{"update": {"autokarma": true, "autotime": false, "stable_karma": 3, "stable_days": 0, "unstable_karma": -3, "require_bugs": true, "require_testcases": true, "display_name": "", "notes": "- CVE-2019-8907 - remote denial of service in do_core_note in readelf.c\n- CVE-2019-8905 - stack-based buffer over-read in do_core_note in readelf.c\n- CVE-2019-8904 - stack-based buffer over-read in do_bid_note in readelf.c\n- CVE-2019-8906 - out-of-bounds read in do_core_note in readelf.c", "type": "security", "status": "stable", "request": null, "severity": "medium", "suggest": "unspecified", "locked": false, "pushed": true, "critpath": true, "critpath_groups": null, "close_bugs": true, "date_submitted": "2019-02-25 12:54:36", "date_modified": null, "date_approved": null, "date_testing": "2019-02-26 04:10:46", "date_stable": "2019-03-01 02:37:52", "alias": "FEDORA-2019-15f5147b27", "test_gating_status": "ignored", "from_tag": null, "date_pushed": "2019-03-01 02:37:52", "meets_testing_requirements": true, "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2019-15f5147b27", "title": "file-5.34-12.fc29", "version_hash": "03951cb3cbc4fea091226a9e0decc221b176266b", "release": {"name": "F29", "long_name": "Fedora 29", "version": "29", "id_prefix": "FEDORA", "branch": "f29", "dist_tag": "f29", "stable_tag": "f29-updates", "testing_tag": "f29-updates-testing", "candidate_tag": "f29-updates-candidate", "pending_signing_tag": "f29-signing-pending", "pending_testing_tag": "f29-updates-testing-pending", "pending_stable_tag": "f29-updates-pending", "override_tag": "f29-override", "mail_template": "fedora_errata_template", "state": "archived", "composed_by_bodhi": true, "create_automatic_updates": false, "package_manager": "dnf", "testing_repository": "updates-testing", "released_on": null, "eol": null, "critpath_mandatory_days_in_testing": 14, "mandatory_days_in_testing": 7, "critpath_min_karma": 2, "min_karma": 1, "setting_status": null}, "user": {"name": "kdudka", "email": "kdudka@redhat.com", "id": 576, "avatar": "https://seccdn.libravatar.org/avatar/81b8a3402cb4e17c69f622fa0a54731bb27b625f8fbd396a7583318619a15395?s=24&d=retro", "openid": "kdudka.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "gitcgt"}, {"name": "gitcsmock"}, {"name": "gitnsspem"}, {"name": "fedorabugs"}, {"name": "aufover"}, {"name": "gitcscppc"}, {"name": "signed_fpca"}, {"name": "ipausers"}, {"name": "gitcswrap"}, {"name": "gitcodescan-diff"}, {"name": "fedora-contributor"}, {"name": "openscanhub"}, {"name": "trust admins"}]}, "comments": [{"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for testing by kdudka. ", "timestamp": "2019-02-25 12:54:36", "update_id": 132375, "user_id": 91, "id": 899881, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to testing.", "timestamp": "2019-02-26 04:11:40", "update_id": 132375, "user_id": 91, "id": 900288, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 1, "karma_critpath": 0, "text": "Works great!  LGTM!  =)", "timestamp": "2019-02-27 07:22:48", "update_id": 132375, "user_id": 206, "id": 900955, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "besser82", "email": "besser82.fpo@gmail.com", "id": 206, "avatar": "https://seccdn.libravatar.org/avatar/28bacfa3be75032390ac2c7a34599aeb825c3b62b2c55ef64821d2fc023b56cb?s=24&d=retro", "openid": "besser82.id.