{"update": {"autokarma": true, "autotime": false, "stable_karma": 3, "stable_days": 14, "unstable_karma": -3, "require_bugs": true, "require_testcases": true, "display_name": "", "notes": "Update to 1.4.3 to fix a number of CVEs: CVE-2019-16786 CVE-2019-16785 CVE-2019-16789 \n\nNote: This is a large jump in versions for epel7, but as far as I can see there's no incompatible changes in the changelog. \n\nPlease test!", "type": "security", "status": "stable", "request": null, "severity": "medium", "suggest": "unspecified", "locked": false, "pushed": true, "critpath": false, "critpath_groups": null, "close_bugs": true, "date_submitted": "2020-02-16 22:56:40", "date_modified": null, "date_approved": null, "date_testing": "2020-02-17 00:08:25", "date_stable": "2020-09-04 14:41:13", "alias": "FEDORA-EPEL-2020-fa8a2e97c6", "test_gating_status": "ignored", "from_tag": null, "date_pushed": "2020-09-04 14:41:13", "meets_testing_requirements": true, "url": "https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-fa8a2e97c6", "title": "python-waitress-1.4.3-1.el7", "version_hash": "4167c09406630d5cecbc36a4c0545a39970a7a8f", "release": {"name": "EPEL-7", "long_name": "Fedora EPEL 7", "version": "7", "id_prefix": "FEDORA-EPEL", "branch": "epel7", "dist_tag": "epel7", "stable_tag": "epel7", "testing_tag": "epel7-testing", "candidate_tag": "epel7-testing-candidate", "pending_signing_tag": "epel7-signing-pending", "pending_testing_tag": "epel7-testing-pending", "pending_stable_tag": "epel7-pending", "override_tag": "epel7-override", "mail_template": "fedora_epel_legacy_errata_template", "state": "archived", "composed_by_bodhi": true, "create_automatic_updates": false, "package_manager": "unspecified", "testing_repository": null, "released_on": null, "eol": null, "critpath_mandatory_days_in_testing": 14, "mandatory_days_in_testing": 7, "critpath_min_karma": 2, "min_karma": 1, "setting_status": null}, "user": {"name": "kevin", "email": "kevin@scrye.com", "id": 137, "avatar": "https://seccdn.libravatar.org/avatar/05d9feede3ce862bdfd16271134edeba147128c93ae9299fca87f8135ae2b2fd?s=24&d=retro", "openid": "kevin.id.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "security_respons"}, {"name": "provenpackager"}, {"name": "packager"}, {"name": "bodhiadmin"}, {"name": "infra-sig"}, {"name": "sysadmin-main"}, {"name": "releng-team"}, {"name": "sysadmin-dba"}, {"name": "sysadmin-jenkins"}, {"name": "freemedia"}, {"name": "gitspin-kickstarts"}, {"name": "wikiadmin"}, {"name": "aws-iam"}, {"name": "wikiedit"}, {"name": "epel-wranglers"}, {"name": "sysadmin-cloud"}, {"name": "sysadmin-backup"}, {"name": "upstream-test"}, {"name": "irc-support-operators"}, {"name": "sysadmin-osbs"}, {"name": "aws-s3"}, {"name": "bzrpython-fedora"}, {"name": "fedora-contributor"}, {"name": "aws"}, {"name": "fi-apprentice"}, {"name": "sysadmin-accounts"}, {"name": "msftazure"}, {"name": "server-wg"}, {"name": "sysadmin-secondary"}, {"name": "fedora-hams"}, {"name": "signers"}, {"name": "sysadmin-devel"}, {"name": "aws-copr"}, {"name": "fedorabugs"}, {"name": "sysadmin-spin"}, {"name": "sysadmin-logs"}, {"name": "sysadmin-tools"}, {"name": "cvsadmin"}, {"name": "sysadmin-releng"}, {"name": "sysadmin-hosted"}, {"name": "sysadmin-openshift"}, {"name": "aws-master"}, {"name": "ipausers"}, {"name": "sysadmin-gallery"}, {"name": "accounts"}, {"name": "sysadmin-veteran"}, {"name": "gitfedbot"}, {"name": "fesco"}, {"name": "sysadmin-survey"}, {"name": "web"}, {"name": "sysadmin-coreos"}, {"name": "cvsfedora"}, {"name": "aws-billing"}, {"name": "aws-s3-readonly"}, {"name": "admins"}, {"name": "epel-cabal"}, {"name": "sysadmin-dns"}, {"name": "signed_fpca"}, {"name": "sysadmin-noc"}, {"name": "sysadmin-qa"}, {"name": "hosted-content"}, {"name": "sysadmin-cvs"}, {"name": "torrentadmin"}, {"name": "gitfedora-web"}, {"name": "sysadmin-darkserver"}, {"name": "gitcsi"}, {"name": "gitformulas"}, {"name": "sysadmin-web"}, {"name": "sysadmin-ask"}, {"name": "communishift"}, {"name": "vendor-support"}, {"name": "sysadmin-calendar"}, {"name": "aws-fedoramirror"}, {"name": "aws-infra"}, {"name": "sysadmin-packages"}, {"name": "sysadmin"}, {"name": "epel-packagers-sig"}]}, "comments": [{"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for testing