserpentis@gmail.com", "id": 739, "avatar": "https://seccdn.libravatar.org/avatar/a3febfef42f58ed535f3c3a3cf9743653cd774dbb6e4554e2ce7c847d9802b6c?s=24&d=retro", "openid": "cserpentis.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "trust admins"}]}}, {"karma": 1, "karma_critpath": 0, "text": "looks good", "timestamp": "2016-07-01 15:15:26", "update_id": 61586, "user_id": 262, "id": 453460, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "pnemade", "email": "pnemade@redhat.com", "id": 262, "avatar": "https://seccdn.libravatar.org/avatar/c383fc71de1d229226557da629fa64c03ff81abf117d5c2980ed7b86d56fbc3d?s=24&d=retro", "openid": "pnemade.id.fedoraproject.org", "groups": [{"name": "provenpackager"}, {"name": "packager"}, {"name": "giti18n"}, {"name": "gitinscript2"}, {"name": "gitwordxtr"}, {"name": "gityum-langpacks"}, {"name": "svnsystem-config-language"}, {"name": "ipausers"}, {"name": "gitutrrs-web"}, {"name": "svnlohit"}, {"name": "fedora-contributor"}, {"name": "svniok"}, {"name": "fedorabugs"}, {"name": "signed_fpca"}, {"name": "gitiok2"}, {"name": "gitfontpackages"}, {"name": "gitredhatlsb"}, {"name": "cla_redhat"}, {"name": "cvslohit-fonts"}]}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for stable by bodhi. ", "timestamp": "2016-07-01 15:26:51", "update_id": 61586, "user_id": 91, "id": 453474, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 1, "karma_critpath": 0, "text": "looks good", "timestamp": "2016-07-01 15:26:54", "update_id": 61586, "user_id": 2966, "id": 453475, "bug_feedback": [{"karma": 0, "comment_id": 453475, "bug_id": 1351467, "bug": {"bug_id": 1351467, "title": "CVE-2016-4463 xerces-c: Stack overflow when parsing deeply nested DTD [fedora-all]", "security": true, "parent": false}}, {"karma": 0, "comment_id": 453475, "bug_id": 1348845, "bug": {"bug_id": 1348845, "title": "CVE-2016-4463 xerces-c: Stack overflow when parsing deeply nested DTD", "security": true, "parent": true}}, {"karma": 0, "comment_id": 453475, "bug_id": 1334686, "bug": {"bug_id": 1334686, "title": "CVE-2016-2099 xerces-c: Use-after-free in heap on specially crafted XML input [fedora-all]", "security": true, "parent": false}}, {"karma": 0, "comment_id": 453475, "bug_id": 1310699, "bug": {"bug_id": 1310699, "title": "CVE-2016-2099 xerces-c: Use-after-free in heap on specially crafted XML input", "security": true, "parent": true}}], "testcase_feedback": [], "user": {"name": "kmyid", "email": "kwang.m.yi@gmail.com", "id": 2966, "avatar": "https://seccdn.libravatar.org/avatar/cac28096c2807c95a46757bb00b1c1015253ab58fea3c3a5a0a1df70c801b66e?s=24&d=retro", "openid": "kmyid.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to stable.", "timestamp": "2016-07-02 15:29:42", "update_id": 61586, "user_id": 91, "id": 453729, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}], "builds": [{"nvr": "xerces-c-3.1.4-1.fc24", "signed": true, "release_id": 14, "type": "rpm", "epoch": 0}], "bugs": [{"bug_id": 1310699, "title": "CVE-2016-2099 xerces-c: Use-after-free in heap on specially crafted XML input", "security": true, "parent": true, "feedback": [{"karma": 0, "comment_id": 453475, "bug_id": 1310699, "comment": {"karma": 1, "karma_critpath": 0, "text": "looks good", "timestamp": "2016-07-01 15:26:54", "update_id": 61586, "user_id": 2966, "id": 453475, "testcase_feedback": [], "user": {"name": "kmyid", "email": "kwang.m.yi@gmail.com", "id": 2966, "avatar": "https://seccdn.libravatar.org/avatar/cac28096c2807c95a46757bb00b1c1015253ab58fea3c3a5a0a1df70c801b66e?s=24&d=retro", "openid": "kmyid.