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "packager"}, {"name": "provenpackager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "designteam"}, {"name": "shogun-ca"}, {"name": "alt-gtk-de-sig"}]}}, {"karma": 1, "karma_critpath": 1, "text": "Works for me", "timestamp": "2019-02-27 09:53:55", "update_id": 132375, "user_id": 4616, "id": 900971, "bug_feedback": [{"karma": 0, "comment_id": 900971, "bug_id": 1679139, "bug": {"bug_id": 1679139, "title": "CVE-2019-8907 file: do_core_note in readelf.c allows remote attackers to cause a denial of service [fedora-all]", "security": true, "parent": false}}, {"karma": 0, "comment_id": 900971, "bug_id": 1679176, "bug": {"bug_id": 1679176, "title": "CVE-2019-8906 file: out-of-bounds read in do_core_note in readelf.c [fedora-all]", "security": true, "parent": false}}, {"karma": 0, "comment_id": 900971, "bug_id": 1679182, "bug": {"bug_id": 1679182, "title": "CVE-2019-8905 file: stack-based buffer over-read in do_core_note in readelf.c [fedora-all]", "security": true, "parent": false}}, {"karma": 0, "comment_id": 900971, "bug_id": 1679189, "bug": {"bug_id": 1679189, "title": "CVE-2019-8904 file: stack-based buffer over-read in do_bid_note in readelf.c [fedora-all]", "security": true, "parent": false}}], "testcase_feedback": [], "user": {"name": "pcw", "email": "mail@pcwhite.com", "id": 4616, "avatar": "https://seccdn.libravatar.org/avatar/d7738f90f4dd43a6a885c2186c1c125d1a619d01411091d2a8ce7147bd946af0?s=24&d=retro", "openid": "pcw.id.fedoraproject.org", "groups": []}}, {"karma": 1, "karma_critpath": 0, "text": "works for me", "timestamp": "2019-02-27 21:26:08", "update_id": 132375, "user_id": 739, "id": 901117, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "cserpentis", "email": "cserpentis@gmail.com", "id": 739, "avatar": "https://seccdn.libravatar.org/avatar/a3febfef42f58ed535f3c3a3cf9743653cd774dbb6e4554e2ce7c847d9802b6c?s=24&d=retro", "openid": "cserpentis.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for batched by bodhi. ", "timestamp": "2019-02-27 21:26:09", "update_id": 132375, "user_id": 91, "id": 901118, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "Thank you for testing the update!", "timestamp": "2019-02-27 22:11:42", "update_id": 132375, "user_id": 576, "id": 901145, "bug_feedback": [{"karma": 0, "comment_id": 901145, "bug_id": 1679139, "bug": {"bug_id": 1679139, "title": "CVE-2019-8907 file: do_core_note in readelf.c allows remote attackers to cause a denial of service [fedora-all]", "security": true, "parent": false}}, {"karma": 0, "comment_id": 901145, "bug_id": 1679176, "bug": {"bug_id": 1679176, "title": "CVE-2019-8906 file: out-of-bounds read in do_core_note in readelf.c [fedora-all]", "security": true, "parent": false}}, {"karma": 0, "comment_id": 901145, "bug_id": 1679182, "bug": {"bug_id": 1679182, "title": "CVE-2019-8905 file: stack-based buffer over-read in do_core_note in readelf.c [fedora-all]", "security": true, "parent": false}}, {"karma": 0, "comment_id": 901145, "bug_id": 1679189, "bug": {"bug_id": 1679189, "title": "CVE-2019-8904 file: stack-based buffer over-read in do_bid_note in readelf.c [fedora-all]", "security": true, "parent": false}}], "testcase_feedback": [], "user": {"name": "kdudka", "email": "kdudka@redhat.com", "id": 576, "avatar": "https://seccdn.libravatar.org/avatar/81b8a3402cb4e17c69f622fa0a54731bb27b625f8fbd396a7583318619a15395?s=24&d=retro", "openid": "kdudka.