by kevin. ", "timestamp": "2020-02-16 22:56:40", "update_id": 184958, "user_id": 91, "id": 1235504, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'waiting'.", "timestamp": "2020-02-16 22:56:41", "update_id": 184958, "user_id": 91, "id": 1235505, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'ignored'.", "timestamp": "2020-02-16 22:57:37", "update_id": 184958, "user_id": 91, "id": 1235506, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to testing.", "timestamp": "2020-02-17 00:08:34", "update_id": 184958, "user_id": 91, "id": 1235545, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update can be pushed to stable now if the maintainer wishes", "timestamp": "2020-03-02 00:09:08", "update_id": 184958, "user_id": 91, "id": 1260857, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'greenwave_failed'.", "timestamp": "2020-04-03 07:30:58", "update_id": 184958, "user_id": 91, "id": 1309255, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'ignored'.", "timestamp": "2020-04-03 10:13:28", "update_id": 184958, "user_id": 91, "id": 1311225, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "Doing some cleanup, can we release or drop this? Stable by time is disabled, but it has been waiting for over 6 months", "timestamp": "2020-09-03 19:25:54", "update_id": 184958, "user_id": 4813, "id": 1604839, "bug_feedback": [{"karma": 0, "comment_id": 1604839, "bug_id": 1468175, "bug": {"bug_id": 1468175, "title": "Backport security fix from v1.0.0 to prevent header spoofing via underscore/dash conflation", "security": false, "parent": false}}, {"karma": 0, "comment_id": 1604839, "bug_id": 1785591, "bug": {"bug_id": 1785591, "title": "python-waitress-1.4.3 is available", "security": false, "parent": false}}, {"karma": 0, "comment_id": 1604839, "bug_id": 1789810, "bug": {"bug_id": 1789810, "title": "CVE-2019-16789 python-waitress: waitress: HTTP Request Smuggling through Invalid whitespace characters in headers [epel-all]", "security": true, "parent": false}}, {"karma": 0, "comment_id": 1604839, "bug_id": 1791417, "bug": {"bug_id": 1791417, "title": "CVE-2019-16786 python-waitress: waitress: HTTP request smuggling through invalid Transfer-Encoding [epel-all]", "security": true, "parent": false}}, {"karma": 0, "comment_id": 1604839, "bug_id": 1791421, "bug": {"bug_id": 1791421, "title": "CVE-2019-16785 python-waitress: waitress: HTTP request smuggling through LF vs CRLF handling [epel-all]", "security": true, "parent": false}}], "testcase_feedback": [], "user": {"name": "pgreco", "email": "pablo@fliagreco.com.ar", "id": 4813, "avatar": "https://seccdn.libravatar.org/avatar/5fce1a063623e2ba65b6272154dc7cdae7e69fcaad3f14c0606ca456fdbee616?s=24&d=retro", "openid": "pgreco.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "centosproject-email-aliases"}, {"name": "epel-cabal"}, {"name": "epel-packagers-sig"}, {"name": "epel-wranglers"}, {"name": "qa_users"}, {"name": "devcloud_users"}, {"name": "sig-altarch"}]}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for stable by kevin. ", "timestamp": "2020-09-03 19:43:44", "update_id": 184958, "user_id": 91, "id": 1604857, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to stable.", "timestamp": "2020-09-04 14:41:32", "update_id": 184958, "user_id": 91, "id": 1606119, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}], "builds": [{"nvr": "python-waitress-1.4.3-1.el7", "signed": true, "release_id": 8, "type": "rpm", "epoch": 0}], "bugs": [{"bug_id": 1468175, "title": "Backport security fix from v1.0.0 to prevent header spoofing via underscore/dash conflation", "security": false, "parent": false, "feedback": [{"karma": 0, "comment_id": 1604839, "bug_id": 1468175, "comment": {"karma": 0, "karma_critpath": 0, "text": "Doing some cleanup, can we release or drop this? Stable by time is disabled, but it has been waiting for over 6 months", "timestamp": "2020-09-03 19:25:54", "update_id": 184958, "user_id": 4813, "id": 1604839, "testcase_feedback": [], "user": {"name": "pgreco", "email": "pablo@fliagreco.com.ar", "id": 4813, "avatar": "https://seccdn.libravatar.org/avatar/5fce1a063623e2ba65b6272154dc7cdae7e69fcaad3f14c0606ca456fdbee616?s=24&d=retro", "openid": "pgreco.