{"update": {"autokarma": true, "autotime": true, "stable_karma": 3, "stable_days": 7, "unstable_karma": -3, "require_bugs": true, "require_testcases": true, "display_name": "", "notes": "Rebuild for CVE-20220-{3064,41717,41723}\n", "type": "security", "status": "stable", "request": null, "severity": "high", "suggest": "unspecified", "locked": false, "pushed": true, "critpath": false, "critpath_groups": "", "close_bugs": true, "date_submitted": "2023-03-15 22:14:05", "date_modified": "2023-03-15 22:21:09", "date_approved": "2023-03-23 19:30:13", "date_testing": "2023-03-16 19:28:23", "date_stable": "2023-03-24 01:54:14", "alias": "FEDORA-2023-ca444fdecf", "test_gating_status": "ignored", "from_tag": null, "date_pushed": "2023-03-24 01:54:14", "meets_testing_requirements": true, "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-ca444fdecf", "title": "gmailctl-0.10.6-2.fc37", "version_hash": "7a50f40836aeb53f94a48cdb8a0c39259c446505", "release": {"name": "F37", "long_name": "Fedora 37", "version": "37", "id_prefix": "FEDORA", "branch": "f37", "dist_tag": "f37", "stable_tag": "f37-updates", "testing_tag": "f37-updates-testing", "candidate_tag": "f37-updates-candidate", "pending_signing_tag": "f37-signing-pending", "pending_testing_tag": "f37-updates-testing-pending", "pending_stable_tag": "f37-updates-pending", "override_tag": "f37-override", "mail_template": "fedora_errata_template", "state": "archived", "composed_by_bodhi": true, "create_automatic_updates": false, "package_manager": "dnf", "testing_repository": "updates-testing", "released_on": null, "eol": "2023-12-05", "critpath_mandatory_days_in_testing": 14, "mandatory_days_in_testing": 7, "critpath_min_karma": 2, "min_karma": 1, "setting_status": null}, "user": {"name": "fuller", "email": "mark.e.fuller@gmx.de", "id": 6320, "avatar": "https://seccdn.libravatar.org/avatar/ce49a72df0e4e271bfdbbbb70d2692eb8f1b60e5565b1d2a80b2f62d7ca96d0f?s=24&d=retro", "openid": "fuller.id.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "l10n"}, {"name": "cvsl10n"}, {"name": "go-sig"}, {"name": "scitech"}, {"name": "common-issues-triage"}]}, "comments": [{"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for testing by fuller. ", "timestamp": "2023-03-15 22:14:05", "update_id": 494856, "user_id": 91, "id": 2947316, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'ignored'.", "timestamp": "2023-03-15 22:14:05", "update_id": 494856, "user_id": 91, "id": 2947317, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "fuller edited this update.", "timestamp": "2023-03-15 22:21:09", "update_id": 494856, "user_id": 91, "id": 2947330, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to testing.", "timestamp": "2023-03-16 19:30:09", "update_id": 494856, "user_id": 91, "id": 2948706, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for stable by bodhi. ", "timestamp": "2023-03-23 19:30:14", "update_id": 494856, "user_id": 91, "id": 2957830, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to stable.", "timestamp": "2023-03-24 01:56:00", "update_id": 494856, "user_id": 91, "id": 2958125, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}], "builds": [{"nvr": "gmailctl-0.10.6-2.fc37", "signed": true, "release_id": 62, "type": "rpm", "epoch": 0}], "bugs": [{"bug_id": 2161274, "title": "CVE-2022-41717 golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests", "security": true, "parent": true, "feedback": [{"karma": 0, "comment_id": 2947335, "bug_id": 2161274, "comment": {"karma": 0, "karma_critpath": 0, "text": "CVE Bugs were not opened specifically against this version, but rebuilding just in case", "timestamp": "2023-03-15 22:28:53", "update_id": 494862, "user_id": 6320, "id": 2947335, "testcase_feedback": [], "user": {"name": "fuller", "email": "mark.e.fuller@gmx.de", "id": 6320, "avatar": "https://seccdn.libravatar.org/avatar/ce49a72df0e4e271bfdbbbb70d2692eb8f1b60e5565b1d2a80b2f62d7ca96d0f?s=24&d=retro", "openid": "fuller.id.