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 454705, "bug_id": 1310699, "comment": {"karma": 1, "karma_critpath": 0, "text": "LGTM", "timestamp": "2016-07-04 22:50:04", "update_id": 61589, "user_id": 2944, "id": 454705, "testcase_feedback": [], "user": {"name": "manik1596", "email": "mahajan.manik96@gmail.com", "id": 2944, "avatar": "https://seccdn.libravatar.org/avatar/397fff9b45d604a38eeaf6c70131f48151a9e121d80a677ca708e64dece204b5?s=24&d=retro", "openid": "manik1596.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 454706, "bug_id": 1310699, "comment": {"karma": 1, "karma_critpath": 0, "text": "LGTM", "timestamp": "2016-07-04 22:51:29", "update_id": 61589, "user_id": 2944, "id": 454706, "testcase_feedback": [], "user": {"name": "manik1596", "email": "mahajan.manik96@gmail.com", "id": 2944, "avatar": "https://seccdn.libravatar.org/avatar/397fff9b45d604a38eeaf6c70131f48151a9e121d80a677ca708e64dece204b5?s=24&d=retro", "openid": "manik1596.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 455042, "bug_id": 1310699, "comment": {"karma": 1, "karma_critpath": 0, "text": "Works", "timestamp": "2016-07-05 12:57:35", "update_id": 61584, "user_id": 491, "id": 455042, "testcase_feedback": [], "user": {"name": "pwalter", "email": "walter.pete@yandex.com", "id": 491, "avatar": "https://seccdn.libravatar.org/avatar/20f7756718e08ef810fe23344dfdcafe17dfb277e2c27d5cbf81e35b66247795?s=24&d=retro", "openid": "pwalter.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "provenpackager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "trust admins"}]}}}, {"karma": 0, "comment_id": 455044, "bug_id": 1310699, "comment": {"karma": 1, "karma_critpath": 0, "text": "Works", "timestamp": "2016-07-05 12:58:14", "update_id": 61585, "user_id": 491, "id": 455044, "testcase_feedback": [], "user": {"name": "pwalter", "email": "walter.pete@yandex.com", "id": 491, "avatar": "https://seccdn.libravatar.org/avatar/20f7756718e08ef810fe23344dfdcafe17dfb277e2c27d5cbf81e35b66247795?s=24&d=retro", "openid": "pwalter.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "provenpackager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "trust admins"}]}}}, {"karma": 0, "comment_id": 455046, "bug_id": 1310699, "comment": {"karma": 1, "karma_critpath": 0, "text": "Works", "timestamp": "2016-07-05 12:58:46", "update_id": 61590, "user_id": 491, "id": 455046, "testcase_feedback": [], "user": {"name": "pwalter", "email": "walter.pete@yandex.com", "id": 491, "avatar": "https://seccdn.libravatar.org/avatar/20f7756718e08ef810fe23344dfdcafe17dfb277e2c27d5cbf81e35b66247795?s=24&d=retro", "openid": "pwalter.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "provenpackager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "trust admins"}]}}}, {"karma": 0, "comment_id": 455048, "bug_id": 1310699, "comment": {"karma": 1, "karma_critpath": 0, "text": "Works", "timestamp": "2016-07-05 12:58:58", "update_id": 61588, "user_id": 491, "id": 455048, "testcase_feedback": [], "user": {"name": "pwalter", "email": "walter.pete@yandex.com", "id": 491, "avatar": "https://seccdn.libravatar.org/avatar/20f7756718e08ef810fe23344dfdcafe17dfb277e2c27d5cbf81e35b66247795?s=24&d=retro", "openid": "pwalter.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "provenpackager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "trust admins"}]}}}]}, {"bug_id": 1334686, "title": "CVE-2016-2099 xerces-c: Use-after-free in heap on specially crafted XML input [fedora-all]", "security": true, "parent": false, "feedback": [{"karma": 0, "comment_id": 453475, "bug_id": 1334686, "comment": {"karma": 1, "karma_critpath": 0, "text": "looks good", "timestamp": "2016-07-01 15:26:54", "update_id": 61586, "user_id": 2966, "id": 453475, "testcase_feedback": [], "user": {"name": "kmyid", "email": "kwang.m.yi@gmail.com", "id": 2966, "avatar": "https://seccdn.libravatar.org/avatar/cac28096c2807c95a46757bb00b1c1015253ab58fea3c3a5a0a1df70c801b66e?s=24&d=retro", "openid": "kmyid.