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "centosproject-email-aliases"}, {"name": "epel-cabal"}, {"name": "epel-packagers-sig"}, {"name": "epel-wranglers"}, {"name": "qa_users"}, {"name": "devcloud_users"}, {"name": "sig-altarch"}]}}}]}, {"bug_id": 1785591, "title": "python-waitress-1.4.3 is available", "security": false, "parent": false, "feedback": [{"karma": 0, "comment_id": 1604839, "bug_id": 1785591, "comment": {"karma": 0, "karma_critpath": 0, "text": "Doing some cleanup, can we release or drop this? Stable by time is disabled, but it has been waiting for over 6 months", "timestamp": "2020-09-03 19:25:54", "update_id": 184958, "user_id": 4813, "id": 1604839, "testcase_feedback": [], "user": {"name": "pgreco", "email": "pablo@fliagreco.com.ar", "id": 4813, "avatar": "https://seccdn.libravatar.org/avatar/5fce1a063623e2ba65b6272154dc7cdae7e69fcaad3f14c0606ca456fdbee616?s=24&d=retro", "openid": "pgreco.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "centosproject-email-aliases"}, {"name": "epel-cabal"}, {"name": "epel-packagers-sig"}, {"name": "epel-wranglers"}, {"name": "qa_users"}, {"name": "devcloud_users"}, {"name": "sig-altarch"}]}}}]}, {"bug_id": 1789810, "title": "CVE-2019-16789 python-waitress: waitress: HTTP Request Smuggling through Invalid whitespace characters in headers [epel-all]", "security": true, "parent": false, "feedback": [{"karma": 0, "comment_id": 1604839, "bug_id": 1789810, "comment": {"karma": 0, "karma_critpath": 0, "text": "Doing some cleanup, can we release or drop this? Stable by time is disabled, but it has been waiting for over 6 months", "timestamp": "2020-09-03 19:25:54", "update_id": 184958, "user_id": 4813, "id": 1604839, "testcase_feedback": [], "user": {"name": "pgreco", "email": "pablo@fliagreco.com.ar", "id": 4813, "avatar": "https://seccdn.libravatar.org/avatar/5fce1a063623e2ba65b6272154dc7cdae7e69fcaad3f14c0606ca456fdbee616?s=24&d=retro", "openid": "pgreco.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "centosproject-email-aliases"}, {"name": "epel-cabal"}, {"name": "epel-packagers-sig"}, {"name": "epel-wranglers"}, {"name": "qa_users"}, {"name": "devcloud_users"}, {"name": "sig-altarch"}]}}}]}, {"bug_id": 1791417, "title": "CVE-2019-16786 python-waitress: waitress: HTTP request smuggling through invalid Transfer-Encoding [epel-all]", "security": true, "parent": false, "feedback": [{"karma": 0, "comment_id": 1604839, "bug_id": 1791417, "comment": {"karma": 0, "karma_critpath": 0, "text": "Doing some cleanup, can we release or drop this? Stable by time is disabled, but it has been waiting for over 6 months", "timestamp": "2020-09-03 19:25:54", "update_id": 184958, "user_id": 4813, "id": 1604839, "testcase_feedback": [], "user": {"name": "pgreco", "email": "pablo@fliagreco.com.ar", "id": 4813, "avatar": "https://seccdn.libravatar.org/avatar/5fce1a063623e2ba65b6272154dc7cdae7e69fcaad3f14c0606ca456fdbee616?s=24&d=retro", "openid": "pgreco.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "centosproject-email-aliases"}, {"name": "epel-cabal"}, {"name": "epel-packagers-sig"}, {"name": "epel-wranglers"}, {"name": "qa_users"}, {"name": "devcloud_users"}, {"name": "sig-altarch"}]}}}]}, {"bug_id": 1791421, "title": "CVE-2019-16785 python-waitress: waitress: HTTP request smuggling through LF vs CRLF handling [epel-all]", "security": true, "parent": false, "feedback": [{"karma": 0, "comment_id": 1604839, "bug_id": 1791421, "comment": {"karma": 0, "karma_critpath": 0, "text": "Doing some cleanup, can we release or drop this? Stable by time is disabled, but it has been waiting for over 6 months", "timestamp": "2020-09-03 19:25:54", "update_id": 184958, "user_id": 4813, "id": 1604839, "testcase_feedback": [], "user": {"name": "pgreco", "email": "pablo@fliagreco.com.ar", "id": 4813, "avatar": "https://seccdn.libravatar.org/avatar/5fce1a063623e2ba65b6272154dc7cdae7e69fcaad3f14c0606ca456fdbee616?s=24&d=retro", "openid": "pgreco.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "centosproject-email-aliases"}, {"name": "epel-cabal"}, {"name": "epel-packagers-sig"}, {"name": "epel-wranglers"}, {"name": "qa_users"}, {"name": "devcloud_users"}, {"name": "sig-altarch"}]}}}]}], "updateid": "FEDORA-EPEL-2020-fa8a2e97c6", "karma": 0, "content_type": "rpm", "test_cases": []}, "can_edit": false, "ci_allowed": false}