{"update": {"autokarma": true, "autotime": false, "stable_karma": 2, "stable_days": 0, "unstable_karma": -3, "require_bugs": true, "require_testcases": true, "display_name": "", "notes": "Update to 0.26.7 (CVE-2018-17456)\n", "type": "security", "status": "stable", "request": null, "severity": "medium", "suggest": "unspecified", "locked": false, "pushed": true, "critpath": false, "critpath_groups": null, "close_bugs": true, "date_submitted": "2018-10-08 18:37:59", "date_modified": "2018-10-26 19:36:46", "date_approved": null, "date_testing": "2018-10-09 01:35:59", "date_stable": "2018-10-27 15:55:33", "alias": "FEDORA-EPEL-2018-a9ac6a18d2", "test_gating_status": "ignored", "from_tag": null, "date_pushed": "2018-10-27 15:55:33", "meets_testing_requirements": true, "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-a9ac6a18d2", "title": "libgit2-0.26.7-1.el7", "version_hash": "5e52d6d4151422828565a5e2593a74422a27761c", "release": {"name": "EPEL-7", "long_name": "Fedora EPEL 7", "version": "7", "id_prefix": "FEDORA-EPEL", "branch": "epel7", "dist_tag": "epel7", "stable_tag": "epel7", "testing_tag": "epel7-testing", "candidate_tag": "epel7-testing-candidate", "pending_signing_tag": "epel7-signing-pending", "pending_testing_tag": "epel7-testing-pending", "pending_stable_tag": "epel7-pending", "override_tag": "epel7-override", "mail_template": "fedora_epel_legacy_errata_template", "state": "archived", "composed_by_bodhi": true, "create_automatic_updates": false, "package_manager": "unspecified", "testing_repository": null, "released_on": null, "eol": null, "critpath_mandatory_days_in_testing": 14, "mandatory_days_in_testing": 7, "critpath_min_karma": 2, "min_karma": 1, "setting_status": null}, "user": {"name": "pwalter", "email": "walter.pete@yandex.com", "id": 491, "avatar": "https://seccdn.libravatar.org/avatar/20f7756718e08ef810fe23344dfdcafe17dfb277e2c27d5cbf81e35b66247795?s=24&d=retro", "openid": "pwalter.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "provenpackager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "trust admins"}]}, "comments": [{"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for testing by pwalter. ", "timestamp": "2018-10-08 18:37:59", "update_id": 124317, "user_id": 91, "id": 845926, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to testing.", "timestamp": "2018-10-09 01:36:22", "update_id": 124317, "user_id": 91, "id": 846156, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes", "timestamp": "2018-10-23 06:00:25", "update_id": 124317, "user_id": 91, "id": 852043, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for stable by pwalter. ", "timestamp": "2018-10-26 16:52:50", "update_id": 124317, "user_id": 91, "id": 853312, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "pwalter edited this update.", "timestamp": "2018-10-26 19:36:45", "update_id": 124317, "user_id": 91, "id": 853423, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to stable.", "timestamp": "2018-10-27 15:55:55", "update_id": 124317, "user_id": 91, "id": 853612, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}], "builds": [{"nvr": "libgit2-0.26.7-1.el7", "signed": true, "release_id": 8, "type": "rpm", "epoch": 0}], "bugs": [{"bug_id": 1615585, "title": "CVE-2018-15501 libgit2: out-of-bounds reads when processing smart-protocol ng packets", "security": true, "parent": true, "feedback": []}, {"bug_id": 1615589, "title": "CVE-2018-15501 libgit2: out-of-bounds