{"update": {"autokarma": true, "autotime": false, "stable_karma": 3, "stable_days": 0, "unstable_karma": -1, "require_bugs": false, "require_testcases": false, "display_name": "", "notes": "An out-of-bounds read in png_convert_to_rfc1123() in png.c could potentially be exploited by a crafted PNG file to leak information from an application's memory (CVE-2015-7981).\n\nBuffer overflow vulnerabilities in functions png_get_PLTE/png_set_PLTE,\nallowing remote attackers to cause DoS to application or have unspecified other impact (CVE-2015-8126).\n\nAlso includes various other small bug fixes as detailed in the package changelog.\n", "type": "security", "status": "stable", "request": null, "severity": "low", "suggest": "unspecified", "locked": false, "pushed": true, "critpath": false, "critpath_groups": null, "close_bugs": true, "date_submitted": "2015-11-12 20:15:30", "date_modified": "2015-11-13 12:07:54", "date_approved": null, "date_testing": "2015-11-13 20:28:16", "date_stable": "2015-11-30 18:46:03", "alias": "FEDORA-EPEL-2015-260d131310", "test_gating_status": null, "from_tag": null, "date_pushed": "2015-11-30 18:46:03", "meets_testing_requirements": false, "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-260d131310", "title": "libpng10-1.0.64-1.el6", "version_hash": "6880b5ac1e84bd0b465ccc6d8ef9cfaa11142bef", "release": {"name": "EL-6", "long_name": "Fedora EPEL 6", "version": "6", "id_prefix": "FEDORA-EPEL", "branch": "el6", "dist_tag": "dist-6E-epel", "stable_tag": "dist-6E-epel", "testing_tag": "dist-6E-epel-testing", "candidate_tag": "dist-6E-epel-testing-candidate", "pending_signing_tag": "", "pending_testing_tag": "", "pending_stable_tag": "", "override_tag": "dist-6E-epel-override", "mail_template": "fedora_epel_legacy_errata_template", "state": "archived", "composed_by_bodhi": true, "create_automatic_updates": false, "package_manager": "unspecified", "testing_repository": null, "released_on": null, "eol": null, "critpath_mandatory_days_in_testing": 14, "mandatory_days_in_testing": 7, "critpath_min_karma": 2, "min_karma": 1, "setting_status": null}, "user": {"name": "pghmcfc", "email": "paul@city-fan.org", "id": 165, "avatar": "https://seccdn.libravatar.org/avatar/e6d92d9d894db58d2c7e8c1a627b669f062f35ef31fdaa8d8c7b57068b2416e1?s=24&d=retro", "openid": "pghmcfc.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "provenpackager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "perl-maint-sig"}]}, "comments": [{"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for testing by pghmcfc. ", "timestamp": "2015-11-12 20:15:30", "update_id": 44443, "user_id": 91, "id": 351359, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "pghmcfc edited this update.", "timestamp": "2015-11-13 12:07:54", "update_id": 44443, "user_id": 91, "id": 351754, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to testing.", "timestamp": "2015-11-13 20:49:12", "update_id": 44443, "user_id": 91, "id": 351938, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes", "timestamp": "2015-11-28 00:00:12", "update_id": 44443, "user_id": 91, "id": 358604, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for stable by pghmcfc. ", "timestamp": "2015-11-30 13:41:33", "update_id": 44443, "user_id": 91, "id": 359516, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to stable.", "timestamp": "2015-11-30 21:58:29", "update_id": 44443, "user_id": 91, "id": 359701, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}], "builds": [{"nvr": "libpng10-1.0.64-1.el6", "signed": true, "release_id": 