{"update": {"autokarma": false, "autotime": false, "stable_karma": 2, "stable_days": 0, "unstable_karma": -2, "require_bugs": false, "require_testcases": false, "display_name": "", "notes": "This update introduces NoScript version 10 (WebExtension-compatible) required for Firefox 60 ESR and moves the legacy (classic) version 5.x to SeaMonkey-specific folder.\n\nv 5.1.8.7\n=============================================================\n* [Security] Fixed script blocking bypass zero-day (thanks\n  Zerodium for unresponsible disclosure,\n  https://twitter.com/Zerodium/status/1039127214602641409)\n* [Surrogate] Fixed typo in 2mdn replacement (thansk barbaz)\n* [XSS] Fixed InjectionChecker choking at some big JSON\n  payloads sents as POST form data\n* [XSS] In-depth protection against native ES6 modules abuse\n* Fixed classic beta channel users being accidentally\n  migrated to stable (thanks barbaz)\n", "type": "security", "status": "stable", "request": null, "severity": "unspecified", "suggest": "unspecified", "locked": false, "pushed": true, "critpath": false, "critpath_groups": null, "close_bugs": true, "date_submitted": "2018-09-17 10:12:11", "date_modified": "2018-09-18 11:09:33", "date_approved": null, "date_testing": "2018-09-20 11:21:26", "date_stable": "2018-10-05 17:19:16", "alias": "FEDORA-EPEL-2018-1141f91524", "test_gating_status": "ignored", "from_tag": null, "date_pushed": "2018-10-05 17:19:16", "meets_testing_requirements": true, "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-1141f91524", "title": "mozilla-noscript-10.1.9.6-1.el7", "version_hash": "f0d2fee2ea6cf0dbbce73f5d2a2552abe25891c9", "release": {"name": "EPEL-7", "long_name": "Fedora EPEL 7", "version": "7", "id_prefix": "FEDORA-EPEL", "branch": "epel7", "dist_tag": "epel7", "stable_tag": "epel7", "testing_tag": "epel7-testing", "candidate_tag": "epel7-testing-candidate", "pending_signing_tag": "epel7-signing-pending", "pending_testing_tag": "epel7-testing-pending", "pending_stable_tag": "epel7-pending", "override_tag": "epel7-override", "mail_template": "fedora_epel_legacy_errata_template", "state": "archived", "composed_by_bodhi": true, "create_automatic_updates": false, "package_manager": "unspecified", "testing_repository": null, "released_on": null, "eol": null, "critpath_mandatory_days_in_testing": 14, "mandatory_days_in_testing": 7, "critpath_min_karma": 2, "min_karma": 1, "setting_status": null}, "user": {"name": "rathann", "email": "dominik@greysector.net", "id": 237, "avatar": "https://seccdn.libravatar.org/avatar/852ad2034e4d2de4eec5ee7c54530a61535edb605c2e9269cd07682a32fbdbaa?s=24&d=retro", "openid": "rathann.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "provenpackager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "scitech_sig"}, {"name": "scitech"}, {"name": "websites-apps-cms"}, {"name": "multimedia-sig"}]}, "comments": [{"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for testing by rathann. ", "timestamp": "2018-09-17 10:12:11", "update_id": 122772, "user_id": 91, "id": 835404, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "Noscript 10 needed for updated Firefox in EL7.\n\nkarma: -1", "timestamp": "2018-09-17 10:25:16", "update_id": 122772, "user_id": 207, "id": 835415, "bug_feedback": [{"karma": 0, "comment_id": 835415, "bug_id": 1629212, "bug": {"bug_id": 1629212, "title": "CVE-2018-16983 mozilla-noscript: NoScript Bypass via the text/html;/json Content-Type value", "security": true, "parent": true}}, {"karma": 0, "comment_id": 835415, "bug_id": 1629217, "bug": {"bug_id": 1629217, "title": "CVE-2018-16983 mozilla-noscript: NoScript Bypass via the text/html;/json Content-Type value [epel-all]", "security": true, "parent": false}}], "testcase_feedback": [], "user": {"name": "anonymous", "email": null, "id": 207, "avatar": "https://seccdn.libravatar.org/avatar/37a8eec1ce19687d132fe29051dca629d164e2c4958ba141d5f4133a33f0688f?s=24&d=retro", "openid": "anonymous.