{"update": {"autokarma": true, "autotime": false, "stable_karma": 1, "stable_days": 0, "unstable_karma": -3, "require_bugs": false, "require_testcases": false, "display_name": "", "notes": "Update to 5.2.24: fixes XSS vulnerability CVE-2017-11503.", "type": "security", "status": "stable", "request": null, "severity": "unspecified", "suggest": "unspecified", "locked": false, "pushed": true, "critpath": false, "critpath_groups": null, "close_bugs": true, "date_submitted": "2017-07-27 12:21:54", "date_modified": null, "date_approved": null, "date_testing": "2017-07-27 21:55:54", "date_stable": "2017-07-28 14:18:44", "alias": "FEDORA-2017-f838eb0c5e", "test_gating_status": null, "from_tag": null, "date_pushed": "2017-07-28 14:18:44", "meets_testing_requirements": false, "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2017-f838eb0c5e", "title": "php-PHPMailer-5.2.24-1.fc25", "version_hash": "190394a306e84afe331b9d3b78fe4b148309da9c", "release": {"name": "F25", "long_name": "Fedora 25", "version": "25", "id_prefix": "FEDORA", "branch": "f25", "dist_tag": "f25", "stable_tag": "f25-updates", "testing_tag": "f25-updates-testing", "candidate_tag": "f25-updates-candidate", "pending_signing_tag": "f25-signing-pending", "pending_testing_tag": "f25-updates-testing-pending", "pending_stable_tag": "f25-updates-pending", "override_tag": "f25-override", "mail_template": "fedora_errata_template", "state": "archived", "composed_by_bodhi": true, "create_automatic_updates": null, "package_manager": "dnf", "testing_repository": "updates-testing", "released_on": null, "eol": null, "critpath_mandatory_days_in_testing": 14, "mandatory_days_in_testing": 7, "critpath_min_karma": 2, "min_karma": 1, "setting_status": null}, "user": {"name": "monnerat", "email": "patrick@monnerat.net", "id": 1154, "avatar": "https://seccdn.libravatar.org/avatar/84108d4c3cb2ee3294a7fe13790a72539be917f80a6a324425a9f12a8c6ea996?s=24&d=retro", "openid": "monnerat.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}, "comments": [{"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for testing by monnerat. ", "timestamp": "2017-07-27 12:21:54", "update_id": 93191, "user_id": 91, "id": 640258, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "Thanks for the patch! Since You seem to be in the know: the release notes state 'There was also an undisclosed potential XSS vulnerability in the default exception handler (unused by default)'...does this mean the default exception handler is not used by default? Is 'default exception handler' just a name here?", "timestamp": "2017-07-27 14:24:10", "update_id": 93191, "user_id": 207, "id": 640285, "bug_feedback": [{"karma": 0, "comment_id": 640285, "bug_id": 1474418, "bug": {"bug_id": 1474418, "title": "CVE-2017-11503 php-PHPMailer: phpmailer: XSS in code_generator.php [fedora-all]", "security": true, "parent": false}}], "testcase_feedback": [], "user": {"name": "anonymous", "email": null, "id": 207, "avatar": "https://seccdn.libravatar.org/avatar/37a8eec1ce19687d132fe29051dca629d164e2c4958ba141d5f4133a33f0688f?s=24&d=retro", "openid": "anonymous.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "As I am only the packager for Fedora, please contact upstream for security-related questions.\n... and please login and leave karma here if you are happy with the release. Thank you!", "timestamp": "2017-07-27 14:30:44", "update_id": 93191, "user_id": 1154, "id": 640286, "bug_feedback": [{"karma": 0, "comment_id": 640286, "bug_id": 1474418, "bug": {"bug_id": 1474418, "title": "CVE-2017-11503 php-PHPMailer: phpmailer: XSS in code_generator.php [fedora-all]", "security": true, "parent": false}}], "testcase_feedback": [], "user": {"name": "monnerat", "email": "patrick@monnerat.net", "id": 1154, "avatar": "https://seccdn.libravatar.org/avatar/84108d4c3cb2ee3294a7fe13790a72539be917f80a6a324425a9f12a8c6ea996?s=24&d=retro", "openid": "monnerat.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}, {"karma": 0, "karma_critpath": 0, "text": "\"Thanks for the patch!\" was referring to the patch for both XSS issues someone with a name similar to Yours submitted to PHPMailer, sorry for the confusion. Can't really test Fedora environments. The question was meant to be a more general one and I chose the wrong means of communication. Cheers!", "timestamp": "2017-07-27 14:50:59", "update_id": 93191, "user_id": 207, "id": 640291, "bug_feedback": [{"karma": 0, "comment_id": 640291, "bug_id": 1474418, "bug": {"bug_id": 1474418, "title": "CVE-2017-11503 php-PHPMailer: phpmailer: XSS in code_generator.php [fedora-all]", "security": true, "parent": false}}], "testcase_feedback": [], "user": {"name": "anonymous", "email": null, "id": 207, "avatar": "https://seccdn.libravatar.org/avatar/37a8eec1ce19687d132fe29051dca629d164e2c4958ba141d5f4133a33f0688f?s=24&d=retro", "openid": "anonymous.