reads when processing smart-protocol ng packets [epel-all]", "security": true, "parent": false, "feedback": []}, {"bug_id": 1636619, "title": "CVE-2018-17456 git: arbitrary code execution via .gitmodules", "security": true, "parent": true, "feedback": [{"karma": 1, "comment_id": 844923, "bug_id": 1636619, "comment": {"karma": 1, "karma_critpath": 1, "text": "Works for me and git won't try to execute malicious submodule urls any more but prints a meaningful message.", "timestamp": "2018-10-06 16:28:06", "update_id": 124142, "user_id": 3428, "id": 844923, "testcase_feedback": [], "user": {"name": "sedrubal", "email": "fedora@sedrubal.de", "id": 3428, "avatar": "https://seccdn.libravatar.org/avatar/d37bae0ac7c0df5cdc9de4eabb6c07a7fbc8507f1202ce6aa5df279c3218f119?s=24&d=retro", "openid": "sedrubal.id.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 845568, "bug_id": 1636619, "comment": {"karma": 1, "karma_critpath": 1, "text": "LGTM with github repos", "timestamp": "2018-10-08 06:12:01", "update_id": 124143, "user_id": 840, "id": 845568, "testcase_feedback": [], "user": {"name": "dimitrisk", "email": "dimitris.on.linux@gmail.com", "id": 840, "avatar": "https://seccdn.libravatar.org/avatar/7f22b06f9390803dc7aced957318958e36b27879e87a0f174d7274678aa68de3?s=24&d=retro", "openid": "dimitrisk.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 1, "comment_id": 845657, "bug_id": 1636619, "comment": {"karma": 1, "karma_critpath": 1, "text": "Seems fine with basic push/pull/commit/clone", "timestamp": "2018-10-08 10:04:30", "update_id": 124142, "user_id": 96, "id": 845657, "testcase_feedback": [], "user": {"name": "pbrobinson", "email": "pbrobinson@gmail.com", "id": 96, "avatar": "https://seccdn.libravatar.org/avatar/3bac3f1833b19f5b5e62e166d64737430603201d1513dcc33a8c147d702a2e7d?s=24&d=retro", "openid": "pbrobinson.id.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "provenpackager"}, {"name": "packager"}, {"name": "bodhiadmin"}, {"name": "sysadmin-main"}, {"name": "releng-team"}, {"name": "fedora-s390"}, {"name": "gitfedora-arm-installer"}, {"name": "gitspin-kickstarts"}, {"name": "fedorabugs"}, {"name": "fedora-ppc"}, {"name": "alt-sugar"}, {"name": "torrentadmin"}, {"name": "sysadmin-cvs"}, {"name": "gitfedora-wiki"}, {"name": "sysadmin-releng"}, {"name": "aarch64"}, {"name": "sysadmin"}, {"name": "signed_fpca"}, {"name": "fedora-arm"}, {"name": "sysadmin-secondary"}, {"name": "iot"}, {"name": "ipausers"}, {"name": "arm-qa"}, {"name": "fedora-contributor"}, {"name": "gitpungi"}]}}}, {"karma": 0, "comment_id": 845710, "bug_id": 1636619, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2018-10-08 13:47:43", "update_id": 124142, "user_id": 284, "id": 845710, "testcase_feedback": [], "user": {"name": "cairo", "email": "hansmueller183@yahoo.com", "id": 284, "avatar": "https://seccdn.libravatar.org/avatar/65ac01c684e76450d8575348b4894728e9c69ffdbd7c08718a4156e8e0daf5b6?s=24&d=retro", "openid": "cairo.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 845996, "bug_id": 1636619, "comment": {"karma": 1, "karma_critpath": 0, "text": "Works for me. No regressions noted compared to previous version.", "timestamp": "2018-10-08 21:36:14", "update_id": 124311, "user_id": 308, "id": 845996, "testcase_feedback": [], "user": {"name": "chr77", "email": "chr77@protonmail.com", "id": 308, "avatar": "https://seccdn.libravatar.org/avatar/c9ddae9d692ab2ea6cecd787db18332407bb29982c8a1eae39771bfb270b71fd?s=24&d=retro", "openid": "chr77.