{"update": {"autokarma": true, "autotime": false, "stable_karma": 3, "stable_days": 0, "unstable_karma": -3, "require_bugs": true, "require_testcases": true, "display_name": "", "notes": "qemu-kvm: Directory traversal flaw in 9p virtio backend [CVE-2016-7116]\nqemu: hw: net: Heap overflow in xlnx.xps-ethernetlite [CVE-2016-7161]\nCR0.TS and CR0.EM not always honored for x86 HVM guest [XSA-190, CVE-2016-7777]\n\n----\n\nupdate to 4.5.5", "type": "security", "status": "stable", "request": null, "severity": "unspecified", "suggest": "unspecified", "locked": false, "pushed": true, "critpath": false, "critpath_groups": null, "close_bugs": true, "date_submitted": "2016-10-04 21:45:07", "date_modified": null, "date_approved": null, "date_testing": "2016-10-05 08:54:54", "date_stable": "2016-10-13 17:12:25", "alias": "FEDORA-2016-689f240960", "test_gating_status": null, "from_tag": null, "date_pushed": "2016-10-13 17:12:25", "meets_testing_requirements": false, "url": "https://bodhi.stg.fedoraproject.org/updates/FEDORA-2016-689f240960", "title": "xen-4.5.5-2.fc23", "version_hash": "3a66d27b9121f9480fe92ab3f69532326bca584a", "release": {"name": "F23", "long_name": "Fedora 23", "version": "23", "id_prefix": "FEDORA", "branch": "f23", "dist_tag": "f23", "stable_tag": "f23-updates", "testing_tag": "f23-updates-testing", "candidate_tag": "f23-updates-candidate", "pending_signing_tag": "f23-signing-pending", "pending_testing_tag": "f23-updates-testing-pending", "pending_stable_tag": "f23-updates-pending", "override_tag": "f23-override", "mail_template": "fedora_errata_template", "state": "archived", "composed_by_bodhi": true, "create_automatic_updates": null, "package_manager": "dnf", "testing_repository": "updates-testing", "released_on": null, "eol": null, "critpath_mandatory_days_in_testing": 14, "mandatory_days_in_testing": 7, "critpath_min_karma": 2, "min_karma": 1, "setting_status": null}, "user": {"name": "myoung", "email": "m.a.young@durham.ac.uk", "id": 129, "avatar": "https://seccdn.libravatar.org/avatar/cafef3050bdaacd4f890e9dfb2c45ae779cd95d6f836095f281368927146a63a?s=24&d=retro", "openid": "myoung.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}, "comments": [{"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for testing by myoung. ", "timestamp": "2016-10-04 21:45:07", "update_id": 69607, "user_id": 91, "id": 500734, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has obsoleted [xen-4.5.5-1.fc23](https://bodhi.fedoraproject.org/updates/FEDORA-2016-58042b73f9), and has inherited its bugs and notes.", "timestamp": "2016-10-04 21:45:13", "update_id": 69607, "user_id": 91, "id": 500736, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to testing.", "timestamp": "2016-10-05 10:22:50", "update_id": 69607, "user_id": 91, "id": 501087, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "", "timestamp": "2016-10-05 14:37:49", "update_id": 69607, "user_id": 697, "id": 501320, "bug_feedback": [{"karma": 0, "comment_id": 501320, "bug_id": 1371400, "bug": {"bug_id": 1371400, "title": "CVE-2016-7116 xen: qemu-kvm: Directory traversal flaw in 9p virtio backend [fedora-all]", "security": true, "parent": false}}, {"karma": 0, "comment_id": 501320, "bug_id": 1379299, "bug": {"bug_id": 1379299, "title": "CVE-2016-7161 xen: qemu: hw: net: Heap overflow in xlnx.xps-ethernetlite [fedora-all]", "security": true, "parent": false}}, {"karma": 0, "comment_id": 501320, "bug_id": 1381576, "bug": {"bug_id": 1381576, "title": "CVE-2016-7777 xsa190 xen: CR0.TS and CR0.EM not always honored for x86 HVM guests (XSA-190) [fedora-all]", "security": true, "parent": false}}, {"karma": 0, "comment_id": 501320, "bug_id": 1346349, "bug": {"bug_id": 1346349, "title": "CVE-2016-7116 Qemu: 9p: directory traversal flaw in 9p virtio backend", "security": true, "parent": true}}, {"karma": 0, "comment_id": 501320, "bug_id": 1379297, "bug": {"bug_id": 1379297, "title": "CVE-2016-7161 qemu: hw: net: Heap overflow in xlnx.xps-ethernetlite", "security": true, "parent": true}}, {"karma": 0, "comment_id": 501320, "bug_id": 1377789, "bug": {"bug_id": 1377789, "title": "CVE-2016-7777 xsa190 xen: CR0.TS and CR0.EM not always honored for x86 HVM guests (XSA-190)", "security": true, "parent": true}}], "testcase_feedback": [], "user": {"name": "zvetlik", "email": "zsvetlik@redhat.com", "id": 697, "avatar": "https://seccdn.libravatar.org/avatar/f07ed417023fdfed1428791eeb6ed133e77e7c69462cb1b79758238da9e36d70?s=24&d=retro", "openid": "zvetlik.id.stg.fedoraproject.org", "groups": [{"name": "nodejs-sig"}, {"name": "packager"}]}}, {"karma": 0, "karma_critpath": 0, "text": "This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes", "timestamp": "2016-10-12 12:00:26", "update_id": 69607, "user_id": 91, "id": 506050, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for stable by myoung. ", "timestamp": "2016-10-12 19:20:29", "update_id": 69607, "user_id": 91, "id": 506290, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to stable.", "timestamp": "2016-10-14 01:20:56", "update_id": 69607, "user_id": 91, "id": 506952, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}], "builds": [{"nvr": "xen-4.5.5-2.fc23", "signed": true, "release_id": 11, "type": "rpm", "epoch": 0}], "bugs": [{"bug_id": 1346349, "title": "CVE-2016-7116 Qemu: 9p: directory traversal flaw in 9p virtio backend", "security": true, "parent": true, "feedback": [{"karma": 0, "comment_id": 501320, "bug_id": 1346349, "comment": {"karma": 0, "karma_critpath": 0, "text": "", "timestamp": "2016-10-05 14:37:49", "update_id": 69607, "user_id": 697, "id": 501320, "testcase_feedback": [], "user": {"name": "zvetlik", "email": "zsvetlik@redhat.com", "id": 697, "avatar": "https://seccdn.libravatar.org/avatar/f07ed417023fdfed1428791eeb6ed133e77e7c69462cb1b79758238da9e36d70?s=24&d=retro", "openid": "zvetlik.id.stg.fedoraproject.org", "groups": [{"name": "nodejs-sig"}, {"name": "packager"}]}}}, {"karma": 0, "comment_id": 506710, "bug_id": 1346349, "comment": {"karma": 1, "karma_critpath": 0, "text": "wfm :)", "timestamp": "2016-10-13 09:17:49", "update_id": 69604, "user_id": 440, "id": 506710, "testcase_feedback": [], "user": {"name": "fale", "email": "me@fale.io", "id": 440, "avatar": "https://seccdn.libravatar.org/avatar/e3eac0d38d6162513a21a31c7d1651cb4f7372f14a99e0005d4dac348c9eff39?s=24&d=retro", "openid": "fale.id.stg.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "fesco"}, {"name": "go-sig"}, {"name": "marketing"}, {"name": "fol-staff"}, {"name": "sway-sig"}]}}}]}, {"bug_id": 1371400, "title": "CVE-2016-7116 xen: qemu-kvm: Directory traversal flaw in 9p virtio backend [fedora-all]", "security": true, "parent": false, "feedback": [{"karma": 0, "comment_id": 501320, "bug_id": 1371400, "comment": {"karma": 0, "karma_critpath": 0, "text": "", "timestamp": "2016-10-05 14:37:49", "update_id": 69607, "user_id": 697, "id": 501320, "testcase_feedback": [], "user": {"name": "zvetlik", "email": "zsvetlik@redhat.com", "id": 697, "avatar": "https://seccdn.libravatar.org/avatar/f07ed417023fdfed1428791eeb6ed133e77e7c69462cb1b79758238da9e36d70?s=24&d=retro", "openid": "zvetlik.id.stg.fedoraproject.org", "groups": [{"name": "nodejs-sig"}, {"name": "packager"}]}}}, {"karma": 0, "comment_id": 506710, "bug_id": 1371400, "comment": {"karma": 1, "karma_critpath": 0, "text": "wfm :)", "timestamp": "2016-10-13 09:17:49", "update_id": 69604, "user_id": 440, "id": 506710, "testcase_feedback": [], "user": {"name": "fale", "email": "me@fale.io", "id": 440, "avatar": "https://seccdn.libravatar.org/avatar/e3eac0d38d6162513a21a31c7d1651cb4f7372f14a99e0005d4dac348c9eff39?s=24&d=retro", "openid": "fale.id.stg.