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to testing.", "timestamp": "2017-07-27 23:24:23", "update_id": 93191, "user_id": 91, "id": 640465, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 1, "karma_critpath": 0, "text": "Thank for patch. ", "timestamp": "2017-07-28 06:41:10", "update_id": 93191, "user_id": 3716, "id": 640609, "bug_feedback": [{"karma": 1, "comment_id": 640609, "bug_id": 1474418, "bug": {"bug_id": 1474418, "title": "CVE-2017-11503 php-PHPMailer: phpmailer: XSS in code_generator.php [fedora-all]", "security": true, "parent": false}}], "testcase_feedback": [], "user": {"name": "robbinespu", "email": "robbinespu@gmail.com", "id": 3716, "avatar": "https://seccdn.libravatar.org/avatar/258ee83644c338ff784dc1a06130c8c9bcef5629c743a1c71eaab418026b80ba?s=24&d=retro", "openid": "robbinespu.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for stable by bodhi. ", "timestamp": "2017-07-28 06:41:12", "update_id": 93191, "user_id": 91, "id": 640610, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to stable.", "timestamp": "2017-07-28 20:50:07", "update_id": 93191, "user_id": 91, "id": 640851, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}], "builds": [{"nvr": "php-PHPMailer-5.2.24-1.fc25", "signed": true, "release_id": 15, "type": "rpm", "epoch": 0}], "bugs": [{"bug_id": 1474418, "title": "CVE-2017-11503 php-PHPMailer: phpmailer: XSS in code_generator.php [fedora-all]", "security": true, "parent": false, "feedback": [{"karma": 0, "comment_id": 640285, "bug_id": 1474418, "comment": {"karma": 0, "karma_critpath": 0, "text": "Thanks for the patch! Since You seem to be in the know: the release notes state 'There was also an undisclosed potential XSS vulnerability in the default exception handler (unused by default)'...does this mean the default exception handler is not used by default? Is 'default exception handler' just a name here?", "timestamp": "2017-07-27 14:24:10", "update_id": 93191, "user_id": 207, "id": 640285, "testcase_feedback": [], "user": {"name": "anonymous", "email": null, "id": 207, "avatar": "https://seccdn.libravatar.org/avatar/37a8eec1ce19687d132fe29051dca629d164e2c4958ba141d5f4133a33f0688f?s=24&d=retro", "openid": "anonymous.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 640286, "bug_id": 1474418, "comment": {"karma": 0, "karma_critpath": 0, "text": "As I am only the packager for Fedora, please contact upstream for security-related questions.\n... and please login and leave karma here if you are happy with the release. Thank you!", "timestamp": "2017-07-27 14:30:44", "update_id": 93191, "user_id": 1154, "id": 640286, "testcase_feedback": [], "user": {"name": "monnerat", "email": "patrick@monnerat.net", "id": 1154, "avatar": "https://seccdn.libravatar.org/avatar/84108d4c3cb2ee3294a7fe13790a72539be917f80a6a324425a9f12a8c6ea996?s=24&d=retro", "openid": "monnerat.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}}, {"karma": 0, "comment_id": 640291, "bug_id": 1474418, "comment": {"karma": 0, "karma_critpath": 0, "text": "\"Thanks for the patch!\" was referring to the patch for both XSS issues someone with a name similar to Yours submitted to PHPMailer, sorry for the confusion. Can't really test Fedora environments. The question was meant to be a more general one and I chose the wrong means of communication. Cheers!", "timestamp": "2017-07-27 14:50:59", "update_id": 93191, "user_id": 207, "id": 640291, "testcase_feedback": [], "user": {"name": "anonymous", "email": null, "id": 207, "avatar": "https://seccdn.libravatar.org/avatar/37a8eec1ce19687d132fe29051dca629d164e2c4958ba141d5f4133a33f0688f?s=24&d=retro", "openid": "anonymous.id.fedoraproject.org", "groups": []}}}, {"karma": 1, "comment_id": 640609, "bug_id": 1474418, "comment": {"karma": 1, "karma_critpath": 0, "text": "Thank for patch. ", "timestamp": "2017-07-28 06:41:10", "update_id": 93191, "user_id": 3716, "id": 640609, "testcase_feedback": [], "user": {"name": "robbinespu", "email": "robbinespu@gmail.com", "id": 3716, "avatar": "https://seccdn.libravatar.org/avatar/258ee83644c338ff784dc1a06130c8c9bcef5629c743a1c71eaab418026b80ba?s=24&d=retro", "openid": "robbinespu.id.fedoraproject.org", "groups": []}}}, {"karma": 1, "comment_id": 641993, "bug_id": 1474418, "comment": {"karma": 1, "karma_critpath": 0, "text": "LGTM", "timestamp": "2017-08-01 02:52:18", "update_id": 93190, "user_id": 3716, "id": 641993, "testcase_feedback": [], "user": {"name": "robbinespu", "email": "robbinespu@gmail.com", "id": 3716, "avatar": "https://seccdn.libravatar.org/avatar/258ee83644c338ff784dc1a06130c8c9bcef5629c743a1c71eaab418026b80ba?s=24&d=retro", "openid": "robbinespu.id.fedoraproject.org", "groups": []}}}]}], "updateid": "FEDORA-2017-f838eb0c5e", "karma": 1, "content_type": "rpm", "test_cases": []}, "can_edit": false, "ci_allowed": false}