{"update": {"autokarma": true, "autotime": true, "stable_karma": 3, "stable_days": 14, "unstable_karma": -3, "require_bugs": true, "require_testcases": true, "display_name": "", "notes": "hcd-xhci: infinite loop in xhci_ring_chain_length (CVE-2020-14394)\nati-vga: out-of-bounds write in ati_2d_blt (CVE-2021-3638)\nacpi erst: memory corruption issues (CVE-2022-4172)\nqxl: qxl_phys2virt unsafe address translation (CVE-2022-4144)", "type": "security", "status": "stable", "request": null, "severity": "medium", "suggest": "unspecified", "locked": false, "pushed": true, "critpath": true, "critpath_groups": null, "close_bugs": true, "date_submitted": "2022-12-07 10:37:48", "date_modified": null, "date_approved": null, "date_testing": "2022-12-08 02:09:33", "date_stable": "2022-12-14 01:58:49", "alias": "FEDORA-2022-22b1f8dae2", "test_gating_status": "passed", "from_tag": null, "date_pushed": "2022-12-14 01:58:49", "meets_testing_requirements": true, "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2022-22b1f8dae2", "title": "qemu-7.0.0-12.fc37", "version_hash": "a8ba90f4e6bca8272a5943edd3189528a3ef8bb0", "release": {"name": "F37", "long_name": "Fedora 37", "version": "37", "id_prefix": "FEDORA", "branch": "f37", "dist_tag": "f37", "stable_tag": "f37-updates", "testing_tag": "f37-updates-testing", "candidate_tag": "f37-updates-candidate", "pending_signing_tag": "f37-signing-pending", "pending_testing_tag": "f37-updates-testing-pending", "pending_stable_tag": "f37-updates-pending", "override_tag": "f37-override", "mail_template": "fedora_errata_template", "state": "archived", "composed_by_bodhi": true, "create_automatic_updates": false, "package_manager": "dnf", "testing_repository": "updates-testing", "released_on": null, "eol": "2023-12-05", "critpath_mandatory_days_in_testing": 14, "mandatory_days_in_testing": 7, "critpath_min_karma": 2, "min_karma": 1, "setting_status": null}, "user": {"name": "mcascella", "email": "mcascell@redhat.com", "id": 7197, "avatar": "https://seccdn.libravatar.org/avatar/a1b46472954e90fc1acfc9c75d1243b632c5f097931faa414c36a7172e4c2161?s=24&d=retro", "openid": "mcascella.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "wikiedit"}]}, "comments": [{"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for testing by mcascella. ", "timestamp": "2022-12-07 10:37:48", "update_id": 466077, "user_id": 91, "id": 2810300, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'waiting'.", "timestamp": "2022-12-07 10:37:49", "update_id": 466077, "user_id": 91, "id": 2810301, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'passed'.", "timestamp": "2022-12-07 12:16:44", "update_id": 466077, "user_id": 91, "id": 2810393, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to testing.", "timestamp": "2022-12-08 02:10:52", "update_id": 466077, "user_id": 91, "id": 2811111, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'failed'.", "timestamp": "2022-12-08 02:11:06", "update_id": 466077, "user_id": 91, "id": 2811144, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'passed'.", "timestamp": "2022-12-08 02:21:13", "update_id": 466077, "user_id": 91, "id": 2811155, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 1, "karma_critpath": 0, "text": "Didn't spot any issues", "timestamp": "2022-12-08 09:59:38", "update_id": 466077, "user_id": 2240, "id": 2811445, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "frantisekz", "email": "fzatlouk@redhat.com", "id": 