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "fesco"}, {"name": "go-sig"}, {"name": "marketing"}, {"name": "fol-staff"}, {"name": "sway-sig"}]}}}]}, {"bug_id": 1377789, "title": "CVE-2016-7777 xsa190 xen: CR0.TS and CR0.EM not always honored for x86 HVM guests (XSA-190)", "security": true, "parent": true, "feedback": [{"karma": 0, "comment_id": 501320, "bug_id": 1377789, "comment": {"karma": 0, "karma_critpath": 0, "text": "", "timestamp": "2016-10-05 14:37:49", "update_id": 69607, "user_id": 697, "id": 501320, "testcase_feedback": [], "user": {"name": "zvetlik", "email": "zsvetlik@redhat.com", "id": 697, "avatar": "https://seccdn.libravatar.org/avatar/f07ed417023fdfed1428791eeb6ed133e77e7c69462cb1b79758238da9e36d70?s=24&d=retro", "openid": "zvetlik.id.stg.fedoraproject.org", "groups": [{"name": "nodejs-sig"}, {"name": "packager"}]}}}, {"karma": 0, "comment_id": 506710, "bug_id": 1377789, "comment": {"karma": 1, "karma_critpath": 0, "text": "wfm :)", "timestamp": "2016-10-13 09:17:49", "update_id": 69604, "user_id": 440, "id": 506710, "testcase_feedback": [], "user": {"name": "fale", "email": "me@fale.io", "id": 440, "avatar": "https://seccdn.libravatar.org/avatar/e3eac0d38d6162513a21a31c7d1651cb4f7372f14a99e0005d4dac348c9eff39?s=24&d=retro", "openid": "fale.id.stg.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "fesco"}, {"name": "go-sig"}, {"name": "marketing"}, {"name": "fol-staff"}, {"name": "sway-sig"}]}}}]}, {"bug_id": 1379297, "title": "CVE-2016-7161 qemu: hw: net: Heap overflow in xlnx.xps-ethernetlite", "security": true, "parent": true, "feedback": [{"karma": 0, "comment_id": 508194, "bug_id": 1379297, "comment": {"karma": 1, "karma_critpath": 0, "text": "No regressions noted. (Includes use of various USB and vmware_vga.)", "timestamp": "2016-10-16 22:00:32", "update_id": 70593, "user_id": 194, "id": 508194, "testcase_feedback": [], "user": {"name": "dhgutteridge", "email": "dhgutteridge@hotmail.com", "id": 194, "avatar": "https://seccdn.libravatar.org/avatar/95e7a46aa03707373935111628c2b387339f570b9175d20455a53fd00acafbcb?s=24&d=retro", "openid": "dhgutteridge.id.stg.fedoraproject.org", "groups": [{"name": "ipausers"}]}}}, {"karma": 0, "comment_id": 508251, "bug_id": 1379297, "comment": {"karma": 0, "karma_critpath": 0, "text": "\n\nOn trying to install using dnf, I got:\n\nError: package qemu-user-static-2:2.6.2-2.fc24.x86_64 conflicts with qemu-user-binfmt provided by qemu-user-binfmt-2:2.6.2-2.fc24.x86_64\n\nBoth these were download by bodhi!!!!", "timestamp": "2016-10-17 03:14:40", "update_id": 70593, "user_id": 3140, "id": 508251, "testcase_feedback": [], "user": {"name": "nivag", "email": "gavinflower@archidevsys.co.nz", "id": 3140, "avatar": "https://seccdn.libravatar.org/avatar/3b2cadf03ed7eee77776f33fd54d79c59d4d52a1ff91562d2b334680c274347b?s=24&d=retro", "openid": "nivag.id.stg.