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "gitcgt"}, {"name": "gitcsmock"}, {"name": "gitnsspem"}, {"name": "fedorabugs"}, {"name": "aufover"}, {"name": "gitcscppc"}, {"name": "signed_fpca"}, {"name": "ipausers"}, {"name": "gitcswrap"}, {"name": "gitcodescan-diff"}, {"name": "fedora-contributor"}, {"name": "openscanhub"}, {"name": "trust admins"}]}}, {"karma": 0, "karma_critpath": 0, "text": "Bodhi is unable to request this update for stabilization: unable to obtain a session", "timestamp": "2019-02-27 23:46:04", "update_id": 132375, "user_id": 91, "id": 901184, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for stable by bodhi. ", "timestamp": "2019-02-28 23:46:41", "update_id": 132375, "user_id": 91, "id": 901622, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to stable.", "timestamp": "2019-03-01 02:39:32", "update_id": 132375, "user_id": 91, "id": 901697, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}], "builds": [{"nvr": "file-5.34-12.fc29", "signed": true, "release_id": 23, "type": "rpm", "epoch": 0}], "bugs": [{"bug_id": 1679139, "title": "CVE-2019-8907 file: do_core_note in readelf.c allows remote attackers to cause a denial of service [fedora-all]", "security": true, "parent": false, "feedback": [{"karma": 0, "comment_id": 900971, "bug_id": 1679139, "comment": {"karma": 1, "karma_critpath": 1, "text": "Works for me", "timestamp": "2019-02-27 09:53:55", "update_id": 132375, "user_id": 4616, "id": 900971, "testcase_feedback": [], "user": {"name": "pcw", "email": "mail@pcwhite.com", "id": 4616, "avatar": "https://seccdn.libravatar.org/avatar/d7738f90f4dd43a6a885c2186c1c125d1a619d01411091d2a8ce7147bd946af0?s=24&d=retro", "openid": "pcw.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 901145, "bug_id": 1679139, "comment": {"karma": 0, "karma_critpath": 0, "text": "Thank you for testing the update!", "timestamp": "2019-02-27 22:11:42", "update_id": 132375, "user_id": 576, "id": 901145, "testcase_feedback": [], "user": {"name": "kdudka", "email": "kdudka@redhat.com", "id": 576, "avatar": "https://seccdn.libravatar.org/avatar/81b8a3402cb4e17c69f622fa0a54731bb27b625f8fbd396a7583318619a15395?s=24&d=retro", "openid": "kdudka.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "gitcgt"}, {"name": "gitcsmock"}, {"name": "gitnsspem"}, {"name": "fedorabugs"}, {"name": "aufover"}, {"name": "gitcscppc"}, {"name": "signed_fpca"}, {"name": "ipausers"}, {"name": "gitcswrap"}, {"name": "gitcodescan-diff"}, {"name": "fedora-contributor"}, {"name": "openscanhub"}, {"name": "trust admins"}]}}}, {"karma": 0, "comment_id": 902005, "bug_id": 1679139, "comment": {"karma": 1, "karma_critpath": 0, "text": "no regressions noted", "timestamp": "2019-03-01 18:29:29", "update_id": 132376, "user_id": 2998, "id": 902005, "testcase_feedback": [], "user": {"name": "samoht0", "email": "samoht0-bugzilla@yahoo.com", "id": 2998, "avatar": "https://seccdn.libravatar.org/avatar/4a429e081c6c9f7b9d9cd4a3f4037fc93517c13e17258f8549f2d2f85f0912e7?s=24&d=retro", "openid": "samoht0.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "trust admins"}]}}}, {"karma": 0, "comment_id": 906498, "bug_id": 1679139, "comment": {"karma": 0, "karma_critpath": 0, "text": "Thank you for testing the update!", "timestamp": "2019-03-11 14:35:52", "update_id": 132376, "user_id": 576, "id": 906498, "testcase_feedback": [], "user": {"name": "kdudka", "email": "kdudka@redhat.com", "id": 576, "avatar": "https://seccdn.libravatar.org/avatar/81b8a3402cb4e17c69f622fa0a54731bb27b625f8fbd396a7583318619a15395?s=24&d=retro", "openid": "kdudka.