{"update": {"autokarma": true, "autotime": true, "stable_karma": 3, "stable_days": 14, "unstable_karma": -3, "require_bugs": true, "require_testcases": true, "display_name": "", "notes": "This update to the `apr` package fixes a security issue in the handling of shared memory permissions. \n\n     SECURITY: CVE-2023-49582: Apache Portable Runtime (APR):\n     Unexpected lax shared memory permissions (cve.mitre.org)\n     Lax permissions set by the Apache Portable Runtime library on\n     Unix platforms would allow local users read access to named\n     shared memory segments, potentially revealing sensitive\n     application data.\n\n", "type": "security", "status": "stable", "request": null, "severity": "medium", "suggest": "unspecified", "locked": false, "pushed": true, "critpath": true, "critpath_groups": "critical-path-server", "close_bugs": true, "date_submitted": "2024-08-29 14:45:30", "date_modified": "2024-08-29 14:46:49", "date_approved": "2024-09-03 13:48:05", "date_testing": "2024-08-30 02:05:58", "date_stable": "2024-09-04 02:22:40", "alias": "FEDORA-2024-b40491b84b", "test_gating_status": "passed", "from_tag": null, "date_pushed": "2024-09-04 02:22:40", "meets_testing_requirements": true, "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-b40491b84b", "title": "apr-1.7.5-1.fc40", "version_hash": "bcf7f0a76f389b17a4003fce35f25d4a6caae9cf", "release": {"name": "F40", "long_name": "Fedora 40", "version": "40", "id_prefix": "FEDORA", "branch": "f40", "dist_tag": "f40", "stable_tag": "f40-updates", "testing_tag": "f40-updates-testing", "candidate_tag": "f40-updates-candidate", "pending_signing_tag": "f40-signing-pending", "pending_testing_tag": "f40-updates-testing-pending", "pending_stable_tag": "f40-updates-pending", "override_tag": "f40-override", "mail_template": "fedora_errata_template", "state": "current", "composed_by_bodhi": true, "create_automatic_updates": false, "package_manager": "dnf", "testing_repository": "updates-testing", "released_on": null, "eol": "2025-05-13", "critpath_mandatory_days_in_testing": 14, "mandatory_days_in_testing": 7, "critpath_min_karma": 2, "min_karma": 1, "setting_status": null}, "user": {"name": "jorton", "email": "jorton@redhat.com", "id": 297, "avatar": "https://seccdn.libravatar.org/avatar/ea9df2cd7e5b6f271b273abc219b206f46a7fe01ad4a174aa4702d76fc2f2f1f?s=24&d=retro", "openid": "jorton.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "provenpackager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "centosproject-email-aliases"}, {"name": "cla_redhat"}, {"name": "gitmod_auth_xkerb"}, {"name": "sig-sclo"}]}, "comments": [{"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for testing by jorton. ", "timestamp": "2024-08-29 14:45:31", "update_id": 644173, "user_id": 91, "id": 3696864, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'waiting'.", "timestamp": "2024-08-29 14:45:31", "update_id": 644173, "user_id": 91, "id": 3696866, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "jorton edited this update.", "timestamp": "2024-08-29 14:46:49", "update_id": 644173, "user_id": 91, "id": 3696869, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'passed'.", "timestamp": "2024-08-29 17:45:20", "update_id": 644173, "user_id": 91, "id": 3696960, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to testing.", "timestamp": "2024-08-30 02:06:15", "update_id": 644173, "user_id": 91, "id": 3697731, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 1, "karma_critpath": 0, "text": "Works.", "timestamp": "2024-08-30 04:29:21", "update_id": 644173, "user_id": 198, "id": 3697963, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bojan", "email": "bojan@rexursive.com", "id": 198, "avatar": "https://seccdn.libravatar.org/avatar/adb4c3f28bd6969871988f992b1bf71e404f03e3570fbfa0fc9bd7d0bf0003f8?s=24&d=retro", "openid": "bojan.