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to testing.", "timestamp": "2018-09-17 18:51:11", "update_id": 122772, "user_id": 91, "id": 835531, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "It should still work with SeaMonkey, but yes, you're right. New builds with both classic and WebExtension versions done (like on F27-F28).", "timestamp": "2018-09-18 11:06:30", "update_id": 122772, "user_id": 237, "id": 835864, "bug_feedback": [{"karma": 0, "comment_id": 835864, "bug_id": 1629212, "bug": {"bug_id": 1629212, "title": "CVE-2018-16983 mozilla-noscript: NoScript Bypass via the text/html;/json Content-Type value", "security": true, "parent": true}}, {"karma": 0, "comment_id": 835864, "bug_id": 1629217, "bug": {"bug_id": 1629217, "title": "CVE-2018-16983 mozilla-noscript: NoScript Bypass via the text/html;/json Content-Type value [epel-all]", "security": true, "parent": false}}], "testcase_feedback": [], "user": {"name": "rathann", "email": "dominik@greysector.net", "id": 237, "avatar": "https://seccdn.libravatar.org/avatar/852ad2034e4d2de4eec5ee7c54530a61535edb605c2e9269cd07682a32fbdbaa?s=24&d=retro", "openid": "rathann.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "provenpackager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "scitech_sig"}, {"name": "scitech"}, {"name": "websites-apps-cms"}, {"name": "multimedia-sig"}]}}, {"karma": 0, "karma_critpath": 0, "text": "rathann edited this update.\n\nNew build(s):\n\n- mozilla-noscript-10.1.9.6-1.el7\n\nRemoved build(s):\n\n- mozilla-noscript-5.1.8.7-1.el7\n\nKarma has been reset.", "timestamp": "2018-09-18 11:09:30", "update_id": 122772, "user_id": 91, "id": 835865, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for testing by rathann. ", "timestamp": "2018-09-18 11:09:32", "update_id": 122772, "user_id": 91, "id": 835866, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to testing.", "timestamp": "2018-09-20 11:21:53", "update_id": 122772, "user_id": 91, "id": 836632, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes", "timestamp": "2018-10-04 12:00:18", "update_id": 122772, "user_id": 91, "id": 843597, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for batched by rathann. ", "timestamp": "2018-10-04 12:19:50", "update_id": 122772, "user_id": 91, "id": 843612, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for stable by bodhi. ", "timestamp": "2018-10-05 03:00:20", "update_id": 122772, "user_id": 91, "id": 844081, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to stable.", "timestamp": "2018-10-05 17:19:51", "update_id": 122772, "user_id": 91, "id": 844498, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}], "builds": [{"nvr": "mozilla-noscript-10.1.9.6-1.el7", "signed": true, "release_id": 8, "type": "rpm", "epoch": 0}], "bugs": [{"bug_id": 1629212, "title": "CVE-2018-16983 mozilla-noscript: NoScript Bypass via the text/html;/json Content-Type value", "security": true, "parent": true, "feedback": [{"karma": 0, "comment_id": 835415, "bug_id": 1629212, "comment": {"karma": 0, "karma_critpath": 0, "text": "Noscript 10 needed for updated Firefox in EL7.\n\nkarma: -1", "timestamp": "2018-09-17 10:25:16", "update_id": 122772, "user_id": 207, "id": 835415, "testcase_feedback": [], "user": {"name": "anonymous", "email": null, "id": 207, "avatar": "https://seccdn.libravatar.org/avatar/37a8eec1ce19687d132fe29051dca629d164e2c4958ba141d5f4133a33f0688f?s=24&d=retro", "openid": "anonymous.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 835766, "bug_id": 1629212, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2018-09-18 07:51:36", "update_id": 122770, "user_id": 303, "id": 835766, "testcase_feedback": [], "user": {"name": "robatino", "email": "arobatino@gmail.com", "id": 303, "avatar": "https://seccdn.libravatar.org/avatar/bb8d454eee868b05bbdfef07cbba898ae0ea9c238d3d8001483d8c6593322eb5?s=24&d=retro", "openid": "robatino.id.