{"update": {"autokarma": true, "autotime": false, "stable_karma": 3, "stable_days": 0, "unstable_karma": -3, "require_bugs": true, "require_testcases": true, "display_name": "", "notes": "eepro100: Prevent two endless loops [CVE-2015-8345],\npcnet: fix rx buffer overflow [CVE-2015-7512],\nui: vnc: avoid floating point exception [CVE-2015-8504],\nadditional patch for [XSA-158, CVE-2015-8338]\nlong running memory operations on ARM [XSA-158, CVE-2015-8338]\nXENMEM_exchange error handling issues [XSA-159, CVE-2015-8339, CVE-2015-8340]\nlibxl leak of pv kernel and initrd on error [XSA-160, CVE-2015-8341]\n\n----\n\nheap buffer overflow vulnerability in pcnet emulator [XSA-162,\nCVE-2015-7504], virtual PMU is unsupported [XSA-163]\n", "type": "security", "status": "stable", "request": null, "severity": "unspecified", "suggest": "unspecified", "locked": false, "pushed": true, "critpath": false, "critpath_groups": null, "close_bugs": true, "date_submitted": "2015-12-10 17:33:50", "date_modified": "2015-12-10 18:49:00", "date_approved": null, "date_testing": "2015-12-11 03:27:32", "date_stable": "2015-12-17 04:36:18", "alias": "FEDORA-2015-12a089920e", "test_gating_status": null, "from_tag": null, "date_pushed": "2015-12-17 04:36:18", "meets_testing_requirements": false, "url": "https://bodhi.stg.fedoraproject.org/updates/FEDORA-2015-12a089920e", "title": "xen-4.5.2-5.fc23", "version_hash": "06f68e647f525e3e0464c5538cc924a4ea243105", "release": {"name": "F23", "long_name": "Fedora 23", "version": "23", "id_prefix": "FEDORA", "branch": "f23", "dist_tag": "f23", "stable_tag": "f23-updates", "testing_tag": "f23-updates-testing", "candidate_tag": "f23-updates-candidate", "pending_signing_tag": "f23-signing-pending", "pending_testing_tag": "f23-updates-testing-pending", "pending_stable_tag": "f23-updates-pending", "override_tag": "f23-override", "mail_template": "fedora_errata_template", "state": "archived", "composed_by_bodhi": true, "create_automatic_updates": null, "package_manager": "dnf", "testing_repository": "updates-testing", "released_on": null, "eol": null, "critpath_mandatory_days_in_testing": 14, "mandatory_days_in_testing": 7, "critpath_min_karma": 2, "min_karma": 1, "setting_status": null}, "user": {"name": "myoung", "email": "m.a.young@durham.ac.uk", "id": 129, "avatar": "https://seccdn.libravatar.org/avatar/cafef3050bdaacd4f890e9dfb2c45ae779cd95d6f836095f281368927146a63a?s=24&d=retro", "openid": "myoung.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}, "comments": [{"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for testing by myoung. ", "timestamp": "2015-12-10 17:33:50", "update_id": 46613, "user_id": 91, "id": 364213, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has obsoleted [xen-4.5.2-3.fc23](https://bodhi.fedoraproject.org/updates/FEDORA-2015-89e9b654cb), and has inherited its bugs and notes.", "timestamp": "2015-12-10 17:33:54", "update_id": 46613, "user_id": 91, "id": 364215, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "myoung edited this update.", "timestamp": "2015-12-10 18:49:00", "update_id": 46613, "user_id": 91, "id": 364293, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to testing.", "timestamp": "2015-12-11 