2240, "avatar": "https://seccdn.libravatar.org/avatar/665c5bc41bed444bc5fc8ea32da393449791968f9398dbe8ca045576e0ec52d3?s=24&d=retro", "openid": "frantisekz.id.fedoraproject.org", "groups": [{"name": "qa-tools-sig"}, {"name": "qa"}, {"name": "packager"}, {"name": "provenpackager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "sysadmin"}, {"name": "ambassadors"}, {"name": "sysadmin-qa"}, {"name": "advocates"}, {"name": "qa-admin"}]}}, {"karma": 1, "karma_critpath": 0, "text": "Works for me ", "timestamp": "2022-12-12 21:32:05", "update_id": 466077, "user_id": 2906, "id": 2815849, "bug_feedback": [{"karma": 0, "comment_id": 2815849, "bug_id": 1908050, "bug": {"bug_id": 1908050, "title": "CVE-2020-14394 qemu: infinite loop in xhci_ring_chain_length() in hw/usb/hcd-xhci.c [fedora-all]", "security": true, "parent": false}}, {"karma": 0, "comment_id": 2815849, "bug_id": 1979882, "bug": {"bug_id": 1979882, "title": "CVE-2021-3638 qemu: ati-vga: inconsistent check in ati_2d_blt() may lead to out-of-bounds write [fedora-all]", "security": true, "parent": false}}, {"karma": 0, "comment_id": 2815849, "bug_id": 2148542, "bug": {"bug_id": 2148542, "title": "CVE-2022-4144 qemu: QXL: qxl_phys2virt unsafe address translation can lead to out-of-bounds read [fedora-all]", "security": true, "parent": false}}, {"karma": 0, "comment_id": 2815849, "bug_id": 2149106, "bug": {"bug_id": 2149106, "title": "CVE-2022-4172 qemu: ACPI ERST: memory corruption issues in read_erst_record and write_erst_record [fedora-all]", "security": true, "parent": false}}], "testcase_feedback": [], "user": {"name": "nathan95", "email": "nathan95@live.it", "id": 2906, "avatar": "https://seccdn.libravatar.org/avatar/5846ea948e127e6de46181e636d02098acdd2aa5ea14f5a307ee61fae44bf56b?s=24&d=retro", "openid": "nathan95.id.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "trust admins"}]}}, {"karma": 0, "karma_critpath": 0, "text": "This update can be pushed to stable now if the maintainer wishes", "timestamp": "2022-12-12 21:33:57", "update_id": 466077, "user_id": 91, "id": 2815850, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 1, "karma_critpath": 0, "text": "Works great!  LGTM!  =)", "timestamp": "2022-12-13 06:22:27", "update_id": 466077, "user_id": 206, "id": 2816480, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "besser82", "email": "besser82.fpo@gmail.com", "id": 206, "avatar": "https://seccdn.libravatar.org/avatar/28bacfa3be75032390ac2c7a34599aeb825c3b62b2c55ef64821d2fc023b56cb?s=24&d=retro", "openid": "besser82.id.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "designteam"}, {"name": "shogun-ca"}, {"name": "alt-gtk-de-sig"}, {"name": "trust admins"}]}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for stable by bodhi. ", "timestamp": "2022-12-13 06:22:28", "update_id": 466077, "user_id": 91, "id": 2816481, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to stable.", "timestamp": "2022-12-14 02:00:30", "update_id": 466077, "user_id": 91, "id": 2817673, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}], "builds": [{"nvr": "qemu-7.0.0-12.fc37", "signed": true, "release_id": 62, "type": "rpm", "epoch": 2}], "bugs": [{"bug_id": 1908050, "title": "CVE-2020-14394 qemu: infinite loop in xhci_ring_chain_length() in hw/usb/hcd-xhci.c [fedora-all]", "security": true, "parent": false, "feedback": [{"karma": 0, "comment_id": 2815849, "bug_id": 1908050, "comment": {"karma": 1, "karma_critpath": 0, "text": "Works for me ", "timestamp": "2022-12-12 21:32:05", "update_id": 466077, "user_id": 2906, "id": 2815849, "testcase_feedback": [], "user": {"name": "nathan95", "email": "nathan95@live.it", "id": 2906, "avatar": "https://seccdn.libravatar.org/avatar/5846ea948e127e6de46181e636d02098acdd2aa5ea14f5a307ee61fae44bf56b?s=24&d=retro", "openid": "nathan95.id.