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "qa"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "qa-deltaisos"}]}}}, {"karma": 0, "comment_id": 835864, "bug_id": 1629212, "comment": {"karma": 0, "karma_critpath": 0, "text": "It should still work with SeaMonkey, but yes, you're right. New builds with both classic and WebExtension versions done (like on F27-F28).", "timestamp": "2018-09-18 11:06:30", "update_id": 122772, "user_id": 237, "id": 835864, "testcase_feedback": [], "user": {"name": "rathann", "email": "dominik@greysector.net", "id": 237, "avatar": "https://seccdn.libravatar.org/avatar/852ad2034e4d2de4eec5ee7c54530a61535edb605c2e9269cd07682a32fbdbaa?s=24&d=retro", "openid": "rathann.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "provenpackager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "scitech_sig"}, {"name": "scitech"}, {"name": "websites-apps-cms"}, {"name": "multimedia-sig"}]}}}, {"karma": 0, "comment_id": 838465, "bug_id": 1629212, "comment": {"karma": 1, "karma_critpath": 0, "text": "After explicitly re-adding an exception for **file:** 10.1.9.6 works normally.", "timestamp": "2018-09-23 04:45:18", "update_id": 122771, "user_id": 2068, "id": 838465, "testcase_feedback": [], "user": {"name": "jmakey", "email": "jeff@makey.net", "id": 2068, "avatar": "https://seccdn.libravatar.org/avatar/c3376bf9ecede08567155abac9fca0de8faee956735ff3fb7034a61a086c0c78?s=24&d=retro", "openid": "jmakey.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}}]}, {"bug_id": 1629217, "title": "CVE-2018-16983 mozilla-noscript: NoScript Bypass via the text/html;/json Content-Type value [epel-all]", "security": true, "parent": false, "feedback": [{"karma": 0, "comment_id": 835415, "bug_id": 1629217, "comment": {"karma": 0, "karma_critpath": 0, "text": "Noscript 10 needed for updated Firefox in EL7.\n\nkarma: -1", "timestamp": "2018-09-17 10:25:16", "update_id": 122772, "user_id": 207, "id": 835415, "testcase_feedback": [], "user": {"name": "anonymous", "email": null, "id": 207, "avatar": "https://seccdn.libravatar.org/avatar/37a8eec1ce19687d132fe29051dca629d164e2c4958ba141d5f4133a33f0688f?s=24&d=retro", "openid": "anonymous.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 835864, "bug_id": 1629217, "comment": {"karma": 0, "karma_critpath": 0, "text": "It should still work with SeaMonkey, but yes, you're right. New builds with both classic and WebExtension versions done (like on F27-F28).", "timestamp": "2018-09-18 11:06:30", "update_id": 122772, "user_id": 237, "id": 835864, "testcase_feedback": [], "user": {"name": "rathann", "email": "dominik@greysector.net", "id": 237, "avatar": "https://seccdn.libravatar.org/avatar/852ad2034e4d2de4eec5ee7c54530a61535edb605c2e9269cd07682a32fbdbaa?s=24&d=retro", "openid": "rathann.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "provenpackager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "scitech_sig"}, {"name": "scitech"}, {"name": "websites-apps-cms"}, {"name": "multimedia-sig"}]}}}]}, {"bug_id": 1629661, "title": "mozilla-noscript-10.1.9.6 is available", "security": false, "parent": false, "feedback": [{"karma": 1, "comment_id": 835766, "bug_id": 1629661, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2018-09-18 07:51:36", "update_id": 122770, "user_id": 303, "id": 835766, "testcase_feedback": [], "user": {"name": "robatino", "email": "arobatino@gmail.com", "id": 303, "avatar": "https://seccdn.libravatar.org/avatar/bb8d454eee868b05bbdfef07cbba898ae0ea9c238d3d8001483d8c6593322eb5?s=24&d=retro", "openid": "robatino.id.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "qa"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "qa-deltaisos"}]}}}, {"karma": 1, "comment_id": 838465, "bug_id": 1629661, "comment": {"karma": 1, "karma_critpath": 0, "text": "After explicitly re-adding an exception for **file:** 10.1.9.6 works normally.", "timestamp": "2018-09-23 04:45:18", "update_id": 122771, "user_id": 2068, "id": 838465, "testcase_feedback": [], "user": {"name": "jmakey", "email": "jeff@makey.net", "id": 2068, "avatar": "https://seccdn.libravatar.org/avatar/c3376bf9ecede08567155abac9fca0de8faee956735ff3fb7034a61a086c0c78?s=24&d=retro", "openid": "jmakey.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}}]}], "updateid": "FEDORA-EPEL-2018-1141f91524", "karma": 0, "content_type": "rpm", "test_cases": []}, "can_edit": false, "ci_allowed": false}