06:02:55", "update_id": 46613, "user_id": 91, "id": 364485, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 1, "karma_critpath": 0, "text": "works for me", "timestamp": "2015-12-11 11:42:37", "update_id": 46613, "user_id": 739, "id": 364622, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "cserpentis", "email": "cserpentis@gmail.com", "id": 739, "avatar": "https://seccdn.libravatar.org/avatar/a3febfef42f58ed535f3c3a3cf9743653cd774dbb6e4554e2ce7c847d9802b6c?s=24&d=retro", "openid": "cserpentis.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}, {"karma": 1, "karma_critpath": 0, "text": "Works for me.", "timestamp": "2015-12-15 15:31:04", "update_id": 46613, "user_id": 536, "id": 366364, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "mhayden", "email": "mhayden@redhat.com", "id": 536, "avatar": "https://seccdn.libravatar.org/avatar/9f9c7ca41ea68469600931af4193d0dc1dcb47d3cdbd481fa39fbaae417f4f2f?s=24&d=retro", "openid": "mhayden.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "gitfedora-security-team"}, {"name": "aws-fedora-ci"}, {"name": "cloud-sig"}, {"name": "rhel-lightspeed"}]}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for stable by bodhi. ", "timestamp": "2015-12-16 22:48:10", "update_id": 46613, "user_id": 91, "id": 367089, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 1, "karma_critpath": 0, "text": "looks ok", "timestamp": "2015-12-16 22:48:12", "update_id": 46613, "user_id": 306, "id": 367090, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "nonamedotc", "email": "nonamedotc@gmail.com", "id": 306, "avatar": "https://seccdn.libravatar.org/avatar/fee656bbc323d178f79b7b626b77a4e5e1e82a602ee4d3f09afc79394bad2d5d?s=24&d=retro", "openid": "nonamedotc.id.stg.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "packager"}, {"name": "provenpackager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "scitech_sig"}, {"name": "triagers"}]}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to stable.", "timestamp": "2015-12-17 07:33:12", "update_id": 46613, "user_id": 91, "id": 367289, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}], "builds": [{"nvr": "xen-4.5.2-5.fc23", "signed": true, "release_id": 11, "type": "rpm", "epoch": 0}], "bugs": [{"bug_id": 1261461, "title": "CVE-2015-7504 Qemu: net: pcnet: heap overflow vulnerability in pcnet_receive", "security": true, "parent": true, "feedback": [{"karma": 0, "comment_id": 371651, "bug_id": 1261461, "comment": {"karma": 0, "karma_critpath": 0, "text": "There is now a newer one in stable... ", "timestamp": "2015-12-30 18:45:38", "update_id": 46337, "user_id": 137, "id": 371651, "testcase_feedback": [], "user": {"name": "kevin", "email": "kevin@scrye.com", "id": 137, "avatar": "https://seccdn.libravatar.org/avatar/05d9feede3ce862bdfd16271134edeba147128c93ae9299fca87f8135ae2b2fd?s=24&d=retro", "openid": "kevin.id.stg.