{"update": {"autokarma": true, "autotime": true, "stable_karma": 1, "stable_days": 7, "unstable_karma": -1, "require_bugs": true, "require_testcases": false, "display_name": "", "notes": "Update to 3.8.8. Security fix for CVE-2021-23336.\n", "type": "security", "status": "stable", "request": null, "severity": "medium", "suggest": "unspecified", "locked": false, "pushed": true, "critpath": false, "critpath_groups": null, "close_bugs": true, "date_submitted": "2021-02-20 19:57:00", "date_modified": "2021-02-20 19:58:42", "date_approved": null, "date_testing": "2021-02-21 01:02:05", "date_stable": "2021-02-24 20:38:52", "alias": "FEDORA-2021-7d3a9004e2", "test_gating_status": "ignored", "from_tag": null, "date_pushed": "2021-02-24 20:38:52", "meets_testing_requirements": true, "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2021-7d3a9004e2", "title": "python3.8-3.8.8-1.fc33", "version_hash": "b7260b12cf0672a5a292fb4d62b2f31dc7fb420f", "release": {"name": "F33", "long_name": "Fedora 33", "version": "33", "id_prefix": "FEDORA", "branch": "f33", "dist_tag": "f33", "stable_tag": "f33-updates", "testing_tag": "f33-updates-testing", "candidate_tag": "f33-updates-candidate", "pending_signing_tag": "f33-signing-pending", "pending_testing_tag": "f33-updates-testing-pending", "pending_stable_tag": "f33-updates-pending", "override_tag": "f33-override", "mail_template": "fedora_errata_template", "state": "archived", "composed_by_bodhi": true, "create_automatic_updates": false, "package_manager": "dnf", "testing_repository": "updates-testing", "released_on": null, "eol": null, "critpath_mandatory_days_in_testing": 14, "mandatory_days_in_testing": 7, "critpath_min_karma": 2, "min_karma": 1, "setting_status": null}, "user": {"name": "churchyard", "email": "mhroncok@redhat.com", "id": 533, "avatar": "https://seccdn.libravatar.org/avatar/e221b70024cf971d8b43de0260d2babde9179cdf72605bf3168420e3efe07423?s=24&d=retro", "openid": "churchyard.id.fedoraproject.org", "groups": [{"name": "provenpackager"}, {"name": "packager"}, {"name": "python-sig"}, {"name": "signed_fpca"}, {"name": "3d-printing-sig"}, {"name": "python-packagers-sig"}, {"name": "fedora-contributor"}, {"name": "sysadmin-badges"}, {"name": "ipausers"}, {"name": "sysadmin"}, {"name": "lua-packagers-sig"}, {"name": "fedorabugs"}, {"name": "cvsadmin"}, {"name": "ambassadors"}, {"name": "packaging-committee"}, {"name": "advocates"}]}, "comments": [{"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for testing by churchyard. ", "timestamp": "2021-02-20 19:57:00", "update_id": 285690, "user_id": 91, "id": 1897705, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'ignored'.", "timestamp": "2021-02-20 19:57:01", "update_id": 285690, "user_id": 91, "id": 1897706, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'waiting'.", "timestamp": "2021-02-20 19:57:01", "update_id": 285690, "user_id": 91, "id": 1897707, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "churchyard edited this update.", "timestamp": "2021-02-20 19:58:41", "update_id": 285690, "user_id": 91, "id": 1897711, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'ignored'.", "timestamp": "2021-02-20 19:58:42", "update_id": 285690, "user_id": 91, "id": 1897712, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to testing.", "timestamp": "2021-02-21 01:02:45", "update_id": 285690, "user_id": 91, "id": 1898083, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 1, "karma_critpath": 0, "text": "Works well and fixes the CVE.", "timestamp": "2021-02-22 08:24:06", "update_id": 285690, "user_id": 2936, "id": 1899564, "bug_feedback": [{"karma": 1, "comment_id": 1899564, "bug_id": 1928904, "bug": {"bug_id": 1928904, "title": "CVE-2021-23336 python: Web cache poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a semicolon in query parameters", "security": true, "parent": true}}, {"karma": 1, "comment_id": 1899564, "bug_id": 1928920, "bug": {"bug_id": 1928920, "title": "CVE-2021-23336 python3.8: python: Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a semicolon in query parameters [fedora-all]", "security": true, "parent": false}}], "testcase_feedback": [], "user": {"name": "lbalhar", "email": "lbalhar@redhat.com", "id": 2936, "avatar": "https://seccdn.libravatar.org/avatar/789052d5e25db3b2c36725adeaa296f78df20334671edbb69ba42f419e1bfac4?s=24&d=retro", "openid": "lbalhar.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "python-sig"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "realtime"}, {"name": "machine-learning-sig"}, {"name": "3d-printing-sig"}, {"name": "python-packagers-sig"}]}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for stable by bodhi. ", "timestamp": "2021-02-22 08:24:07", "update_id": 285690, "user_id": 91, "id": 1899565, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to stable.", "timestamp": "2021-02-24 20:42:17", "update_id": 285690, "user_id": 91, "id": 1905272, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}], "builds": [{"nvr": "python3.8-3.8.8-1.fc33", "signed": true, "release_id": 40, "type": "rpm", "epoch": 0}], "bugs": [{"bug_id": 1928904, "title": "CVE-2021-23336 python: Web cache poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a semicolon in query parameters", "security": true, "parent": true, "feedback": [{"karma": 0, "comment_id": 1906111, "bug_id": 1928904, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-02-25 09:05:13", "update_id": 285691, "user_id": 5788, "id": 1906111, "testcase_feedback": [], "user": {"name": "newbyte", "email": "newbytee@protonmail.com", "id": 5788, "avatar": "https://seccdn.libravatar.org/avatar/1145909981d8c40c4ac913f9ca74a636dcae74708bf63b119a47ce3492f488af?s=24&d=retro", "openid": "newbyte.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 1899766, "bug_id": 1928904, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-02-22 10:38:31", "update_id": 285832, "user_id": 198, "id": 1899766, "testcase_feedback": [], "user": {"name": "bojan", "email": "bojan@rexursive.com", "id": 198, "avatar": "https://seccdn.libravatar.org/avatar/adb4c3f28bd6969871988f992b1bf71e404f03e3570fbfa0fc9bd7d0bf0003f8?s=24&d=retro", "openid": "bojan.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}}, {"karma": 0, "comment_id": 1901436, "bug_id": 1928904, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-02-23 01:45:30", "update_id": 285832, "user_id": 4120, "id": 1901436, "testcase_feedback": [], "user": {"name": "atim", "email": "ego.cordatus@gmail.com", "id": 4120, "avatar": "https://seccdn.libravatar.org/avatar/8c3a317a13d88ca7421098b94cce0501c97ca2283e7139c4992df34f6218fb3b?s=24&d=retro", "openid": "atim.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "rust-sig"}, {"name": "trust admins"}]}}}, {"karma": 1, "comment_id": 1895187, "bug_id": 1928904, "comment": {"karma": 1, "karma_critpath": 0, "text": "Works well and fixes all mentioned CVEs.", "timestamp": "2021-02-19 08:50:41", "update_id": 284435, "user_id": 2936, "id": 1895187, "testcase_feedback": [], "user": {"name": "lbalhar", "email": "lbalhar@redhat.com", "id": 2936, "avatar": "https://seccdn.libravatar.org/avatar/789052d5e25db3b2c36725adeaa296f78df20334671edbb69ba42f419e1bfac4?s=24&d=retro", "openid": "lbalhar.