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "gitcgt"}, {"name": "gitcsmock"}, {"name": "gitnsspem"}, {"name": "fedorabugs"}, {"name": "aufover"}, {"name": "gitcscppc"}, {"name": "signed_fpca"}, {"name": "ipausers"}, {"name": "gitcswrap"}, {"name": "gitcodescan-diff"}, {"name": "fedora-contributor"}, {"name": "openscanhub"}, {"name": "trust admins"}]}}}]}, {"bug_id": 1679176, "title": "CVE-2019-8906 file: out-of-bounds read in do_core_note in readelf.c [fedora-all]", "security": true, "parent": false, "feedback": [{"karma": 0, "comment_id": 900971, "bug_id": 1679176, "comment": {"karma": 1, "karma_critpath": 1, "text": "Works for me", "timestamp": "2019-02-27 09:53:55", "update_id": 132375, "user_id": 4616, "id": 900971, "testcase_feedback": [], "user": {"name": "pcw", "email": "mail@pcwhite.com", "id": 4616, "avatar": "https://seccdn.libravatar.org/avatar/d7738f90f4dd43a6a885c2186c1c125d1a619d01411091d2a8ce7147bd946af0?s=24&d=retro", "openid": "pcw.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 901145, "bug_id": 1679176, "comment": {"karma": 0, "karma_critpath": 0, "text": "Thank you for testing the update!", "timestamp": "2019-02-27 22:11:42", "update_id": 132375, "user_id": 576, "id": 901145, "testcase_feedback": [], "user": {"name": "kdudka", "email": "kdudka@redhat.com", "id": 576, "avatar": "https://seccdn.libravatar.org/avatar/81b8a3402cb4e17c69f622fa0a54731bb27b625f8fbd396a7583318619a15395?s=24&d=retro", "openid": "kdudka.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "gitcgt"}, {"name": "gitcsmock"}, {"name": "gitnsspem"}, {"name": "fedorabugs"}, {"name": "aufover"}, {"name": "gitcscppc"}, {"name": "signed_fpca"}, {"name": "ipausers"}, {"name": "gitcswrap"}, {"name": "gitcodescan-diff"}, {"name": "fedora-contributor"}, {"name": "openscanhub"}, {"name": "trust admins"}]}}}, {"karma": 0, "comment_id": 902005, "bug_id": 1679176, "comment": {"karma": 1, "karma_critpath": 0, "text": "no regressions noted", "timestamp": "2019-03-01 18:29:29", "update_id": 132376, "user_id": 2998, "id": 902005, "testcase_feedback": [], "user": {"name": "samoht0", "email": "samoht0-bugzilla@yahoo.com", "id": 2998, "avatar": "https://seccdn.libravatar.org/avatar/4a429e081c6c9f7b9d9cd4a3f4037fc93517c13e17258f8549f2d2f85f0912e7?s=24&d=retro", "openid": "samoht0.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "trust admins"}]}}}, {"karma": 0, "comment_id": 906498, "bug_id": 1679176, "comment": {"karma": 0, "karma_critpath": 0, "text": "Thank you for testing the update!", "timestamp": "2019-03-11 14:35:52", "update_id": 132376, "user_id": 576, "id": 906498, "testcase_feedback": [], "user": {"name": "kdudka", "email": "kdudka@redhat.com", "id": 576, "avatar": "https://seccdn.libravatar.org/avatar/81b8a3402cb4e17c69f622fa0a54731bb27b625f8fbd396a7583318619a15395?s=24&d=retro", "openid": "kdudka.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "gitcgt"}, {"name": "gitcsmock"}, {"name": "gitnsspem"}, {"name": "fedorabugs"}, {"name": "aufover"}, {"name": "gitcscppc"}, {"name": "signed_fpca"}, {"name": "ipausers"}, {"name": "gitcswrap"}, {"name": "gitcodescan-diff"}, {"name": "fedora-contributor"}, {"name": "openscanhub"}, {"name": "trust admins"}]}}}]}, {"bug_id": 1679182, "title": "CVE-2019-8905 file: stack-based buffer over-read in do_core_note in readelf.c [fedora-all]", "security": true, "parent": false, "feedback": [{"karma": 0, "comment_id": 900971, "bug_id": 1679182, "comment": {"karma": 1, "karma_critpath": 1, "text": "Works for me", "timestamp": "2019-02-27 09:53:55", "update_id": 132375, "user_id": 4616, "id": 900971, "testcase_feedback": [], "user": {"name": "pcw", "email": "mail@pcwhite.com", "id": 4616, "avatar": "https://seccdn.libravatar.org/avatar/d7738f90f4dd43a6a885c2186c1c125d1a619d01411091d2a8ce7147bd946af0?s=24&d=retro", "openid": "pcw.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 901145, "bug_id": 1679182, "comment": {"karma": 0, "karma_critpath": 0, "text": "Thank you for testing the update!", "timestamp": "2019-02-27 22:11:42", "update_id": 132375, "user_id": 576, "id": 901145, "testcase_feedback": [], "user": {"name": "kdudka", "email": "kdudka@redhat.com", "id": 576, "avatar": "https://seccdn.libravatar.org/avatar/81b8a3402cb4e17c69f622fa0a54731bb27b625f8fbd396a7583318619a15395?s=24&d=retro", "openid": "kdudka.