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "security_respons"}, {"name": "provenpackager"}, {"name": "packager"}, {"name": "bodhiadmin"}, {"name": "infra-sig"}, {"name": "sysadmin-main"}, {"name": "releng-team"}, {"name": "sysadmin-dba"}, {"name": "sysadmin-jenkins"}, {"name": "freemedia"}, {"name": "gitspin-kickstarts"}, {"name": "wikiadmin"}, {"name": "aws-iam"}, {"name": "wikiedit"}, {"name": "epel-wranglers"}, {"name": "sysadmin-cloud"}, {"name": "sysadmin-backup"}, {"name": "upstream-test"}, {"name": "irc-support-operators"}, {"name": "sysadmin-osbs"}, {"name": "aws-s3"}, {"name": "bzrpython-fedora"}, {"name": "fedora-contributor"}, {"name": "aws"}, {"name": "fi-apprentice"}, {"name": "sysadmin-accounts"}, {"name": "msftazure"}, {"name": "server-wg"}, {"name": "sysadmin-secondary"}, {"name": "fedora-hams"}, {"name": "signers"}, {"name": "sysadmin-devel"}, {"name": "aws-copr"}, {"name": "fedorabugs"}, {"name": "sysadmin-spin"}, {"name": "sysadmin-logs"}, {"name": "sysadmin-tools"}, {"name": "cvsadmin"}, {"name": "sysadmin-releng"}, {"name": "sysadmin-hosted"}, {"name": "sysadmin-openshift"}, {"name": "aws-master"}, {"name": "ipausers"}, {"name": "sysadmin-gallery"}, {"name": "accounts"}, {"name": "sysadmin-veteran"}, {"name": "gitfedbot"}, {"name": "fesco"}, {"name": "sysadmin-survey"}, {"name": "web"}, {"name": "sysadmin-coreos"}, {"name": "cvsfedora"}, {"name": "aws-billing"}, {"name": "aws-s3-readonly"}, {"name": "admins"}, {"name": "epel-cabal"}, {"name": "sysadmin-dns"}, {"name": "signed_fpca"}, {"name": "sysadmin-noc"}, {"name": "sysadmin-qa"}, {"name": "hosted-content"}, {"name": "sysadmin-cvs"}, {"name": "torrentadmin"}, {"name": "gitfedora-web"}, {"name": "sysadmin-darkserver"}, {"name": "gitcsi"}, {"name": "gitformulas"}, {"name": "sysadmin-web"}, {"name": "sysadmin-ask"}, {"name": "communishift"}, {"name": "vendor-support"}, {"name": "sysadmin-calendar"}, {"name": "aws-fedoramirror"}, {"name": "aws-infra"}, {"name": "sysadmin-packages"}, {"name": "sysadmin"}, {"name": "epel-packagers-sig"}]}}}]}, {"bug_id": 1284911, "title": "CVE-2015-8338 xen: Long running memory operations on ARM cause DoS", "security": true, "parent": true, "feedback": []}, {"bug_id": 1284919, "title": "CVE-2015-8339 CVE-2015-8340 xen: XENMEM_exchange error handling may cause DoS to host", "security": true, "parent": true, "feedback": []}, {"bug_id": 1284933, "title": "CVE-2015-8341 xen: libxl leak of PV kernel can cause OOM condition", "security": true, "parent": true, "feedback": []}, {"bug_id": 1285061, "title": "CVE-2015-7512 Qemu: net: pcnet: buffer overflow in non-loopback mode", "security": true, "parent": true, "feedback": [{"karma": 0, "comment_id": 371651, "bug_id": 1285061, "comment": {"karma": 0, "karma_critpath": 0, "text": "There is now a newer one in stable... ", "timestamp": "2015-12-30 18:45:38", "update_id": 46337, "user_id": 137, "id": 371651, "testcase_feedback": [], "user": {"name": "kevin", "email": "kevin@scrye.com", "id": 137, "avatar": "https://seccdn.libravatar.org/avatar/05d9feede3ce862bdfd16271134edeba147128c93ae9299fca87f8135ae2b2fd?s=24&d=retro", "openid": "kevin.id.stg.