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "l10n"}, {"name": "cvsl10n"}, {"name": "go-sig"}, {"name": "scitech"}, {"name": "common-issues-triage"}]}}}]}, {"bug_id": 2163037, "title": "CVE-2022-3064 go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents", "security": true, "parent": true, "feedback": [{"karma": 0, "comment_id": 3174171, "bug_id": 2163037, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2023-08-27 19:04:37", "update_id": 541877, "user_id": 3703, "id": 3174171, "testcase_feedback": [], "user": {"name": "markec", "email": "marko.bevc@gmail.com", "id": 3703, "avatar": "https://seccdn.libravatar.org/avatar/2a3640b3b2df97a062aff29758dd6a2ce98adba2cdd4da3fceb85df19b25200c?s=24&d=retro", "openid": "markec.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 3175939, "bug_id": 2163037, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2023-08-29 12:02:15", "update_id": 541877, "user_id": 6505, "id": 3175939, "testcase_feedback": [], "user": {"name": "okram", "email": "ttt@bevc.net", "id": 6505, "avatar": "https://seccdn.libravatar.org/avatar/19fd9f57f0f2dc762e4a2d20b4a0acc5b372f402d46251c0191b54724cfeb0f1?s=24&d=retro", "openid": "okram.id.fedoraproject.org", "groups": [{"name": "ipausers"}]}}}, {"karma": 0, "comment_id": 3175847, "bug_id": 2163037, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2023-08-29 10:13:16", "update_id": 541877, "user_id": 7484, "id": 3175847, "testcase_feedback": [], "user": {"name": "marok", "email": "mrk@bevc.net", "id": 7484, "avatar": "https://seccdn.libravatar.org/avatar/6516db13e3a8e3b82b18f08b7bff0afe41adbf42a405ab6975ed4579f71b8ddb?s=24&d=retro", "openid": "marok.id.fedoraproject.org", "groups": [{"name": "ipausers"}]}}}]}, {"bug_id": 2163094, "title": "CVE-2022-41717 gmailctl: golang: net/http: An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests [fedora-all]", "security": true, "parent": false, "feedback": [{"karma": 0, "comment_id": 2947331, "bug_id": 2163094, "comment": {"karma": 0, "karma_critpath": 0, "text": "CVE Bugs were not opened specifically against this version, but rebuilding just in case", "timestamp": "2023-03-15 22:22:07", "update_id": 494855, "user_id": 6320, "id": 2947331, "testcase_feedback": [], "user": {"name": "fuller", "email": "mark.e.fuller@gmx.de", "id": 6320, "avatar": "https://seccdn.libravatar.org/avatar/ce49a72df0e4e271bfdbbbb70d2692eb8f1b60e5565b1d2a80b2f62d7ca96d0f?s=24&d=retro", "openid": "fuller.id.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "l10n"}, {"name": "cvsl10n"}, {"name": "go-sig"}, {"name": "scitech"}, {"name": "common-issues-triage"}]}}}, {"karma": 0, "comment_id": 2947335, "bug_id": 2163094, "comment": {"karma": 0, "karma_critpath": 0, "text": "CVE Bugs were not opened specifically against this version, but rebuilding just in case", "timestamp": "2023-03-15 22:28:53", "update_id": 494862, "user_id": 6320, "id": 2947335, "testcase_feedback": [], "user": {"name": "fuller", "email": "mark.e.fuller@gmx.de", "id": 6320, "avatar": "https://seccdn.libravatar.org/avatar/ce49a72df0e4e271bfdbbbb70d2692eb8f1b60e5565b1d2a80b2f62d7ca96d0f?s=24&d=retro", "openid": "fuller.id.