{"update": {"autokarma": false, "autotime": false, "stable_karma": 3, "stable_days": 0, "unstable_karma": -3, "require_bugs": false, "require_testcases": false, "display_name": "", "notes": "- Fix CVE-2014-8139 - CRC32 verification heap-based buffer overread (#1174844)\r\n\r\n- Fix CVE-2014-8140 - out-of-bounds write issue in test_compr_eb() (#1174851)\r\n\r\n- Fix CVE-2014-8141 - getZip64Data() out-of-bounds read issues (#1174856)\r\n\r\n- Fix buffer overflow on long file sizes (#1191136)\r\n\r\n-  CVE-2014-9636 unzip: out-of-bounds read/write in test_compr_eb() in extract.c - re-fix (see https://bugzilla.redhat.com/show_bug.cgi?id=1184985#c7)\n- Fix CVE-2014-8139 - CRC32 verification heap-based buffer overread (#1174844)\r\n\r\n- Fix CVE-2014-8140 - out-of-bounds write issue in test_compr_eb() (#1174851)\r\n\r\n- Fix CVE-2014-8141 - getZip64Data() out-of-bounds read issues (#1174856)\r\n\r\n- Fix buffer overflow on long file sizes (#1191136)\r\n\n- Fix CVE-2014-8139 - CRC32 verification heap-based buffer overread (#1174844)\r\n\r\n- Fix CVE-2014-8140 - out-of-bounds write issue in test_compr_eb() (#1174851)\r\n\r\n- Fix CVE-2014-8141 - getZip64Data() out-of-bounds read issues (#1174856)\r\n\r\n- Fix buffer overflow on long file sizes (#1191136)\r\n", "type": "security", "status": "stable", "request": null, "severity": "unspecified", "suggest": "unspecified", "locked": false, "pushed": true, "critpath": true, "critpath_groups": null, "close_bugs": true, "date_submitted": "2015-02-11 16:15:07", "date_modified": null, "date_approved": null, "date_testing": "2015-02-15 03:22:16", "date_stable": "2015-02-16 03:25:51", "alias": "FEDORA-2015-2035", "test_gating_status": null, "from_tag": null, "date_pushed": "2015-02-16 03:25:51", "meets_testing_requirements": false, "url": "https://bodhi.stg.fedoraproject.org/updates/FEDORA-2015-2035", "title": "unzip-6.0-20.fc21", "version_hash": "b15502bd00a71c1be1a90e189d48e8a4c52f1302", "release": {"name": "F21", "long_name": "Fedora 21", "version": "21", "id_prefix": "FEDORA", "branch": "f21", "dist_tag": "f21", "stable_tag": "f21-updates", "testing_tag": "f21-updates-testing", "candidate_tag": "f21-updates-candidate", "pending_signing_tag": "", "pending_testing_tag": "f21-updates-testing-pending", "pending_stable_tag": "f21-updates-pending", "override_tag": "f21-override", "mail_template": "fedora_errata_template", "state": "archived", "composed_by_bodhi": true, "create_automatic_updates": null, "package_manager": "dnf", "testing_repository": "updates-testing", "released_on": null, "eol": null, "critpath_mandatory_days_in_testing": 14, "mandatory_days_in_testing": 7, "critpath_min_karma": 2, "min_karma": 1, "setting_status": null}, "user": {"name": "pstodulk", "email": "pstodulk@redhat.com", "id": 890, "avatar": "https://seccdn.libravatar.org/avatar/79b5c3f14716ad77643e3da54f4ebb9e75c4b9a01aadad280491186d73da3943?s=24&d=retro", "openid": "pstodulk.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "git-maint"}, {"name": "oamg"}, {"name": "leapp"}]}, "comments": [{"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for testing by pstodulk. ", "timestamp": "2015-02-11 16:15:18", "update_id": 4026, "user_id": 91, "id": 28411, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 1, "karma_critpath": 0, "text": "work fine for me :)", "timestamp": "2015-02-12 11:10:12", "update_id": 4026, "user_id": 348, "id": 28412, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "empateinfinito", "email": null, "id": 348, "avatar": "https://seccdn.libravatar.org/avatar/37a8eec1ce19687d132fe29051dca629d164e2c4958ba141d5f4133a33f0688f?s=24&d=retro", "openid": "empateinfinito.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "Critical path update approved", "timestamp": "2015-02-12 11:10:16", "update_id": 4026, "user_id": 91, "id": 28413, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "Taskotron: depcheck test PASSED on i386. Result log:\nhttps://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/36737/steps/runtask/logs/stdio\n(results are informative only)", "timestamp": "2015-02-12 17:49:17", "update_id": 4026, "user_id": 100, "id": 28414, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "taskotron", "email": "taskotron@fedoraproject.org", "id": 100, "avatar": "https://seccdn.libravatar.org/avatar/8cba34b3793397cca75782c70d6a4c3af6fc4c8e7d502fad36609e3b4b4670f9?s=24&d=retro", "openid": "taskotron.id.stg.fedoraproject.org", "groups": [{"name": ""}]}}, {"karma": 0, "karma_critpath": 0, "text": "Taskotron: depcheck test PASSED on x86_64. Result log:\nhttps://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/36746/steps/runtask/logs/stdio\n(results are informative only)", "timestamp": "2015-02-12 17:56:12", "update_id": 4026, "user_id": 100, "id": 28415, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "taskotron", "email": "taskotron@fedoraproject.org", "id": 