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "security_respons"}, {"name": "provenpackager"}, {"name": "packager"}, {"name": "bodhiadmin"}, {"name": "infra-sig"}, {"name": "sysadmin-main"}, {"name": "releng-team"}, {"name": "sysadmin-dba"}, {"name": "sysadmin-jenkins"}, {"name": "freemedia"}, {"name": "gitspin-kickstarts"}, {"name": "wikiadmin"}, {"name": "aws-iam"}, {"name": "wikiedit"}, {"name": "epel-wranglers"}, {"name": "sysadmin-cloud"}, {"name": "sysadmin-backup"}, {"name": "upstream-test"}, {"name": "irc-support-operators"}, {"name": "sysadmin-osbs"}, {"name": "aws-s3"}, {"name": "bzrpython-fedora"}, {"name": "fedora-contributor"}, {"name": "aws"}, {"name": "fi-apprentice"}, {"name": "sysadmin-accounts"}, {"name": "msftazure"}, {"name": "server-wg"}, {"name": "sysadmin-secondary"}, {"name": "fedora-hams"}, {"name": "signers"}, {"name": "sysadmin-devel"}, {"name": "aws-copr"}, {"name": "fedorabugs"}, {"name": "sysadmin-spin"}, {"name": "sysadmin-logs"}, {"name": "sysadmin-tools"}, {"name": "cvsadmin"}, {"name": "sysadmin-releng"}, {"name": "sysadmin-hosted"}, {"name": "sysadmin-openshift"}, {"name": "aws-master"}, {"name": "ipausers"}, {"name": "sysadmin-gallery"}, {"name": "accounts"}, {"name": "sysadmin-veteran"}, {"name": "gitfedbot"}, {"name": "fesco"}, {"name": "sysadmin-survey"}, {"name": "web"}, {"name": "sysadmin-coreos"}, {"name": "cvsfedora"}, {"name": "aws-billing"}, {"name": "aws-s3-readonly"}, {"name": "admins"}, {"name": "epel-cabal"}, {"name": "sysadmin-dns"}, {"name": "signed_fpca"}, {"name": "sysadmin-noc"}, {"name": "sysadmin-qa"}, {"name": "hosted-content"}, {"name": "sysadmin-cvs"}, {"name": "torrentadmin"}, {"name": "gitfedora-web"}, {"name": "sysadmin-darkserver"}, {"name": "gitcsi"}, {"name": "gitformulas"}, {"name": "sysadmin-web"}, {"name": "sysadmin-ask"}, {"name": "communishift"}, {"name": "vendor-support"}, {"name": "sysadmin-calendar"}, {"name": "aws-fedoramirror"}, {"name": "aws-infra"}, {"name": "sysadmin-packages"}, {"name": "sysadmin"}, {"name": "epel-packagers-sig"}]}}}]}, {"bug_id": 1285213, "title": "CVE-2015-8345 Qemu: net: eepro100: infinite loop in processing command block list", "security": true, "parent": true, "feedback": [{"karma": 0, "comment_id": 371651, "bug_id": 1285213, "comment": {"karma": 0, "karma_critpath": 0, "text": "There is now a newer one in stable... ", "timestamp": "2015-12-30 18:45:38", "update_id": 46337, "user_id": 137, "id": 371651, "testcase_feedback": [], "user": {"name": "kevin", "email": "kevin@scrye.com", "id": 137, "avatar": "https://seccdn.libravatar.org/avatar/05d9feede3ce862bdfd16271134edeba147128c93ae9299fca87f8135ae2b2fd?s=24&d=retro", "openid": "kevin.id.stg.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "security_respons"}, {"name": "provenpackager"}, {"name": "packager"}, {"name": "bodhiadmin"}, {"name": "infra-sig"}, {"name": "sysadmin-main"}, {"name": "releng-team"}, {"name": "sysadmin-dba"}, {"name": "sysadmin-jenkins"}, {"name": "freemedia"}, {"name": "gitspin-kickstarts"}, {"name": "wikiadmin"}, {"name": "aws-iam"}, {"name": "wikiedit"}, {"name": "epel-wranglers"}, {"name": "sysadmin-cloud"}, {"name": "sysadmin-backup"}, {"name": "upstream-test"}, {"name": "irc-support-operators"}, {"name": "sysadmin-osbs"}, {"name": "aws-s3"}, {"name": "bzrpython-fedora"}, {"name": "fedora-contributor"}, {"name": "aws"}, {"name": "fi-apprentice"}, {"name": "sysadmin-accounts"}, {"name": "msftazure"}, {"name": "server-wg"}, {"name": "sysadmin-secondary"}, {"name": "fedora-hams"}, {"name": "signers"}, {"name": "sysadmin-devel"}, {"name": "aws-copr"}, {"name": "fedorabugs"}, {"name": "sysadmin-spin"}, {"name": "sysadmin-logs"}, {"name