{"update": {"autokarma": true, "autotime": false, "stable_karma": 3, "stable_days": 0, "unstable_karma": -3, "require_bugs": true, "require_testcases": true, "display_name": "", "notes": "**Version 6.2.25**\n\n- Fix support for image URLs.\n\n----\n\n**Version 6.2.24**\n\n- Support remote urls when checking if file exists.\n\n----\n\n**Version 6.2.23**\n\n- Simplify file_exists function.\n\n\n\n----\n\n**Version 6.2.20**\n\n- Fix for security vulnerability: Using the phar:// wrapper it was possible to trigger the unserialization of user provided data.\n\n----\n\n**Version 6.2.19**\n\n- Merge various fixes for PHP 7.3 compatibility and security.\n\n\n", "type": "security", "status": "stable", "request": null, "severity": "unspecified", "suggest": "unspecified", "locked": false, "pushed": true, "critpath": false, "critpath_groups": null, "close_bugs": true, "date_submitted": "2018-09-24 07:38:42", "date_modified": null, "date_approved": null, "date_testing": "2018-09-27 03:51:39", "date_stable": "2018-10-12 19:38:53", "alias": "FEDORA-EPEL-2018-31ccd7aee3", "test_gating_status": "ignored", "from_tag": null, "date_pushed": "2018-10-12 19:38:53", "meets_testing_requirements": true, "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-31ccd7aee3", "title": "php-tcpdf-6.2.25-1.el7", "version_hash": "b7a4c4c9c7b3676e6e72b6ace6e2a7751de1722c", "release": {"name": "EPEL-7", "long_name": "Fedora EPEL 7", "version": "7", "id_prefix": "FEDORA-EPEL", "branch": "epel7", "dist_tag": "epel7", "stable_tag": "epel7", "testing_tag": "epel7-testing", "candidate_tag": "epel7-testing-candidate", "pending_signing_tag": "epel7-signing-pending", "pending_testing_tag": "epel7-testing-pending", "pending_stable_tag": "epel7-pending", "override_tag": "epel7-override", "mail_template": "fedora_epel_legacy_errata_template", "state": "archived", "composed_by_bodhi": true, "create_automatic_updates": false, "package_manager": "unspecified", "testing_repository": null, "released_on": null, "eol": null, "critpath_mandatory_days_in_testing": 14, "mandatory_days_in_testing": 7, "critpath_min_karma": 2, "min_karma": 1, "setting_status": null}, "user": {"name": "remi", "email": "fedora@famillecollet.com", "id": 94, "avatar": "https://seccdn.libravatar.org/avatar/619d3923bdf71a705e6f65371e59246522f52ad96485c9731408ff28554716cf?s=24&d=retro", "openid": "remi.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "provenpackager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "centosproject-email-aliases"}, {"name": "sig-sclo"}]}, "comments": [{"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for testing by remi. ", "timestamp": "2018-09-24 07:38:42", "update_id": 123275, "user_id": 91, "id": 838856, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has obsoleted [php-tcpdf-6.2.22-1.el7](https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-4255a1292d), and has inherited its bugs and notes.", "timestamp": "2018-09-24 07:38:49", "update_id": 123275, "user_id": 91, "id": 838866, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "hello remi,\nsince 6.2.2 which was the prior fedora package (see https://bodhi.fedoraproject.org/updates/?packages=php-tcpdf) there have been the fixes:\nVersion 6.2.25: Fix support for image URLs.\nVersion 6.2.24: Support remote urls when checking if file exists.\nVersion 6.2.23: Simplify file_exists function.\n\nDo you know which of these fixes is a security fix? ", "timestamp": "2018-09-24 10:53:32", "update_id": 123275, "user_id": 3997, "id": 838930, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "muench", "email": "muench@dfn-cert.de", "id": 3997, "avatar": "https://seccdn.libravatar.org/avatar/2ec536f3ae1330bfa0806331010f27704f1b66ad924ce518329a213d77faf96c?s=24&d=retro", "openid": "muench.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "@muench, read the above changelog... \n\nVersion 6.2.20: Fix for security vulnerability: ...\n\nIIUC other are regression fix.", "timestamp": "2018-09-24 11:30:20", "update_id": 123275, "user_id": 94, "id": 838945, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "remi", "email": "fedora@famillecollet.com", "id": 94, "avatar": "https://seccdn.libravatar.org/avatar/619d3923bdf71a705e6f65371e59246522f52ad96485c9731408ff28554716cf?s=24&d=retro", "openid": "remi.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "provenpackager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "centosproject-email-aliases"}, {"name": "sig-sclo"}]}}, {"karma": 0, "karma_critpath": 0, "text": "Sorry my mistake, I wrote since 6.2.2 but i meant 6.2.22 (which is the last fedora package before this security update). The security fix from Version 6.2.20 you mentioned was already referenced in the 6.2.22 release (see https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-4255a1292d)", "timestamp": "2018-09-24 11:38:07", "update_id": 123275, "user_id": 3997, "id": 838949, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "muench", "email": "muench@dfn-cert.de", "id": 3997, "avatar": "https://seccdn.libravatar.org/avatar/2ec536f3ae1330bfa0806331010f27704f1b66ad924ce518329a213d77faf96c?s=24&d=retro", "openid": "muench.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "Previous update was obsoleted by this one, so this one keep the security flag for the fix in 6.2.20", "timestamp": "2018-09-24 11:46:10", "update_id": 123275, "user_id": 94, "id": 838950, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "remi", "email": "fedora@famillecollet.com", "id": 94, "avatar": "https://seccdn.libravatar.org/avatar/619d3923bdf71a705e6f65371e59246522f52ad96485c9731408ff28554716cf?s=24&d=retro", "openid": "remi.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "provenpackager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "centosproject-email-aliases"}, {"name": "sig-sclo"}]}}, {"karma": 0, "karma_critpath": 0, "text": "thank you!", "timestamp": "2018-09-24 12:03:20", "update_id": 123275, "user_id": 3997, "id": 838951, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "muench", "email": "muench@dfn-cert.de", "id": 3997, "avatar": "https://seccdn.libravatar.org/avatar/2ec536f3ae1330bfa0806331010f27704f1b66ad924ce518329a213d77faf96c?s=24&d=retro", "openid": "muench.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to testing.", "timestamp": "2018-09-27 03:52:09", "update_id": 123275, "user_id": 91, "id": 840015, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes", "timestamp": "2018-10-11 06:00:22", "update_id": 123275, "user_id": 91, "id": 847253, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for batched by remi. ", "timestamp": "2018-10-11 06:04:39", "update_id": 123275, "user_id": 91, "id": 847264, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for stable by bodhi. ", "timestamp": "2018-10-12 03:00:16", "update_id": 123275, "user_id": 91, "id": 847591, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to stable.", "timestamp": "2018-10-12 19:39:06", "update_id": 123275, "user_id": 91, "id": 847991, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}], "builds": [{"nvr": "php-tcpdf-6.2.25-1.el7", "signed": true, "release_id": 8, "type": "rpm", "epoch": 0}], "bugs": [], "updateid": "FEDORA-EPEL-2018-31ccd7aee3", "karma": 0, "content_type": "rpm", "test_cases": []}, "can_edit": false, "ci_allowed": false}