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "l10n"}, {"name": "cvsl10n"}, {"name": "go-sig"}, {"name": "scitech"}, {"name": "common-issues-triage"}]}}}]}, {"bug_id": 2163544, "title": "CVE-2022-3064 gmailctl: go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents [fedora-all]", "security": true, "parent": false, "feedback": [{"karma": 0, "comment_id": 2947331, "bug_id": 2163544, "comment": {"karma": 0, "karma_critpath": 0, "text": "CVE Bugs were not opened specifically against this version, but rebuilding just in case", "timestamp": "2023-03-15 22:22:07", "update_id": 494855, "user_id": 6320, "id": 2947331, "testcase_feedback": [], "user": {"name": "fuller", "email": "mark.e.fuller@gmx.de", "id": 6320, "avatar": "https://seccdn.libravatar.org/avatar/ce49a72df0e4e271bfdbbbb70d2692eb8f1b60e5565b1d2a80b2f62d7ca96d0f?s=24&d=retro", "openid": "fuller.id.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "l10n"}, {"name": "cvsl10n"}, {"name": "go-sig"}, {"name": "scitech"}, {"name": "common-issues-triage"}]}}}, {"karma": 0, "comment_id": 2947335, "bug_id": 2163544, "comment": {"karma": 0, "karma_critpath": 0, "text": "CVE Bugs were not opened specifically against this version, but rebuilding just in case", "timestamp": "2023-03-15 22:28:53", "update_id": 494862, "user_id": 6320, "id": 2947335, "testcase_feedback": [], "user": {"name": "fuller", "email": "mark.e.fuller@gmx.de", "id": 6320, "avatar": "https://seccdn.libravatar.org/avatar/ce49a72df0e4e271bfdbbbb70d2692eb8f1b60e5565b1d2a80b2f62d7ca96d0f?s=24&d=retro", "openid": "fuller.id.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "l10n"}, {"name": "cvsl10n"}, {"name": "go-sig"}, {"name": "scitech"}, {"name": "common-issues-triage"}]}}}]}, {"bug_id": 2178358, "title": "CVE-2022-41723 net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding", "security": true, "parent": true, "feedback": [{"karma": 0, "comment_id": 2947335, "bug_id": 2178358, "comment": {"karma": 0, "karma_critpath": 0, "text": "CVE Bugs were not opened specifically against this version, but rebuilding just in case", "timestamp": "2023-03-15 22:28:53", "update_id": 494862, "user_id": 6320, "id": 2947335, "testcase_feedback": [], "user": {"name": "fuller", "email": "mark.e.fuller@gmx.de", "id": 6320, "avatar": "https://seccdn.libravatar.org/avatar/ce49a72df0e4e271bfdbbbb70d2692eb8f1b60e5565b1d2a80b2f62d7ca96d0f?s=24&d=retro", "openid": "fuller.id.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "l10n"}, {"name": "cvsl10n"}, {"name": "go-sig"}, {"name": "scitech"}, {"name": "common-issues-triage"}]}}}, {"karma": 0, "comment_id": 3181435, "bug_id": 2178358, "comment": {"karma": 0, "karma_critpath": 0, "text": "can you check if contained 1.7.0 from https://copr.fedorainfracloud.org/coprs/sergiomb/docker2/builds/ works for you ? \n\nwe have a lot of stuff to update ... ", "timestamp": "2023-09-01 00:57:32", "update_id": 541878, "user_id": 271, "id": 3181435, "testcase_feedback": [], "user": {"name": "sergiomb", "email": "sergio@serjux.com", "id": 271, "avatar": "https://seccdn.libravatar.org/avatar/cb1e1c02b91fca7534374ad3e77409014e4c30c6de47356f36099793f08cc1de?s=24&d=retro", "openid": "sergiomb.id.fedoraproject.org", "groups": [{"name": "nodejs-sig"}, {"name": "packager"}, {"name": "provenpackager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "clamav"}, {"name": "multimedia-sig"}]}}}, {"karma": 0, "comment_id": 3182065, "bug_id": 2178358, "comment": {"karma": 0, "karma_critpath": 0, "text": "yes it does.", "timestamp": "2023-09-01 08:59:37", "update_id": 541878, "user_id": 1152, "id": 3182065, "testcase_feedback": [], "user": {"name": "bellet", "email": "fabrice@bellet.info", "id": 1152, "avatar": "https://seccdn.libravatar.org/avatar/fd52ab010391a75b96c3540f78c2997013e97d12fb78be9919c43509f89a566a?s=24&d=retro", "openid": "bellet.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}}, {"karma": 0, "comment_id": 3179401, "bug_id": 2178358, "comment": {"karma": -1, "karma_critpath": 0, "text": "With this update (from 1.6.19-1-fc38.x86_64), I have this error:\n\ndocker: Error response from daemon: failed to create task for container: failed to create shim task: ttrpc: cannot marshal unknown type: *task.CreateTaskRequest: unknown.