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "trust admins"}]}}}, {"karma": 0, "comment_id": 846404, "bug_id": 1636619, "comment": {"karma": 1, "karma_critpath": 1, "text": "", "timestamp": "2018-10-09 14:30:24", "update_id": 124143, "user_id": 2935, "id": 846404, "testcase_feedback": [], "user": {"name": "imabug", "email": "eugenemah@gmail.com", "id": 2935, "avatar": "https://seccdn.libravatar.org/avatar/ea8ba927783ee0ef10e6f05f14791abf925972bac4f31aba458058d3e7907a6d?s=24&d=retro", "openid": "imabug.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedora-hams"}]}}}, {"karma": 0, "comment_id": 848296, "bug_id": 1636619, "comment": {"karma": 1, "karma_critpath": 0, "text": "I installed this and haven't noticed any problems.", "timestamp": "2018-10-13 16:25:43", "update_id": 124312, "user_id": 2897, "id": 848296, "testcase_feedback": [], "user": {"name": "bowlofeggs", "email": "randy@electronsweatshop.com", "id": 2897, "avatar": "https://seccdn.libravatar.org/avatar/74e6735e7dfd745bcd1aba3f64ead2d32631373aae819d812c28f339c5700ed8?s=24&d=retro", "openid": "bowlofeggs.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "provenpackager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "communishift"}, {"name": "atomic-wg"}, {"name": "erlang"}, {"name": "erlang-maint-sig"}]}}}, {"karma": 0, "comment_id": 848396, "bug_id": 1636619, "comment": {"karma": 1, "karma_critpath": 1, "text": "Works as expected.", "timestamp": "2018-10-14 09:39:54", "update_id": 124142, "user_id": 4543, "id": 848396, "testcase_feedback": [], "user": {"name": "nomos", "email": "nuwayhid@protonmail.com", "id": 4543, "avatar": "https://seccdn.libravatar.org/avatar/4da292df4b4cd275f29c87d89541f0a0f1caf943d772bb51eab5b2cbe09998f1?s=24&d=retro", "openid": "nomos.id.fedoraproject.org", "groups": []}}}]}, {"bug_id": 1636621, "title": "CVE-2018-17456 libgit2: git: arbitrary code execution via .gitmodules [fedora-all]", "security": true, "parent": false, "feedback": [{"karma": 0, "comment_id": 845996, "bug_id": 1636621, "comment": {"karma": 1, "karma_critpath": 0, "text": "Works for me. No regressions noted compared to previous version.", "timestamp": "2018-10-08 21:36:14", "update_id": 124311, "user_id": 308, "id": 845996, "testcase_feedback": [], "user": {"name": "chr77", "email": "chr77@protonmail.com", "id": 308, "avatar": "https://seccdn.libravatar.org/avatar/c9ddae9d692ab2ea6cecd787db18332407bb29982c8a1eae39771bfb270b71fd?s=24&d=retro", "openid": "chr77.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "trust admins"}]}}}, {"karma": 0, "comment_id": 848296, "bug_id": 1636621, "comment": {"karma": 1, "karma_critpath": 0, "text": "I installed this and haven't noticed any problems.", "timestamp": "2018-10-13 16:25:43", "update_id": 124312, "user_id": 2897, "id": 848296, "testcase_feedback": [], "user": {"name": "bowlofeggs", "email": "randy@electronsweatshop.com", "id": 2897, "avatar": "https://seccdn.libravatar.org/avatar/74e6735e7dfd745bcd1aba3f64ead2d32631373aae819d812c28f339c5700ed8?s=24&d=retro", "openid": "bowlofeggs.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "provenpackager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "communishift"}, {"name": "atomic-wg"}, {"name": "erlang"}, {"name": "erlang-maint-sig"}]}}}]}], "updateid": "FEDORA-EPEL-2018-a9ac6a18d2", "karma": 0, "content_type": "rpm", "test_cases": []}, "can_edit": false, "ci_allowed": false}