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "trust admins"}]}}}]}, {"bug_id": 1979882, "title": "CVE-2021-3638 qemu: ati-vga: inconsistent check in ati_2d_blt() may lead to out-of-bounds write [fedora-all]", "security": true, "parent": false, "feedback": [{"karma": 0, "comment_id": 2839009, "bug_id": 1979882, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2023-01-08 04:35:32", "update_id": 470932, "user_id": 5881, "id": 2839009, "testcase_feedback": [], "user": {"name": "geraldosimiao", "email": "geraldo.simiao.kutz@gmail.com", "id": 5881, "avatar": "https://seccdn.libravatar.org/avatar/03fa5b58e8ac78544bf41ad8ecf9ee1920f2ebedb86542c2f4cdf7ef15813168?s=24&d=retro", "openid": "geraldosimiao.id.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "fedora-br"}, {"name": "advocates"}, {"name": "respins-sig"}]}}}, {"karma": 0, "comment_id": 2815849, "bug_id": 1979882, "comment": {"karma": 1, "karma_critpath": 0, "text": "Works for me ", "timestamp": "2022-12-12 21:32:05", "update_id": 466077, "user_id": 2906, "id": 2815849, "testcase_feedback": [], "user": {"name": "nathan95", "email": "nathan95@live.it", "id": 2906, "avatar": "https://seccdn.libravatar.org/avatar/5846ea948e127e6de46181e636d02098acdd2aa5ea14f5a307ee61fae44bf56b?s=24&d=retro", "openid": "nathan95.id.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "trust admins"}]}}}]}, {"bug_id": 2148542, "title": "CVE-2022-4144 qemu: QXL: qxl_phys2virt unsafe address translation can lead to out-of-bounds read [fedora-all]", "security": true, "parent": false, "feedback": [{"karma": 0, "comment_id": 2839009, "bug_id": 2148542, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2023-01-08 04:35:32", "update_id": 470932, "user_id": 5881, "id": 2839009, "testcase_feedback": [], "user": {"name": "geraldosimiao", "email": "geraldo.simiao.kutz@gmail.com", "id": 5881, "avatar": "https://seccdn.libravatar.org/avatar/03fa5b58e8ac78544bf41ad8ecf9ee1920f2ebedb86542c2f4cdf7ef15813168?s=24&d=retro", "openid": "geraldosimiao.id.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "fedora-br"}, {"name": "advocates"}, {"name": "respins-sig"}]}}}, {"karma": 0, "comment_id": 2815849, "bug_id": 2148542, "comment": {"karma": 1, "karma_critpath": 0, "text": "Works for me ", "timestamp": "2022-12-12 21:32:05", "update_id": 466077, "user_id": 2906, "id": 2815849, "testcase_feedback": [], "user": {"name": "nathan95", "email": "nathan95@live.it", "id": 2906, "avatar": "https://seccdn.libravatar.org/avatar/5846ea948e127e6de46181e636d02098acdd2aa5ea14f5a307ee61fae44bf56b?s=24&d=retro", "openid": "nathan95.id.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "trust admins"}]}}}]}, {"bug_id": 2149106, "title": "CVE-2022-4172 qemu: ACPI ERST: memory corruption issues in read_erst_record and write_erst_record [fedora-all]", "security": true, "parent": false, "feedback": [{"karma": 0, "comment_id": 2815849, "bug_id": 2149106, "comment": {"karma": 1, "karma_critpath": 0, "text": "Works for me ", "timestamp": "2022-12-12 21:32:05", "update_id": 466077, "user_id": 2906, "id": 2815849, "testcase_feedback": [], "user": {"name": "nathan95", "email": "nathan95@live.it", "id": 2906, "avatar": "https://seccdn.libravatar.org/avatar/5846ea948e127e6de46181e636d02098acdd2aa5ea14f5a307ee61fae44bf56b?s=24&d=retro", "openid": "nathan95.id.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "trust admins"}]}}}]}], "updateid": "FEDORA-2022-22b1f8dae2", "karma": 3, "content_type": "rpm", "test_cases": []}, "can_edit": false, "ci_allowed": false}