\nERRO[0002] error waiting for container:                 \n", "timestamp": "2023-08-30 16:26:03", "update_id": 541878, "user_id": 1152, "id": 3179401, "testcase_feedback": [], "user": {"name": "bellet", "email": "fabrice@bellet.info", "id": 1152, "avatar": "https://seccdn.libravatar.org/avatar/fd52ab010391a75b96c3540f78c2997013e97d12fb78be9919c43509f89a566a?s=24&d=retro", "openid": "bellet.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}}, {"karma": 1, "comment_id": 3347681, "bug_id": 2178358, "comment": {"karma": 1, "karma_critpath": 0, "text": "Works fine for rebuilding golang-github-facebook-time (with golang-x-net BR set to enforce at least 0.17.0)", "timestamp": "2024-01-11 23:45:30", "update_id": 576873, "user_id": 261, "id": 3347681, "testcase_feedback": [], "user": {"name": "salimma", "email": "michel@michel-slm.name", "id": 261, "avatar": "https://seccdn.libravatar.org/avatar/0e63a9a6e7b10429ba364af5113077f355caee2847c83c50ff07a5eb86464865?s=24&d=retro", "openid": "salimma.id.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "provenpackager"}, {"name": "packager"}, {"name": "python-sig"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "sig-extras"}, {"name": "rust-sig"}, {"name": "ambassadors"}, {"name": "meta-sig"}, {"name": "ipausers"}, {"name": "centosproject-email-aliases"}, {"name": "lua-packagers-sig"}, {"name": "fedorabugs"}, {"name": "epel-packagers-sig"}, {"name": "sig-hyperscale"}, {"name": "gitlab-centos-sig-hyperscale"}, {"name": "sig-altimages"}, {"name": "python-packagers-sig"}, {"name": "asahi-sig"}, {"name": "ocp-cico-hyperscale"}, {"name": "gitlab-centos-sig-altimages"}, {"name": "infra-sig"}, {"name": "ai-ml-sig"}, {"name": "pytorch-sig"}, {"name": "go-sig"}, {"name": "sig-docs"}, {"name": "gitlab-fedora-aiml-developer"}, {"name": "fesco"}, {"name": "sig-promo"}, {"name": "multimedia-sig"}, {"name": "kde-sig"}, {"name": "gnome-sig"}, {"name": "btrfs-sig"}, {"name": "mkdocs-sig"}]}}}]}, {"bug_id": 2178434, "title": "CVE-2022-41723 gmailctl: golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding [fedora-all]", "security": true, "parent": false, "feedback": [{"karma": 0, "comment_id": 2947331, "bug_id": 2178434, "comment": {"karma": 0, "karma_critpath": 0, "text": "CVE Bugs were not opened specifically against this version, but rebuilding just in case", "timestamp": "2023-03-15 22:22:07", "update_id": 494855, "user_id": 6320, "id": 2947331, "testcase_feedback": [], "user": {"name": "fuller", "email": "mark.e.fuller@gmx.de", "id": 6320, "avatar": "https://seccdn.libravatar.org/avatar/ce49a72df0e4e271bfdbbbb70d2692eb8f1b60e5565b1d2a80b2f62d7ca96d0f?s=24&d=retro", "openid": "fuller.id.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "l10n"}, {"name": "cvsl10n"}, {"name": "go-sig"}, {"name": "scitech"}, {"name": "common-issues-triage"}]}}}, {"karma": 0, "comment_id": 2947335, "bug_id": 2178434, "comment": {"karma": 0, "karma_critpath": 0, "text": "CVE Bugs were not opened specifically against this version, but rebuilding just in case", "timestamp": "2023-03-15 22:28:53", "update_id": 494862, "user_id": 6320, "id": 2947335, "testcase_feedback": [], "user": {"name": "fuller", "email": "mark.e.fuller@gmx.de", "id": 6320, "avatar": "https://seccdn.libravatar.org/avatar/ce49a72df0e4e271bfdbbbb70d2692eb8f1b60e5565b1d2a80b2f62d7ca96d0f?s=24&d=retro", "openid": "fuller.id.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "l10n"}, {"name": "cvsl10n"}, {"name": "go-sig"}, {"name": "scitech"}, {"name": "common-issues-triage"}]}}}]}], "updateid": "FEDORA-2023-ca444fdecf", "karma": 0, "content_type": "rpm", "test_cases": []}, "can_edit": false, "ci_allowed": false}