Security fix for CVE-2018-5732 CVE-2018-5733
sudo dnf upgrade --advisory=FEDORA-2018-5051dbd15e
This update has been submitted for testing by landgraf. This critical path update has not yet been approved for pushing to the stable repository. It must first reach a karma of 2, consisting of 0 positive karma from proventesters, along with 2 additional karma from the community. Or, it must spend 14 days in testing without any negative feedback Additionally, it must pass automated tests..
This update has been pushed to testing.
no regressions noted
works for me
This update has been submitted for batched by bodhi.
This update has been submitted for stable by landgraf.
This update has been pushed to stable.
@landgraf: was this update originally labelled as security/urgent? I see that it went through batched and spent two days there, which shouldn't have happened if it was marked as urgent.
"security update in Fedora 27 for dhcp". Does it answer your question?
No really. "security" is the "type", but I'm asking about the "severity" field. It is now "urgent", but was it so when the update was initially submitted?
Well you've asked if the update was marked as security and the answer is "yes it was"
fedpkg update template doesn't have severity field in default template nor in one suggested by security team https://bugzilla.redhat.com/show_bug.cgi?id=1550246#c1 and not everybody uses bodhi UI.
I hope it answers your questions. Even more all information available at the right side of this page (FEDORA-2018-5051dbd15e ) and it says :
So I don't understand why you keep asking for information you can find yourself very easily.
Just to make thing clear. I've not change neither type nor update after update was submitted.
OK, thanks. So that looks like a bug. Karma threshold is +3, and it was reached 6 days ago, according to the log above, and the package was submitted to batched. But it should have been submitted to stable automatically. For some reason that didn't happen, until you did that three days later.
I've seen discussion in f-devel@
Right, I was wondering as well but didn't have time to investigate/report this taking into account two more CVEs in mailman. Is it possible that Critpath flag affects it somehow?
@zbyszek The answer about the Severity field: It was not set when the update was filed, I have updated this to Urgent after looking at the security teams' assessment of the attached security bugs to make sure it went out.
Please login to add feedback.
Confirm request to re-trigger tests.
Copyright © 2007-2019 Red Hat, Inc. and
bodhi is Free Software.
if you have any problems. Read the documentation.