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}, {"karma": 1, "karma_critpath": 0, "text": "Works", "timestamp": "2024-09-01 21:38:52", "update_id": 644173, "user_id": 8341, "id": 3700510, "bug_feedback": [{"karma": 0, "comment_id": 3700510, "bug_id": 2308487, "bug": {"bug_id": 2308487, "title": "CVE-2023-49582 apr: Lax permissions in Apache Portable Runtime shared memory [fedora-40]", "security": true, "parent": false}}], "testcase_feedback": [{"karma": 0, "comment_id": 3700510, "testcase_id": 580, "testcase": {"name": "QA:Testcase apr", "id": 580}}], "user": {"name": "derekenz", "email": "derekenz@gmail.com", "id": 8341, "avatar": "https://seccdn.libravatar.org/avatar/2181042739e66860b61edeb85351c63ba595fd70a9fe274a54f69df91f135dba?s=24&d=retro", "openid": "derekenz.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}, {"name": "trust admins"}]}}, {"karma": 0, "karma_critpath": 0, "text": "", "timestamp": "2024-09-01 21:39:47", "update_id": 644173, "user_id": 8341, "id": 3700511, "bug_feedback": [{"karma": 0, "comment_id": 3700511, "bug_id": 2308487, "bug": {"bug_id": 2308487, "title": "CVE-2023-49582 apr: Lax permissions in Apache Portable Runtime shared memory [fedora-40]", "security": true, "parent": false}}], "testcase_feedback": [{"karma": 1, "comment_id": 3700511, "testcase_id": 580, "testcase": {"name": "QA:Testcase apr", "id": 580}}], "user": {"name": "derekenz", "email": "derekenz@gmail.com", "id": 8341, "avatar": "https://seccdn.libravatar.org/avatar/2181042739e66860b61edeb85351c63ba595fd70a9fe274a54f69df91f135dba?s=24&d=retro", "openid": "derekenz.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}, {"name": "trust admins"}]}}, {"karma": 0, "karma_critpath": 0, "text": "This update can be pushed to stable now if the maintainer wishes", "timestamp": "2024-09-01 21:40:26", "update_id": 644173, "user_id": 91, "id": 3700512, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2024-09-03 13:48:05", "update_id": 644173, "user_id": 5881, "id": 3703250, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "geraldosimiao", "email": "geraldo.simiao.kutz@gmail.com", "id": 5881, "avatar": "https://seccdn.libravatar.org/avatar/03fa5b58e8ac78544bf41ad8ecf9ee1920f2ebedb86542c2f4cdf7ef15813168?s=24&d=retro", "openid": "geraldosimiao.id.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "fedora-br"}, {"name": "advocates"}, {"name": "respins-sig"}, {"name": "trust admins"}]}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for stable by bodhi. ", "timestamp": "2024-09-03 13:48:05", "update_id": 644173, "user_id": 91, "id": 3703251, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to stable.", "timestamp": "2024-09-04 02:23:33", "update_id": 644173, "user_id": 91, "id": 3704350, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}], "builds": [{"nvr": "apr-1.7.5-1.fc40", "signed": true, "release_id": 76, "type": "rpm", "epoch": 0}], "bugs": [{"bug_id": 2308487, "title": "CVE-2023-49582 apr: Lax permissions in Apache Portable Runtime shared memory [fedora-40]", "security": true, "parent": false, "feedback": [{"karma": 0, "comment_id": 3700510, "bug_id": 2308487, "comment": {"karma": 1, "karma_critpath": 0, "text": "Works", "timestamp": "2024-09-01 21:38:52", "update_id": 644173, "user_id": 8341, "id": 3700510, "testcase_feedback": [{"karma": 0, "comment_id": 3700510, "testcase_id": 580, "testcase": {"name": "QA:Testcase apr", "id": 580}}], "user": {"name": "derekenz", "email": "derekenz@gmail.com", "id": 8341, "avatar": "https://seccdn.libravatar.org/avatar/2181042739e66860b61edeb85351c63ba595fd70a9fe274a54f69df91f135dba?s=24&d=retro", "openid": "derekenz.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}, {"name": "trust admins"}]}}}, {"karma": 0, "comment_id": 3700511, "bug_id": 2308487, "comment": {"karma": 0, "karma_critpath": 0, "text": "", "timestamp": "2024-09-01 21:39:47", "update_id": 644173, "user_id": 8341, "id": 3700511, "testcase_feedback": [{"karma": 1, "comment_id": 3700511, "testcase_id": 580, "testcase": {"name": "QA:Testcase apr", "id": 580}}], "user": {"name": "derekenz", "email": "derekenz@gmail.com", "id": 8341, "avatar": "https://seccdn.libravatar.org/avatar/2181042739e66860b61edeb85351c63ba595fd70a9fe274a54f69df91f135dba?s=24&d=retro", "openid": "derekenz.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}, {"name": "trust admins"}]}}}]}], "updateid": "FEDORA-2024-b40491b84b", "karma": 3, "content_type": "rpm", "test_cases": [{"name": "QA:Testcase apr", "id": 580}]}, "can_edit": false, "ci_allowed": false}