{"update": {"autokarma": true, "autotime": false, "stable_karma": 3, "stable_days": 0, "unstable_karma": -3, "require_bugs": true, "require_testcases": true, "display_name": "", "notes": "Add patches to fix RHBZ #887451 / CVE-2012-5640 and #924857 / CVE-2013-0348", "type": "security", "status": "obsolete", "request": null, "severity": "unspecified", "suggest": "unspecified", "locked": false, "pushed": true, "critpath": false, "critpath_groups": null, "close_bugs": true, "date_submitted": "2015-11-29 00:16:31", "date_modified": null, "date_approved": null, "date_testing": "2015-11-29 21:22:20", "date_stable": null, "alias": "FEDORA-EPEL-2015-582c8075e6", "test_gating_status": null, "from_tag": null, "date_pushed": "2015-11-29 21:22:20", "meets_testing_requirements": false, "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-582c8075e6", "title": "thttpd-2.25b-24.el5", "version_hash": "0a094539af2abb5c6bc2d56197a3c39a9ca81d97", "release": {"name": "EL-5", "long_name": "Fedora EPEL 5", "version": "5", "id_prefix": "FEDORA-EPEL", "branch": "el5", "dist_tag": "dist-5E-epel", "stable_tag": "dist-5E-epel", "testing_tag": "dist-5E-epel-testing", "candidate_tag": "dist-5E-epel-testing-candidate", "pending_signing_tag": "", "pending_testing_tag": "", "pending_stable_tag": "", "override_tag": "dist-5E-epel-override", "mail_template": "fedora_epel_legacy_errata_template", "state": "archived", "composed_by_bodhi": true, "create_automatic_updates": null, "package_manager": "unspecified", "testing_repository": null, "released_on": null, "eol": null, "critpath_mandatory_days_in_testing": 14, "mandatory_days_in_testing": 7, "critpath_min_karma": 2, "min_karma": 1, "setting_status": null}, "user": {"name": "athmane", "email": "athmanem@gmail.com", "id": 426, "avatar": "https://seccdn.libravatar.org/avatar/444bab6c30af5db49fa558172cc5f31214cbb65eeaa1b275ebca189134b5563d?s=24&d=retro", "openid": "athmane.id.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "sysadmin"}]}, "comments": [{"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for testing by athmane. ", "timestamp": "2015-11-29 00:16:31", "update_id": 45687, "user_id": 91, "id": 358886, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to testing.", "timestamp": "2015-11-29 21:47:24", "update_id": 45687, "user_id": 91, "id": 359160, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes", "timestamp": "2015-12-14 00:00:13", "update_id": 45687, "user_id": 91, "id": 365482, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}], "builds": [{"nvr": "thttpd-2.25b-24.el5", "signed": true, "release_id": 9, "type": "rpm", "epoch": null}], "bugs": [{"bug_id": 887451, "title": "CVE-2012-5640 thttpd: Denial of Service when using glibc, crypt() can return NULL [epel-all]", "security": true, "parent": false, "feedback": [{"karma": 0, "comment_id": 362888, "bug_id": 887451, "comment": {"karma": 1, "karma_critpath": 0, "text": "`$ checksec --file /usr/sbin/thttpd`\n\n`RELRO           STACK CANARY      NX            PIE             RPATH      RUNPATH      FILE`\n\n`Full RELRO      Canary found      NX enabled    PIE enabled     No RPATH   No RUNPATH   /usr/sbin/thttpd`\n", "timestamp": "2015-12-08 05:46:15", "update_id": 45681, "user_id": 2391, "id": 362888, "testcase_feedback": [], "user": {"name": "ckujau", "email": "fedora@nerdbynature.de", "id": 2391, "avatar": "https://seccdn.libravatar.org/avatar/c8f6fb82f0330a52af748715968a03dc15b8f73255955543e97e331e2627257c?s=24&d=retro", "openid": "ckujau.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 378813, "bug_id": 887451, "comment": {"karma": 1, "karma_critpath": 0, "text": "thanks!", "timestamp": "2016-01-19 04:39:23", "update_id": 45682, "user_id": 2391, "id": 378813, "testcase_feedback": [], "user": {"name": "ckujau", "email": "fedora@nerdbynature.de", "id": 2391, "avatar": "https://seccdn.libravatar.org/avatar/c8f6fb82f0330a52af748715968a03dc15b8f73255955543e97e331e2627257c?s=24&d=retro", "openid": "ckujau.