10, "type": "rpm", "epoch": 0}], "bugs": [{"bug_id": 1276416, "title": "CVE-2015-7981 libpng: Out-of-bounds read in png_convert_to_rfc1123", "security": true, "parent": true, "feedback": [{"karma": 0, "comment_id": 369546, "bug_id": 1276416, "comment": {"karma": 1, "karma_critpath": 0, "text": "no regressions as far as I can see", "timestamp": "2015-12-23 14:17:56", "update_id": 47367, "user_id": 440, "id": 369546, "testcase_feedback": [], "user": {"name": "fale", "email": "me@fale.io", "id": 440, "avatar": "https://seccdn.libravatar.org/avatar/e3eac0d38d6162513a21a31c7d1651cb4f7372f14a99e0005d4dac348c9eff39?s=24&d=retro", "openid": "fale.id.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "go-sig"}, {"name": "marketing"}, {"name": "fol-staff"}, {"name": "sway-sig"}]}}}, {"karma": 0, "comment_id": 371552, "bug_id": 1276416, "comment": {"karma": 1, "karma_critpath": 0, "text": "Works fine", "timestamp": "2015-12-30 13:27:46", "update_id": 47367, "user_id": 763, "id": 371552, "testcase_feedback": [], "user": {"name": "lupinix", "email": "lupinix.fedora@gmail.com", "id": 763, "avatar": "https://seccdn.libravatar.org/avatar/cc585f3cc94963db2fbb249c2b874edfa90d3236a6a00015ef926ae0e6867e2b?s=24&d=retro", "openid": "lupinix.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "provenpackager"}, {"name": "python-sig"}, {"name": "kde-sig"}, {"name": "astro-sig"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "gitspin-kickstarts"}, {"name": "scitech"}, {"name": "python-packagers-sig"}]}}}, {"karma": 0, "comment_id": 371553, "bug_id": 1276416, "comment": {"karma": 1, "karma_critpath": 0, "text": "Works fine here", "timestamp": "2015-12-30 13:27:54", "update_id": 47368, "user_id": 763, "id": 371553, "testcase_feedback": [], "user": {"name": "lupinix", "email": "lupinix.fedora@gmail.com", "id": 763, "avatar": "https://seccdn.libravatar.org/avatar/cc585f3cc94963db2fbb249c2b874edfa90d3236a6a00015ef926ae0e6867e2b?s=24&d=retro", "openid": "lupinix.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "provenpackager"}, {"name": "python-sig"}, {"name": "kde-sig"}, {"name": "astro-sig"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "gitspin-kickstarts"}, {"name": "scitech"}, {"name": "python-packagers-sig"}]}}}]}, {"bug_id": 1276419, "title": "CVE-2015-7981 libpng10: libpng: Out-of-bounds read in png_convert_to_rfc1123 [epel-6]", "security": true, "parent": false, "feedback": []}, {"bug_id": 1281756, "title": "CVE-2015-8126 CVE-2015-8472 libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions", "security": true, "parent": true, "feedback": [{"karma": 0, "comment_id": 354211, "bug_id": 1281756, "comment": {"karma": 1, "karma_critpath": 1, "text": "lgtm.", "timestamp": "2015-11-18 20:35:40", "update_id": 44879, "user_id": 110, "id": 354211, "testcase_feedback": [{"karma": 1, "comment_id": 354211, "testcase_id": 237, "testcase": {"name": "QA:Testcase libpng image view", "id": 237}}], "user": {"name": "raphgro", "email": "projects.rg@smart.ms", "id": 110, "avatar": "https://seccdn.libravatar.org/avatar/a6267b5dbb0825ecb738e81fd919b10173deb35a504ac7fd3dedd3aee4017e63?s=24&d=retro", "openid": "raphgro.id.fedoraproject.org", "groups": [{"name": "lxqt-sig"}, {"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "trust admins"}]}}}, {"karma": 0, "comment_id": 354214, "bug_id": 1281756, "comment": {"karma": 1, "karma_critpath": 1, "text": "lgtm.", "timestamp": "2015-11-18 