{"update": {"autokarma": false, "autotime": false, "stable_karma": 1, "stable_days": 7, "unstable_karma": -10, "require_bugs": false, "require_testcases": false, "display_name": "", "notes": "This update fixes **CVE-2019-14744 (kconfig arbitrary shell code execution)** in the KDE 3 compatibility version of kdelibs used by legacy KDE 3 applications.\n\nThe full list of fixes in this `kdelibs3` build:\n\n* fixes **CVE-2019-14744** - `kconfig`: malicious `.desktop` files (and others) would execute code. KConfig had a well-meaning feature that allowed configuration files to execute arbitrary shell commands. Unfortunately, this could be abused by untrusted `.desktop` files to execute arbitrary code as the target user, without the user even running the `.desktop` file. Therefore, this update removes that ill-fated feature. (Backported by Kevin Kofler from upstream: `kf5-kconfig` fix by David Faure, `kdelibs` 4 backport by Kai Uwe Broulik.)\n* adds native support for **xdg-user-dirs** for *Desktop* and *Documents*, without shelling out to `xdg-user-dir` from the config file. This is needed due to the above security fix. (This feature was previously implemented in the Fedora `kde-settings` by shelling out to `xdg-user-dir` from the config file using the KConfig feature removed above.) (Backported by Kevin Kofler from Trinity Desktop / Timothy Pearson.)\n* fixes a **KJS double-free** that could crash legacy KDE 3 applications such as Quanta Plus when trying to execute JavaScript. (Backported by OpenSUSE / Wolfgang Bauer from Trinity Desktop / Timothy Pearson.)\n", "type": "security", "status": "stable", "request": null, "severity": "urgent", "suggest": "unspecified", "locked": false, "pushed": true, "critpath": false, "critpath_groups": null, "close_bugs": false, "date_submitted": "2019-08-10 18:42:52", "date_modified": "2019-08-12 11:38:30", "date_approved": null, "date_testing": "2019-08-11 01:22:27", "date_stable": "2019-08-19 02:28:49", "alias": "FEDORA-2019-9f2ee52c88", "test_gating_status": "ignored", "from_tag": null, "date_pushed": "2019-08-19 02:28:49", "meets_testing_requirements": true, "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2019-9f2ee52c88", "title": "kdelibs3-3.5.10-101.fc29", "version_hash": "119014d3f36d2bc74a88a125d3b8ed15f87689af", "release": {"name": "F29", "long_name": "Fedora 29", "version": "29", "id_prefix": "FEDORA", "branch": "f29", "dist_tag": "f29", "stable_tag": "f29-updates", "testing_tag": "f29-updates-testing", "candidate_tag": "f29-updates-candidate", "pending_signing_tag": "f29-signing-pending", "pending_testing_tag": "f29-updates-testing-pending", "pending_stable_tag": "f29-updates-pending", "override_tag": "f29-override", "mail_template": "fedora_errata_template", "state": "archived", "composed_by_bodhi": true, "create_automatic_updates": false, "package_manager": "dnf", "testing_repository": "updates-testing", "released_on": null, "eol": null, "critpath_mandatory_days_in_testing": 14, "mandatory_days_in_testing": 7, "critpath_min_karma": 2, "min_karma": 1, "setting_status": null}, "user": {"name": "kkofler", "email": "kevin@tigcc.ticalc.org", "id": 886, "avatar": "https://seccdn.libravatar.org/avatar/8cd5027da3b6de8f3563cfd2fbb00330466a933ccda53eb004f13303a8c6dea9?s=24&d=retro", "openid": "kkofler.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "provenpackager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "gitspin-kickstarts"}, {"name": "svnkde-settings"}, {"name": "svnfedora-kde-artwork"}, {"name": "gitthemes"}, {"name": "art"}]}, "comments": [{"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for testing by kkofler. ", "timestamp": "2019-08-10 18:42:53", "update_id": 146266, "user_id": 91, "id": 993868, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'waiting'.", "timestamp": "2019-08-10 18:42:53", "update_id": 146266, "user_id": 91, "id": 993869, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'ignored'.", "timestamp": "2019-08-10 18:42:58", "update_id": 146266, "user_id": 91, "id": 993873, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to testing.", "timestamp": "2019-08-11 01:23:10", "update_id": 146266, "user_id": 91, "id": 994085, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'greenwave_failed'.", "timestamp": "2019-08-12 08:11:28", "update_id": 146266, "user_id": 91, "id": 995780, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'ignored'.", "timestamp": "2019-08-12 08:42:06", "update_id": 146266, "user_id": 91, "id": 996189, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "kkofler edited this update.", "timestamp": "2019-08-12 11:38:30", "update_id": 146266, "user_id": 91, "id": 998397, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update can be pushed to stable now if the maintainer wishes", "timestamp": "2019-08-18 01:24:30", "update_id": 146266, "user_id": 91, "id": 1005006, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for stable by kkofler. ", "timestamp": "2019-08-18 02:21:03", "update_id": 146266, "user_id": 91, "id": 1005021, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to stable.", "timestamp": "2019-08-19 02:29:31", "update_id": 146266, "user_id": 91, "id": 1005721, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}], "builds": [{"nvr": "kdelibs3-3.5.10-101.fc29", "signed": true, "release_id": 23, "type": "rpm", "epoch": 0}], "bugs": [{"bug_id": 1740138, "title": "CVE-2019-14744 kdelibs: malicious desktop files and configuration files lead to code execution with minimal user interaction", "security": true, "parent": true, "feedback": [{"karma": 0, "comment_id": 1000088, "bug_id": 1740138, "comment": {"karma": 1, "karma_critpath": 0, "text": "works for me", "timestamp": "2019-08-13 18:01:41", "update_id": 146885, "user_id": 2998, "id": 1000088, "testcase_feedback": [], "user": {"name": "samoht0", "email": "samoht0-bugzilla@yahoo.com", "id": 2998, "avatar": "https://seccdn.libravatar.org/avatar/4a429e081c6c9f7b9d9cd4a3f4037fc93517c13e17258f8549f2d2f85f0912e7?s=24&d=retro", "openid": "samoht0.id.fedoraproject.org", "groups": [{"name": "ipausers"}]}}}, {"karma": 0, "comment_id": 1000171, "bug_id": 1740138, "comment": {"karma": 1, "karma_critpath": 1, "text": "Works for me..", "timestamp": "2019-08-13 20:05:24", "update_id": 146885, "user_id": 449, "id": 1000171, "testcase_feedback": [], "user": {"name": "g6avk", "email": "colin.thomson@g6avk.co.uk", "id": 449, "avatar": "https://seccdn.libravatar.org/avatar/a9a8954c462d35fa59f7eeec4e480384f9d1ec0271262a4530bfbf09340120f5?s=24&d=retro", "openid": "g6avk.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}]}], "updateid": "FEDORA-2019-9f2ee52c88", "karma": 0, "content_type": "rpm", "test_cases": []}, "can_edit": false, "ci_allowed": false}