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 501320, "bug_id": 1379297, "comment": {"karma": 0, "karma_critpath": 0, "text": "", "timestamp": "2016-10-05 14:37:49", "update_id": 69607, "user_id": 697, "id": 501320, "testcase_feedback": [], "user": {"name": "zvetlik", "email": "zsvetlik@redhat.com", "id": 697, "avatar": "https://seccdn.libravatar.org/avatar/f07ed417023fdfed1428791eeb6ed133e77e7c69462cb1b79758238da9e36d70?s=24&d=retro", "openid": "zvetlik.id.stg.fedoraproject.org", "groups": [{"name": "nodejs-sig"}, {"name": "packager"}]}}}, {"karma": 0, "comment_id": 506710, "bug_id": 1379297, "comment": {"karma": 1, "karma_critpath": 0, "text": "wfm :)", "timestamp": "2016-10-13 09:17:49", "update_id": 69604, "user_id": 440, "id": 506710, "testcase_feedback": [], "user": {"name": "fale", "email": "me@fale.io", "id": 440, "avatar": "https://seccdn.libravatar.org/avatar/e3eac0d38d6162513a21a31c7d1651cb4f7372f14a99e0005d4dac348c9eff39?s=24&d=retro", "openid": "fale.id.stg.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "fesco"}, {"name": "go-sig"}, {"name": "marketing"}, {"name": "fol-staff"}, {"name": "sway-sig"}]}}}]}, {"bug_id": 1379299, "title": "CVE-2016-7161 xen: qemu: hw: net: Heap overflow in xlnx.xps-ethernetlite [fedora-all]", "security": true, "parent": false, "feedback": [{"karma": 0, "comment_id": 501320, "bug_id": 1379299, "comment": {"karma": 0, "karma_critpath": 0, "text": "", "timestamp": "2016-10-05 14:37:49", "update_id": 69607, "user_id": 697, "id": 501320, "testcase_feedback": [], "user": {"name": "zvetlik", "email": "zsvetlik@redhat.com", "id": 697, "avatar": "https://seccdn.libravatar.org/avatar/f07ed417023fdfed1428791eeb6ed133e77e7c69462cb1b79758238da9e36d70?s=24&d=retro", "openid": "zvetlik.id.stg.fedoraproject.org", "groups": [{"name": "nodejs-sig"}, {"name": "packager"}]}}}, {"karma": 0, "comment_id": 506710, "bug_id": 1379299, "comment": {"karma": 1, "karma_critpath": 0, "text": "wfm :)", "timestamp": "2016-10-13 09:17:49", "update_id": 69604, "user_id": 440, "id": 506710, "testcase_feedback": [], "user": {"name": "fale", "email": "me@fale.io", "id": 440, "avatar": "https://seccdn.libravatar.org/avatar/e3eac0d38d6162513a21a31c7d1651cb4f7372f14a99e0005d4dac348c9eff39?s=24&d=retro", "openid": "fale.id.stg.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "fesco"}, {"name": "go-sig"}, {"name": "marketing"}, {"name": "fol-staff"}, {"name": "sway-sig"}]}}}]}, {"bug_id": 1381576, "title": "CVE-2016-7777 xsa190 xen: CR0.TS and CR0.EM not always honored for x86 HVM guests (XSA-190) [fedora-all]", "security": true, "parent": false, "feedback": [{"karma": 0, "comment_id": 501320, "bug_id": 1381576, "comment": {"karma": 0, "karma_critpath": 0, "text": "", "timestamp": "2016-10-05 14:37:49", "update_id": 69607, "user_id": 697, "id": 501320, "testcase_feedback": [], "user": {"name": "zvetlik", "email": "zsvetlik@redhat.com", "id": 697, "avatar": "https://seccdn.libravatar.org/avatar/f07ed417023fdfed1428791eeb6ed133e77e7c69462cb1b79758238da9e36d70?s=24&d=retro", "openid": "zvetlik.id.stg.fedoraproject.org", "groups": [{"name": "nodejs-sig"}, {"name": "packager"}]}}}, {"karma": 0, "comment_id": 506710, "bug_id": 1381576, "comment": {"karma": 1, "karma_critpath": 0, "text": "wfm :)", "timestamp": "2016-10-13 09:17:49", "update_id": 69604, "user_id": 440, "id": 506710, "testcase_feedback": [], "user": {"name": "fale", "email": "me@fale.io", "id": 440, "avatar": "https://seccdn.libravatar.org/avatar/e3eac0d38d6162513a21a31c7d1651cb4f7372f14a99e0005d4dac348c9eff39?s=24&d=retro", "openid": "fale.id.stg.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "fesco"}, {"name": "go-sig"}, {"name": "marketing"}, {"name": "fol-staff"}, {"name": "sway-sig"}]}}}]}], "updateid": "FEDORA-2016-689f240960", "karma": 0, "content_type": "rpm", "test_cases": []}, "can_edit": false, "ci_allowed": false}