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "python-sig"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "realtime"}, {"name": "machine-learning-sig"}, {"name": "3d-printing-sig"}, {"name": "python-packagers-sig"}]}}}, {"karma": 1, "comment_id": 1895189, "bug_id": 1928904, "comment": {"karma": 1, "karma_critpath": 0, "text": "Works well and fixes all mentioned CVEs.", "timestamp": "2021-02-19 08:51:02", "update_id": 284499, "user_id": 2936, "id": 1895189, "testcase_feedback": [], "user": {"name": "lbalhar", "email": "lbalhar@redhat.com", "id": 2936, "avatar": "https://seccdn.libravatar.org/avatar/789052d5e25db3b2c36725adeaa296f78df20334671edbb69ba42f419e1bfac4?s=24&d=retro", "openid": "lbalhar.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "python-sig"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "realtime"}, {"name": "machine-learning-sig"}, {"name": "3d-printing-sig"}, {"name": "python-packagers-sig"}]}}}, {"karma": 1, "comment_id": 1899563, "bug_id": 1928904, "comment": {"karma": 1, "karma_critpath": 0, "text": "Works well and fixes the CVE.", "timestamp": "2021-02-22 08:24:04", "update_id": 285832, "user_id": 2936, "id": 1899563, "testcase_feedback": [], "user": {"name": "lbalhar", "email": "lbalhar@redhat.com", "id": 2936, "avatar": "https://seccdn.libravatar.org/avatar/789052d5e25db3b2c36725adeaa296f78df20334671edbb69ba42f419e1bfac4?s=24&d=retro", "openid": "lbalhar.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "python-sig"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "realtime"}, {"name": "machine-learning-sig"}, {"name": "3d-printing-sig"}, {"name": "python-packagers-sig"}]}}}, {"karma": 1, "comment_id": 1899564, "bug_id": 1928904, "comment": {"karma": 1, "karma_critpath": 0, "text": "Works well and fixes the CVE.", "timestamp": "2021-02-22 08:24:06", "update_id": 285690, "user_id": 2936, "id": 1899564, "testcase_feedback": [], "user": {"name": "lbalhar", "email": "lbalhar@redhat.com", "id": 2936, "avatar": "https://seccdn.libravatar.org/avatar/789052d5e25db3b2c36725adeaa296f78df20334671edbb69ba42f419e1bfac4?s=24&d=retro", "openid": "lbalhar.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "python-sig"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "realtime"}, {"name": "machine-learning-sig"}, {"name": "3d-printing-sig"}, {"name": "python-packagers-sig"}]}}}, {"karma": 0, "comment_id": 1900849, "bug_id": 1928904, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-02-22 19:28:50", "update_id": 285832, "user_id": 5615, "id": 1900849, "testcase_feedback": [], "user": {"name": "ersen", "email": "oguz@ersen.moe", "id": 5615, "avatar": "https://seccdn.libravatar.org/avatar/b7a62226e7d88529ca69787274bacac45092c0f9bc56e521090d83f859529ce4?s=24&d=retro", "openid": "ersen.id.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "l10n"}, {"name": "fedora-join"}, {"name": "ask-fedora"}, {"name": "trust admins"}]}}}, {"karma": 0, "comment_id": 1903234, "bug_id": 1928904, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-02-23 21:02:34", "update_id": 285832, "user_id": 5881, "id": 1903234, "testcase_feedback": [], "user": {"name": "geraldosimiao", "email": "geraldo.simiao.kutz@gmail.com", "id": 5881, "avatar": "https://seccdn.libravatar.org/avatar/03fa5b58e8ac78544bf41ad8ecf9ee1920f2ebedb86542c2f4cdf7ef15813168?s=24&d=retro", "openid": "geraldosimiao.id.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "fedora-br"}, {"name": "advocates"}, {"name": "respins-sig"}, {"name": "trust admins"}]}}}, {"karma": 0, "comment_id": 1912966, "bug_id": 1928904, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-03-02 15:42:34", "update_id": 285691, "user_id": 5881, "id": 1912966, "testcase_feedback": [], "user": {"name": "geraldosimiao", "email": "geraldo.simiao.kutz@gmail.com", "id": 5881, "avatar": "https://seccdn.libravatar.org/avatar/03fa5b58e8ac78544bf41ad8ecf9ee1920f2ebedb86542c2f4cdf7ef15813168?s=24&d=retro", "openid": "geraldosimiao.id.