20:44:51", "update_id": 44878, "user_id": 110, "id": 354214, "testcase_feedback": [{"karma": 1, "comment_id": 354214, "testcase_id": 237, "testcase": {"name": "QA:Testcase libpng image view", "id": 237}}], "user": {"name": "raphgro", "email": "projects.rg@smart.ms", "id": 110, "avatar": "https://seccdn.libravatar.org/avatar/a6267b5dbb0825ecb738e81fd919b10173deb35a504ac7fd3dedd3aee4017e63?s=24&d=retro", "openid": "raphgro.id.fedoraproject.org", "groups": [{"name": "lxqt-sig"}, {"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "trust admins"}]}}}, {"karma": 0, "comment_id": 354842, "bug_id": 1281756, "comment": {"karma": 1, "karma_critpath": 1, "text": "No issues noted in everyday use.", "timestamp": "2015-11-19 18:50:26", "update_id": 44878, "user_id": 194, "id": 354842, "testcase_feedback": [{"karma": 1, "comment_id": 354842, "testcase_id": 237, "testcase": {"name": "QA:Testcase libpng image view", "id": 237}}], "user": {"name": "dhgutteridge", "email": "dhgutteridge@hotmail.com", "id": 194, "avatar": "https://seccdn.libravatar.org/avatar/95e7a46aa03707373935111628c2b387339f570b9175d20455a53fd00acafbcb?s=24&d=retro", "openid": "dhgutteridge.id.fedoraproject.org", "groups": [{"name": "ipausers"}]}}}, {"karma": 0, "comment_id": 354890, "bug_id": 1281756, "comment": {"karma": 0, "karma_critpath": 1, "text": "No regressions noted.\n\nkarma: +1", "timestamp": "2015-11-19 22:17:56", "update_id": 44879, "user_id": 207, "id": 354890, "testcase_feedback": [{"karma": 1, "comment_id": 354890, "testcase_id": 237, "testcase": {"name": "QA:Testcase libpng image view", "id": 237}}], "user": {"name": "anonymous", "email": null, "id": 207, "avatar": "https://seccdn.libravatar.org/avatar/37a8eec1ce19687d132fe29051dca629d164e2c4958ba141d5f4133a33f0688f?s=24&d=retro", "openid": "anonymous.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 355194, "bug_id": 1281756, "comment": {"karma": 1, "karma_critpath": 1, "text": "works", "timestamp": "2015-11-20 11:51:29", "update_id": 44878, "user_id": 288, "id": 355194, "testcase_feedback": [{"karma": 1, "comment_id": 355194, "testcase_id": 237, "testcase": {"name": "QA:Testcase libpng image view", "id": 237}}], "user": {"name": "piotrp", "email": "piotr1212@gmail.com", "id": 288, "avatar": "https://seccdn.libravatar.org/avatar/622b84e33114598701699b26a131c0a333315f698c2c5b2955c47798434355e9?s=24&d=retro", "openid": "piotrp.id.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "trust admins"}]}}}, {"karma": 0, "comment_id": 355645, "bug_id": 1281756, "comment": {"karma": 1, "karma_critpath": 0, "text": "+1", "timestamp": "2015-11-21 07:17:17", "update_id": 44878, "user_id": 2267, "id": 355645, "testcase_feedback": [{"karma": 0, "comment_id": 355645, "testcase_id": 237, "testcase": {"name": "QA:Testcase libpng image view", "id": 237}}], "user": {"name": "asleqia", "email": "asleqia@gmail.com", "id": 2267, "avatar": "https://seccdn.libravatar.org/avatar/7a1cd681bc9af94594f75cd4f6e505815a3378181b0c820632d1f5fa0a4cdb69?s=24&d=retro", "openid": "asleqia.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 369546, "bug_id": 1281756, "comment": {"karma": 1, "karma_critpath": 0, "text": "no regressions as far as I can see", "timestamp": "2015-12-23 14:17:56", "update_id": 47367, "user_id": 440, "id": 369546, "testcase_feedback": [], "user": {"name": "fale", "email": "me@fale.io", "id": 440, "avatar": "https://seccdn.libravatar.org/avatar/e3eac0d38d6162513a21a31c7d1651cb4f7372f14a99e0005d4dac348c9eff39?s=24&d=retro", "openid": "fale.id.