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 455042, "bug_id": 1334686, "comment": {"karma": 1, "karma_critpath": 0, "text": "Works", "timestamp": "2016-07-05 12:57:35", "update_id": 61584, "user_id": 491, "id": 455042, "testcase_feedback": [], "user": {"name": "pwalter", "email": "walter.pete@yandex.com", "id": 491, "avatar": "https://seccdn.libravatar.org/avatar/20f7756718e08ef810fe23344dfdcafe17dfb277e2c27d5cbf81e35b66247795?s=24&d=retro", "openid": "pwalter.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "provenpackager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "trust admins"}]}}}, {"karma": 0, "comment_id": 455044, "bug_id": 1334686, "comment": {"karma": 1, "karma_critpath": 0, "text": "Works", "timestamp": "2016-07-05 12:58:14", "update_id": 61585, "user_id": 491, "id": 455044, "testcase_feedback": [], "user": {"name": "pwalter", "email": "walter.pete@yandex.com", "id": 491, "avatar": "https://seccdn.libravatar.org/avatar/20f7756718e08ef810fe23344dfdcafe17dfb277e2c27d5cbf81e35b66247795?s=24&d=retro", "openid": "pwalter.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "provenpackager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "trust admins"}]}}}]}, {"bug_id": 1348845, "title": "CVE-2016-4463 xerces-c: Stack overflow when parsing deeply nested DTD", "security": true, "parent": true, "feedback": [{"karma": 0, "comment_id": 453475, "bug_id": 1348845, "comment": {"karma": 1, "karma_critpath": 0, "text": "looks good", "timestamp": "2016-07-01 15:26:54", "update_id": 61586, "user_id": 2966, "id": 453475, "testcase_feedback": [], "user": {"name": "kmyid", "email": "kwang.m.yi@gmail.com", "id": 2966, "avatar": "https://seccdn.libravatar.org/avatar/cac28096c2807c95a46757bb00b1c1015253ab58fea3c3a5a0a1df70c801b66e?s=24&d=retro", "openid": "kmyid.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 454705, "bug_id": 1348845, "comment": {"karma": 1, "karma_critpath": 0, "text": "LGTM", "timestamp": "2016-07-04 22:50:04", "update_id": 61589, "user_id": 2944, "id": 454705, "testcase_feedback": [], "user": {"name": "manik1596", "email": "mahajan.manik96@gmail.com", "id": 2944, "avatar": "https://seccdn.libravatar.org/avatar/397fff9b45d604a38eeaf6c70131f48151a9e121d80a677ca708e64dece204b5?s=24&d=retro", "openid": "manik1596.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 454706, "bug_id": 1348845, "comment": {"karma": 1, "karma_critpath": 0, "text": "LGTM", "timestamp": "2016-07-04 22:51:29", "update_id": 61589, "user_id": 2944, "id": 454706, "testcase_feedback": [], "user": {"name": "manik1596", "email": "mahajan.manik96@gmail.com", "id": 2944, "avatar": "https://seccdn.libravatar.org/avatar/397fff9b45d604a38eeaf6c70131f48151a9e121d80a677ca708e64dece204b5?s=24&d=retro", "openid": "manik1596.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 455042, "bug_id": 1348845, "comment": {"karma": 1, "karma_critpath": 0, "text": "Works", "timestamp": "2016-07-05 12:57:35", "update_id": 61584, "user_id": 491, "id": 455042, "testcase_feedback": [], "user": {"name": "pwalter", "email": "walter.pete@yandex.com", "id": 491, "avatar": "https://seccdn.libravatar.org/avatar/20f7756718e08ef810fe23344dfdcafe17dfb277e2c27d5cbf81e35b66247795?s=24&d=retro", "openid": "pwalter.