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 517540, "bug_id": 887451, "comment": {"karma": 0, "karma_critpath": 0, "text": "This has been in testing for 328 days. Is the maintainer still active? It seems to me that this should either be pushed to stable or cancelled.", "timestamp": "2016-11-06 02:53:20", "update_id": 45685, "user_id": 698, "id": 517540, "testcase_feedback": [], "user": {"name": "ttorling", "email": "ticotimo@gmail.com", "id": 698, "avatar": "https://seccdn.libravatar.org/avatar/600ee4795aad91ffeabcf4fd54ef7b2797780f67b3c05ebe69180ea324a4b558?s=24&d=retro", "openid": "ttorling.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "modularity-wg"}, {"name": "realtime"}]}}}, {"karma": 0, "comment_id": 517695, "bug_id": 887451, "comment": {"karma": 0, "karma_critpath": 0, "text": "It orphaned [1], I tried to fix the security bugs but upstream does not accept patches anymore.\n\nThere's a couple alternative lightweight httpd with static content support only (darkhttpd)\n\n[1] https://admin.fedoraproject.org/pkgdb/package/rpms/thttpd/", "timestamp": "2016-11-06 18:25:41", "update_id": 45685, "user_id": 426, "id": 517695, "testcase_feedback": [], "user": {"name": "athmane", "email": "athmanem@gmail.com", "id": 426, "avatar": "https://seccdn.libravatar.org/avatar/444bab6c30af5db49fa558172cc5f31214cbb65eeaa1b275ebca189134b5563d?s=24&d=retro", "openid": "athmane.id.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "sysadmin"}]}}}]}, {"bug_id": 924857, "title": "CVE-2013-0348 thttpd: World-readable log file", "security": true, "parent": true, "feedback": [{"karma": 1, "comment_id": 362889, "bug_id": 924857, "comment": {"karma": 1, "karma_critpath": 0, "text": "`$ rpm -q thttpd`\n\n`thttpd-2.25b-36.fc23.i686`\n\n`$ ls -l /var/log/thttpd.log`\n\n`-rw-------. 1 thttpd www 858 Dec  7 21:29 /var/log/thttpd.log`\n", "timestamp": "2015-12-08 05:48:57", "update_id": 45682, "user_id": 2391, "id": 362889, "testcase_feedback": [], "user": {"name": "ckujau", "email": "fedora@nerdbynature.de", "id": 2391, "avatar": "https://seccdn.libravatar.org/avatar/c8f6fb82f0330a52af748715968a03dc15b8f73255955543e97e331e2627257c?s=24&d=retro", "openid": "ckujau.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 1, "comment_id": 378813, "bug_id": 924857, "comment": {"karma": 1, "karma_critpath": 0, "text": "thanks!", "timestamp": "2016-01-19 04:39:23", "update_id": 45682, "user_id": 2391, "id": 378813, "testcase_feedback": [], "user": {"name": "ckujau", "email": "fedora@nerdbynature.de", "id": 2391, "avatar": "https://seccdn.libravatar.org/avatar/c8f6fb82f0330a52af748715968a03dc15b8f73255955543e97e331e2627257c?s=24&d=retro", "openid": "ckujau.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 517540, "bug_id": 924857, "comment": {"karma": 0, "karma_critpath": 0, "text": "This has been in testing for 328 days. Is the maintainer still active? It seems to me that this should either be pushed to stable or cancelled.", "timestamp": "2016-11-06 02:53:20", "update_id": 45685, "user_id": 698, "id": 517540, "testcase_feedback": [], "user": {"name": "ttorling", "email": "ticotimo@gmail.com", "id": 698, "avatar": "https://seccdn.libravatar.org/avatar/600ee4795aad91ffeabcf4fd54ef7b2797780f67b3c05ebe69180ea324a4b558?s=24&d=retro", "openid": "ttorling.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "modularity-wg"}, {"name": "realtime"}]}}}, {"karma": 0, "comment_id": 517695, "bug_id": 924857, "comment": {"karma": 0, "karma_critpath": 0, "text": "It orphaned [1], I tried to fix the security bugs but upstream does not accept patches anymore.\n\nThere's a couple alternative lightweight httpd with static content support only (darkhttpd)\n\n[1] https://admin.fedoraproject.org/pkgdb/package/rpms/thttpd/", "timestamp": "2016-11-06 18:25:41", "update_id": 45685, "user_id": 426, "id": 517695, "testcase_feedback": [], "user": {"name": "athmane", "email": "athmanem@gmail.com", "id": 426, "avatar": "https://seccdn.libravatar.org/avatar/444bab6c30af5db49fa558172cc5f31214cbb65eeaa1b275ebca189134b5563d?s=24&d=retro", "openid": "athmane.id.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "sysadmin"}]}}}]}], "updateid": "FEDORA-EPEL-2015-582c8075e6", "karma": 0, "content_type": "rpm", "test_cases": []}, "can_edit": false, "ci_allowed": false}