": "sysadmin-tools"}, {"name": "cvsadmin"}, {"name": "sysadmin-releng"}, {"name": "sysadmin-hosted"}, {"name": "sysadmin-openshift"}, {"name": "aws-master"}, {"name": "ipausers"}, {"name": "sysadmin-gallery"}, {"name": "accounts"}, {"name": "sysadmin-veteran"}, {"name": "gitfedbot"}, {"name": "fesco"}, {"name": "sysadmin-survey"}, {"name": "web"}, {"name": "sysadmin-coreos"}, {"name": "cvsfedora"}, {"name": "aws-billing"}, {"name": "aws-s3-readonly"}, {"name": "admins"}, {"name": "epel-cabal"}, {"name": "sysadmin-dns"}, {"name": "signed_fpca"}, {"name": "sysadmin-noc"}, {"name": "sysadmin-qa"}, {"name": "hosted-content"}, {"name": "sysadmin-cvs"}, {"name": "torrentadmin"}, {"name": "gitfedora-web"}, {"name": "sysadmin-darkserver"}, {"name": "gitcsi"}, {"name": "gitformulas"}, {"name": "sysadmin-web"}, {"name": "sysadmin-ask"}, {"name": "communishift"}, {"name": "vendor-support"}, {"name": "sysadmin-calendar"}, {"name": "aws-fedoramirror"}, {"name": "aws-infra"}, {"name": "sysadmin-packages"}, {"name": "sysadmin"}, {"name": "epel-packagers-sig"}]}}}]}, {"bug_id": 1285215, "title": "CVE-2015-8345 xen: Qemu: net: eepro100: infinite loop in processing command block list [fedora-all]", "security": true, "parent": false, "feedback": []}, {"bug_id": 1285350, "title": "xen: Virtual Performance Measurement Unit feature is unsupported", "security": true, "parent": true, "feedback": []}, {"bug_id": 1285351, "title": "xen: Virtual Performance Measurement Unit feature is unsupported [fedora-all]", "security": true, "parent": false, "feedback": []}, {"bug_id": 1286544, "title": "CVE-2015-7504 xen: Qemu: net: pcnet: heap overflow vulnerability in pcnet_receive [fedora-all]", "security": true, "parent": false, "feedback": []}, {"bug_id": 1286563, "title": "CVE-2015-7512 xen: Qemu: net: pcnet: buffer overflow in non-loopback mode [fedora-all]", "security": true, "parent": false, "feedback": []}, {"bug_id": 1289541, "title": "CVE-2015-8504 Qemu: ui: vnc: avoid floating point exception", "security": true, "parent": true, "feedback": [{"karma": 0, "comment_id": 367690, "bug_id": 1289541, "comment": {"karma": 0, "karma_critpath": 0, "text": "This is no longer in stable. I installed it on Dec. 14 but \"yum-deprecated distro-sync\" now wants to downgrade it to 2.4.1-2.", "timestamp": "2015-12-18 02:03:31", "update_id": 46443, "user_id": 303, "id": 367690, "testcase_feedback": [], "user": {"name": "robatino", "email": "arobatino@gmail.com", "id": 303, "avatar": "https://seccdn.libravatar.org/avatar/bb8d454eee868b05bbdfef07cbba898ae0ea9c238d3d8001483d8c6593322eb5?s=24&d=retro", "openid": "robatino.id.stg.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "qa"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "qa-deltaisos"}]}}}]}, {"bug_id": 1289544, "title": "CVE-2015-8504 xen: Qemu: ui: vnc: avoid floating point exception [fedora-all]", "security": true, "parent": false, "feedback": []}, {"bug_id": 1289568, "title": "CVE-2015-8338 CVE-2015-8339 CVE-2015-8340 CVE-2015-8341 xen: various flaws [fedora-all]", "security": true, "parent": false, "feedback": []}], "updateid": "FEDORA-2015-12a089920e", "karma": 3, "content_type": "rpm", "test_cases": []}, "can_edit": false, "ci_allowed": false}