100, "avatar": "https://seccdn.libravatar.org/avatar/8cba34b3793397cca75782c70d6a4c3af6fc4c8e7d502fad36609e3b4b4670f9?s=24&d=retro", "openid": "taskotron.id.stg.fedoraproject.org", "groups": [{"name": ""}]}}, {"karma": 0, "karma_critpath": 0, "text": "Taskotron: depcheck test PASSED on x86_64. Result log:\nhttps://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/36737/steps/runtask/logs/stdio\n(results are informative only)", "timestamp": "2015-02-12 17:56:15", "update_id": 4026, "user_id": 100, "id": 28416, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "taskotron", "email": "taskotron@fedoraproject.org", "id": 100, "avatar": "https://seccdn.libravatar.org/avatar/8cba34b3793397cca75782c70d6a4c3af6fc4c8e7d502fad36609e3b4b4670f9?s=24&d=retro", "openid": "taskotron.id.stg.fedoraproject.org", "groups": [{"name": ""}]}}, {"karma": 0, "karma_critpath": 0, "text": "This update is currently being pushed to the Fedora 21 testing updates repository.", "timestamp": "2015-02-14 03:19:41", "update_id": 4026, "user_id": 91, "id": 28417, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update is currently being pushed to the Fedora 21 testing updates repository.", "timestamp": "2015-02-14 03:30:55", "update_id": 4026, "user_id": 91, "id": 28418, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to testing", "timestamp": "2015-02-15 03:22:16", "update_id": 4026, "user_id": 91, "id": 28419, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 1, "karma_critpath": 0, "text": "works fine for me", "timestamp": "2015-02-15 15:01:19", "update_id": 4026, "user_id": 311, "id": 28420, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "flo", "email": "dev@der-flo.net", "id": 311, "avatar": "https://seccdn.libravatar.org/avatar/4b8991775229a7c27881d7038768f146db11d09d1cd0f07d78fd882a276936c8?s=24&d=retro", "openid": "flo.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}, {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2015-02-15 15:09:51", "update_id": 4026, "user_id": 750, "id": 28421, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "yograterol", "email": null, "id": 750, "avatar": "https://seccdn.libravatar.org/avatar/37a8eec1ce19687d132fe29051dca629d164e2c4958ba141d5f4133a33f0688f?s=24&d=retro", "openid": "yograterol.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has reached the stable karma threshold and will be pushed to the stable updates repository", "timestamp": "2015-02-15 15:09:55", "update_id": 4026, "user_id": 91, "id": 28422, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "Taskotron: upgradepath test PASSED on noarch. Result log:\nhttps://taskotron.fedoraproject.org/taskmaster//builders/x86_64/builds/37517/steps/runtask/logs/stdio\n(results are informative only)", "timestamp": "2015-02-15 15:18:29", "update_id": 4026, "user_id": 100, "id": 28423, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "taskotron", "email": "taskotron@fedoraproject.org", "id": 100, "avatar": "https://seccdn.libravatar.org/avatar/8cba34b3793397cca75782c70d6a4c3af6fc4c8e7d502fad36609e3b4b4670f9?s=24&d=retro", "openid": "taskotron.id.stg.fedoraproject.org", "groups": [{"name": ""}]}}, {"karma": 0, "karma_critpath": 0, "text": "This update is currently being pushed to the Fedora 21 stable updates repository.", "timestamp": "2015-02-15 17:22:19", "update_id": 4026, "user_id": 91, "id": 28424, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to stable", "timestamp": "2015-02-16 03:25:51", "update_id": 4026, "user_id": 91, "id": 28425, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}], "builds": [{"nvr": "unzip-6.0-20.fc21", "signed": true, "release_id": null, "type": "rpm", "epoch": null}], "bugs": [{"bug_id": 1174844, "title": "CVE-2014-8139 unzip: CRC32 verification heap-based buffer overread (oCERT-2014-011)", "security": true, "parent": true, "feedback": []}, {"bug_id": 1174851, "title": "CVE-2014-8140 unzip: out-of-bounds write issue in test_compr_eb() (oCERT-2014-011)", "security": true, "parent": true, "feedback": []}, {"bug_id": 1174856, "title": "CVE-2014-8141 unzip: getZip64Data() out-of-bounds read issues (oCERT-2014-011)", "security": true, "parent": true, "feedback": []}, {"bug_id": 1184985, "title": "CVE-2014-9636 unzip: out-of-bounds read/write in test_compr_eb() in extract.c", "security": true, "parent": true, "feedback": []}, {"bug_id": 1184986, "title": "CVE-2014-9636 unzip: out-of-bounds read/write in test_compr_eb() in extract.c [fedora-all]", "security": true, "parent": false, "feedback": []}, {"bug_id": 1191118, "title": "CVE-2014-8139 CVE-2014-8141 CVE-2014-8140 unzip: various flaws [fedora-all]", "security": true, "parent": false, "feedback": []}, {"bug_id": 1191136, "title": "unzip: buffer overflows on long compression factors and methods", "security": false, "parent": false, "feedback": []}], "updateid": "FEDORA-2015-2035", "karma": 3, "content_type": "rpm", "test_cases": []}, "can_edit": false, "ci_allowed": false}