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "go-sig"}, {"name": "marketing"}, {"name": "fol-staff"}, {"name": "sway-sig"}]}}}, {"karma": 0, "comment_id": 371552, "bug_id": 1281756, "comment": {"karma": 1, "karma_critpath": 0, "text": "Works fine", "timestamp": "2015-12-30 13:27:46", "update_id": 47367, "user_id": 763, "id": 371552, "testcase_feedback": [], "user": {"name": "lupinix", "email": "lupinix.fedora@gmail.com", "id": 763, "avatar": "https://seccdn.libravatar.org/avatar/cc585f3cc94963db2fbb249c2b874edfa90d3236a6a00015ef926ae0e6867e2b?s=24&d=retro", "openid": "lupinix.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "provenpackager"}, {"name": "python-sig"}, {"name": "kde-sig"}, {"name": "astro-sig"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "gitspin-kickstarts"}, {"name": "scitech"}, {"name": "python-packagers-sig"}]}}}, {"karma": 0, "comment_id": 371553, "bug_id": 1281756, "comment": {"karma": 1, "karma_critpath": 0, "text": "Works fine here", "timestamp": "2015-12-30 13:27:54", "update_id": 47368, "user_id": 763, "id": 371553, "testcase_feedback": [], "user": {"name": "lupinix", "email": "lupinix.fedora@gmail.com", "id": 763, "avatar": "https://seccdn.libravatar.org/avatar/cc585f3cc94963db2fbb249c2b874edfa90d3236a6a00015ef926ae0e6867e2b?s=24&d=retro", "openid": "lupinix.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "provenpackager"}, {"name": "python-sig"}, {"name": "kde-sig"}, {"name": "astro-sig"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "gitspin-kickstarts"}, {"name": "scitech"}, {"name": "python-packagers-sig"}]}}}, {"karma": 0, "comment_id": 374161, "bug_id": 1281756, "comment": {"karma": 0, "karma_critpath": 0, "text": "This just replaced libpng-1.6.19-1.fc23 which was already in stable (bodhi wasn't smart enough to catch it). See https://bugzilla.redhat.com/show_bug.cgi?id=1292914#c4 .", "timestamp": "2016-01-07 06:02:08", "update_id": 44863, "user_id": 303, "id": 374161, "testcase_feedback": [{"karma": 0, "comment_id": 374161, "testcase_id": 237, "testcase": {"name": "QA:Testcase libpng image view", "id": 237}}], "user": {"name": "robatino", "email": "arobatino@gmail.com", "id": 303, "avatar": "https://seccdn.libravatar.org/avatar/bb8d454eee868b05bbdfef07cbba898ae0ea9c238d3d8001483d8c6593322eb5?s=24&d=retro", "openid": "robatino.id.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "qa"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "qa-deltaisos"}]}}}, {"karma": 0, "comment_id": 459274, "bug_id": 1281756, "comment": {"karma": 1, "karma_critpath": 0, "text": "lgtm:)", "timestamp": "2016-07-14 16:34:36", "update_id": 44879, "user_id": 2975, "id": 459274, "testcase_feedback": [{"karma": 0, "comment_id": 459274, "testcase_id": 237, "testcase": {"name": "QA:Testcase libpng image view", "id": 237}}], "user": {"name": "karthikrajprkkr17", "email": "karthikrajprkkr17@gmail.com", "id": 2975, "avatar": "https://seccdn.libravatar.org/avatar/9111d27ab37b2df9d18b2cce1c76c436c6f9474a229558f3601ec4abe3718f5d?s=24&d=retro", "openid": "karthikrajprkkr17.id.fedoraproject.org", "groups": []}}}]}, {"bug_id": 1281759, "title": "CVE-2015-8126 libpng10: libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions [epel-6]", "security": true, "parent": false, "feedback": []}], "updateid": "FEDORA-EPEL-2015-260d131310", "karma": 0, "content_type": "rpm", "test_cases": []}, "can_edit": false, "ci_allowed": false}