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "gitcgt"}, {"name": "gitcsmock"}, {"name": "gitnsspem"}, {"name": "fedorabugs"}, {"name": "aufover"}, {"name": "gitcscppc"}, {"name": "signed_fpca"}, {"name": "ipausers"}, {"name": "gitcswrap"}, {"name": "gitcodescan-diff"}, {"name": "fedora-contributor"}, {"name": "openscanhub"}, {"name": "trust admins"}]}}}, {"karma": 0, "comment_id": 902005, "bug_id": 1679182, "comment": {"karma": 1, "karma_critpath": 0, "text": "no regressions noted", "timestamp": "2019-03-01 18:29:29", "update_id": 132376, "user_id": 2998, "id": 902005, "testcase_feedback": [], "user": {"name": "samoht0", "email": "samoht0-bugzilla@yahoo.com", "id": 2998, "avatar": "https://seccdn.libravatar.org/avatar/4a429e081c6c9f7b9d9cd4a3f4037fc93517c13e17258f8549f2d2f85f0912e7?s=24&d=retro", "openid": "samoht0.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "trust admins"}]}}}, {"karma": 0, "comment_id": 906498, "bug_id": 1679182, "comment": {"karma": 0, "karma_critpath": 0, "text": "Thank you for testing the update!", "timestamp": "2019-03-11 14:35:52", "update_id": 132376, "user_id": 576, "id": 906498, "testcase_feedback": [], "user": {"name": "kdudka", "email": "kdudka@redhat.com", "id": 576, "avatar": "https://seccdn.libravatar.org/avatar/81b8a3402cb4e17c69f622fa0a54731bb27b625f8fbd396a7583318619a15395?s=24&d=retro", "openid": "kdudka.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "gitcgt"}, {"name": "gitcsmock"}, {"name": "gitnsspem"}, {"name": "fedorabugs"}, {"name": "aufover"}, {"name": "gitcscppc"}, {"name": "signed_fpca"}, {"name": "ipausers"}, {"name": "gitcswrap"}, {"name": "gitcodescan-diff"}, {"name": "fedora-contributor"}, {"name": "openscanhub"}, {"name": "trust admins"}]}}}]}, {"bug_id": 1679189, "title": "CVE-2019-8904 file: stack-based buffer over-read in do_bid_note in readelf.c [fedora-all]", "security": true, "parent": false, "feedback": [{"karma": 0, "comment_id": 900971, "bug_id": 1679189, "comment": {"karma": 1, "karma_critpath": 1, "text": "Works for me", "timestamp": "2019-02-27 09:53:55", "update_id": 132375, "user_id": 4616, "id": 900971, "testcase_feedback": [], "user": {"name": "pcw", "email": "mail@pcwhite.com", "id": 4616, "avatar": "https://seccdn.libravatar.org/avatar/d7738f90f4dd43a6a885c2186c1c125d1a619d01411091d2a8ce7147bd946af0?s=24&d=retro", "openid": "pcw.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 901145, "bug_id": 1679189, "comment": {"karma": 0, "karma_critpath": 0, "text": "Thank you for testing the update!", "timestamp": "2019-02-27 22:11:42", "update_id": 132375, "user_id": 576, "id": 901145, "testcase_feedback": [], "user": {"name": "kdudka", "email": "kdudka@redhat.com", "id": 576, "avatar": "https://seccdn.libravatar.org/avatar/81b8a3402cb4e17c69f622fa0a54731bb27b625f8fbd396a7583318619a15395?s=24&d=retro", "openid": "kdudka.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "gitcgt"}, {"name": "gitcsmock"}, {"name": "gitnsspem"}, {"name": "fedorabugs"}, {"name": "aufover"}, {"name": "gitcscppc"}, {"name": "signed_fpca"}, {"name": "ipausers"}, {"name": "gitcswrap"}, {"name": "gitcodescan-diff"}, {"name": "fedora-contributor"}, {"name": "openscanhub"}, {"name": "trust admins"}]}}}]}], "updateid": "FEDORA-2019-15f5147b27", "karma": 3, "content_type": "rpm", "test_cases": []}, "can_edit": false, "ci_allowed": false}