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "provenpackager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "trust admins"}]}}}, {"karma": 0, "comment_id": 455044, "bug_id": 1348845, "comment": {"karma": 1, "karma_critpath": 0, "text": "Works", "timestamp": "2016-07-05 12:58:14", "update_id": 61585, "user_id": 491, "id": 455044, "testcase_feedback": [], "user": {"name": "pwalter", "email": "walter.pete@yandex.com", "id": 491, "avatar": "https://seccdn.libravatar.org/avatar/20f7756718e08ef810fe23344dfdcafe17dfb277e2c27d5cbf81e35b66247795?s=24&d=retro", "openid": "pwalter.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "provenpackager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "trust admins"}]}}}, {"karma": 0, "comment_id": 455046, "bug_id": 1348845, "comment": {"karma": 1, "karma_critpath": 0, "text": "Works", "timestamp": "2016-07-05 12:58:46", "update_id": 61590, "user_id": 491, "id": 455046, "testcase_feedback": [], "user": {"name": "pwalter", "email": "walter.pete@yandex.com", "id": 491, "avatar": "https://seccdn.libravatar.org/avatar/20f7756718e08ef810fe23344dfdcafe17dfb277e2c27d5cbf81e35b66247795?s=24&d=retro", "openid": "pwalter.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "provenpackager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "trust admins"}]}}}, {"karma": 0, "comment_id": 455048, "bug_id": 1348845, "comment": {"karma": 1, "karma_critpath": 0, "text": "Works", "timestamp": "2016-07-05 12:58:58", "update_id": 61588, "user_id": 491, "id": 455048, "testcase_feedback": [], "user": {"name": "pwalter", "email": "walter.pete@yandex.com", "id": 491, "avatar": "https://seccdn.libravatar.org/avatar/20f7756718e08ef810fe23344dfdcafe17dfb277e2c27d5cbf81e35b66247795?s=24&d=retro", "openid": "pwalter.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "provenpackager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "trust admins"}]}}}]}, {"bug_id": 1351467, "title": "CVE-2016-4463 xerces-c: Stack overflow when parsing deeply nested DTD [fedora-all]", "security": true, "parent": false, "feedback": [{"karma": 0, "comment_id": 453475, "bug_id": 1351467, "comment": {"karma": 1, "karma_critpath": 0, "text": "looks good", "timestamp": "2016-07-01 15:26:54", "update_id": 61586, "user_id": 2966, "id": 453475, "testcase_feedback": [], "user": {"name": "kmyid", "email": "kwang.m.yi@gmail.com", "id": 2966, "avatar": "https://seccdn.libravatar.org/avatar/cac28096c2807c95a46757bb00b1c1015253ab58fea3c3a5a0a1df70c801b66e?s=24&d=retro", "openid": "kmyid.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 455042, "bug_id": 1351467, "comment": {"karma": 1, "karma_critpath": 0, "text": "Works", "timestamp": "2016-07-05 12:57:35", "update_id": 61584, "user_id": 491, "id": 455042, "testcase_feedback": [], "user": {"name": "pwalter", "email": "walter.pete@yandex.com", "id": 491, "avatar": "https://seccdn.libravatar.org/avatar/20f7756718e08ef810fe23344dfdcafe17dfb277e2c27d5cbf81e35b66247795?s=24&d=retro", "openid": "pwalter.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "provenpackager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "trust admins"}]}}}, {"karma": 0, "comment_id": 455044, "bug_id": 1351467, "comment": {"karma": 1, "karma_critpath": 0, "text": "Works", "timestamp": "2016-07-05 12:58:14", "update_id": 61585, "user_id": 491, "id": 455044, "testcase_feedback": [], "user": {"name": "pwalter", "email": "walter.pete@yandex.com", "id": 491, "avatar": "https://seccdn.libravatar.org/avatar/20f7756718e08ef810fe23344dfdcafe17dfb277e2c27d5cbf81e35b66247795?s=24&d=retro", "openid": "pwalter.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "provenpackager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "trust admins"}]}}}]}], "updateid": "FEDORA-2016-9284772686", "karma": 3, "content_type": "rpm", "test_cases": []}, "can_edit": false, "ci_allowed": false}