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "fedora-br"}, {"name": "advocates"}, {"name": "respins-sig"}, {"name": "trust admins"}]}}}, {"karma": 0, "comment_id": 1923531, "bug_id": 1928904, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-03-05 21:29:00", "update_id": 285691, "user_id": 534, "id": 1923531, "testcase_feedback": [], "user": {"name": "ngompa", "email": "ngompa13@gmail.com", "id": 534, "avatar": "https://seccdn.libravatar.org/avatar/78eb5545c77d95a891c05cb362dfc4525c92e5398a7645c5bd23e126784d44a9?s=24&d=retro", "openid": "ngompa.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "python-sig"}, {"name": "provenpackager"}, {"name": "kde-sig"}, {"name": "communishift"}, {"name": "kaizen"}, {"name": "respins-sig"}, {"name": "fedorabugs"}, {"name": "ipausers"}, {"name": "sig-hyperscale"}, {"name": "epel-packagers-sig"}, {"name": "fedora-contributor"}, {"name": "python-packagers-sig"}, {"name": "signed_fpca"}, {"name": "centosproject-email-aliases"}, {"name": "caddy"}, {"name": "fesco"}, {"name": "sig-extras"}, {"name": "go-sig"}, {"name": "rust-sig"}, {"name": "gitlab-centos-sig-hyperscale"}, {"name": "sig-altimages"}, {"name": "ocp-cico-hyperscale"}, {"name": "asahi-sig"}, {"name": "lxqt-sig"}, {"name": "sig-docs"}, {"name": "discourse-experiments"}, {"name": "multimedia-sig"}, {"name": "discussion-mods-asahi"}, {"name": "asahi-sig-admin"}, {"name": "cloud-sig"}, {"name": "pantheon-sig"}, {"name": "gitlab-centos-sig-altimages"}, {"name": "cosmic-sig"}, {"name": "ocp-cico-pagure"}, {"name": "btrfs-sig"}, {"name": "metrics-sig"}, {"name": "miracle-sig"}, {"name": "xr-sig"}, {"name": "budgie-sig"}]}}}, {"karma": 0, "comment_id": 1981156, "bug_id": 1928904, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-04-11 11:54:35", "update_id": 297811, "user_id": 5881, "id": 1981156, "testcase_feedback": [], "user": {"name": "geraldosimiao", "email": "geraldo.simiao.kutz@gmail.com", "id": 5881, "avatar": "https://seccdn.libravatar.org/avatar/03fa5b58e8ac78544bf41ad8ecf9ee1920f2ebedb86542c2f4cdf7ef15813168?s=24&d=retro", "openid": "geraldosimiao.id.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "fedora-br"}, {"name": "advocates"}, {"name": "respins-sig"}, {"name": "trust admins"}]}}}, {"karma": 0, "comment_id": 1979063, "bug_id": 1928904, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-04-09 06:49:50", "update_id": 297811, "user_id": 5615, "id": 1979063, "testcase_feedback": [], "user": {"name": "ersen", "email": "oguz@ersen.moe", "id": 5615, "avatar": "https://seccdn.libravatar.org/avatar/b7a62226e7d88529ca69787274bacac45092c0f9bc56e521090d83f859529ce4?s=24&d=retro", "openid": "ersen.id.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "l10n"}, {"name": "fedora-join"}, {"name": "ask-fedora"}, {"name": "trust admins"}]}}}]}, {"bug_id": 1928920, "title": "CVE-2021-23336 python3.8: python: Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a semicolon in query parameters [fedora-all]", "security": true, "parent": false, "feedback": [{"karma": 1, "comment_id": 1899564, "bug_id": 1928920, "comment": {"karma": 1, "karma_critpath": 0, "text": "Works well and fixes the CVE.", "timestamp": "2021-02-22 08:24:06", "update_id": 285690, "user_id": 2936, "id": 1899564, "testcase_feedback": [], "user": {"name": "lbalhar", "email": "lbalhar@redhat.com", "id": 2936, "avatar": "https://seccdn.libravatar.org/avatar/789052d5e25db3b2c36725adeaa296f78df20334671edbb69ba42f419e1bfac4?s=24&d=retro", "openid": "lbalhar.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "python-sig"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "realtime"}, {"name": "machine-learning-sig"}, {"name": "3d-printing-sig"}, {"name": "python-packagers-sig"}]}}}]}], "updateid": "FEDORA-2021-7d3a9004e2", "karma": 1, "content_type": "rpm", "test_cases": []}, "can_edit": false, "ci_allowed": false}