{"update": {"autokarma": true, "autotime": false, "stable_karma": 3, "stable_days": 0, "unstable_karma": -3, "require_bugs": true, "require_testcases": true, "display_name": "", "notes": "- CVE-2017-1000083: Evince command injection vulnerability in CBT handler (#1468488)", "type": "security", "status": "stable", "request": null, "severity": "unspecified", "suggest": "unspecified", "locked": false, "pushed": true, "critpath": false, "critpath_groups": null, "close_bugs": true, "date_submitted": "2017-07-13 12:30:39", "date_modified": null, "date_approved": null, "date_testing": "2017-07-13 19:21:34", "date_stable": "2017-08-03 13:40:32", "alias": "FEDORA-2017-06c1422db8", "test_gating_status": null, "from_tag": null, "date_pushed": "2017-08-03 13:40:32", "meets_testing_requirements": false, "url": "https://bodhi.stg.fedoraproject.org/updates/FEDORA-2017-06c1422db8", "title": "evince-3.20.1-3.fc24", "version_hash": "5e038e6005b59fa1ed13b892d1a8149bfd913f30", "release": {"name": "F24", "long_name": "Fedora 24", "version": "24", "id_prefix": "FEDORA", "branch": "f24", "dist_tag": "f24", "stable_tag": "f24-updates", "testing_tag": "f24-updates-testing", "candidate_tag": "f24-updates-candidate", "pending_signing_tag": "f24-signing-pending", "pending_testing_tag": "f24-updates-testing-pending", "pending_stable_tag": "f24-updates-pending", "override_tag": "f24-override", "mail_template": "fedora_errata_template", "state": "archived", "composed_by_bodhi": true, "create_automatic_updates": null, "package_manager": "dnf", "testing_repository": "updates-testing", "released_on": null, "eol": null, "critpath_mandatory_days_in_testing": 14, "mandatory_days_in_testing": 7, "critpath_min_karma": 2, "min_karma": 1, "setting_status": null}, "user": {"name": "hadess", "email": "bnocera@redhat.com", "id": 983, "avatar": "https://seccdn.libravatar.org/avatar/a2ca62422c0d280286261094e5bb98c14b69ef28df72212f79f351d43f5b860c?s=24&d=retro", "openid": "hadess.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "provenpackager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "gitspin-kickstarts"}, {"name": "cla_redhat"}, {"name": "trust admins"}]}, "comments": [{"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for testing by hadess. ", "timestamp": "2017-07-13 12:30:39", "update_id": 92251, "user_id": 91, "id": 634567, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to testing.", "timestamp": "2017-07-13 21:22:05", "update_id": 92251, "user_id": 91, "id": 634761, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 1, "karma_critpath": 0, "text": "works fine for me in a VM", "timestamp": "2017-07-14 06:22:51", "update_id": 92251, "user_id": 739, "id": 634923, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "cserpentis", "email": "cserpentis@gmail.com", "id": 739, "avatar": "https://seccdn.libravatar.org/avatar/a3febfef42f58ed535f3c3a3cf9743653cd774dbb6e4554e2ce7c847d9802b6c?s=24&d=retro", "openid": "cserpentis.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "trust admins"}]}}, {"karma": 1, "karma_critpath": 0, "text": "no regressions noted", "timestamp": "2017-07-16 16:41:04", "update_id": 92251, "user_id": 124, "id": 635757, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "filiperosset", "email": "rosset.filipe@gmail.com", "id": 124, "avatar": "https://seccdn.libravatar.org/avatar/f4394b8fb4c9a99c4b534dc724912fe75a5b87fe15048985ece8388c2441d0ca?s=24&d=retro", "openid": "filiperosset.id.stg.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "packager"}, {"name": "provenpackager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "l10n"}, {"name": "cvsl10n"}, {"name": "fedora-br"}, {"name": "trust admins"}]}}, {"karma": 0, "karma_critpath": 0, "text": "This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes", "timestamp": "2017-07-21 00:01:07", "update_id": 92251, "user_id": 91, "id": 637752, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 1, "karma_critpath": 0, "text": "LGTM", "timestamp": "2017-08-03 03:06:21", "update_id": 92251, "user_id": 3716, "id": 643052, "bug_feedback": [{"karma": 1, "comment_id": 643052, "bug_id": 1468488, "bug": {"bug_id": 1468488, "title": "CVE-2017-1000083 evince: command injection via filename in tar-compressed comics archive", "security": true, "parent": true}}], "testcase_feedback": [{"karma": 1, "comment_id": 643052, "testcase_id": 176, "testcase": {"name": "QA:Testcase evince file display", "id": 176}}], "user": {"name": "robbinespu", "email": "robbinespu@gmail.com", "id": 3716, "avatar": "https://seccdn.libravatar.org/avatar/258ee83644c338ff784dc1a06130c8c9bcef5629c743a1c71eaab418026b80ba?s=24&d=retro", "openid": "robbinespu.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for stable by bodhi. ", "timestamp": "2017-08-03 03:06:23", "update_id": 92251, "user_id": 91, "id": 643053, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 1, "karma_critpath": 0, "text": "LGTM", "timestamp": "2017-08-03 03:07:08", "update_id": 92251, "user_id": 3716, "id": 643055, "bug_feedback": [{"karma": 0, "comment_id": 643055, "bug_id": 1468488, "bug": {"bug_id": 1468488, "title": "CVE-2017-1000083 evince: command injection via filename in tar-compressed comics archive", "security": true, "parent": true}}], "testcase_feedback": [{"karma": 1, "comment_id": 643055, "testcase_id": 176, "testcase": {"name": "QA:Testcase evince file display", "id": 176}}], "user": {"name": "robbinespu", "email": "robbinespu@gmail.com", "id": 3716, "avatar": "https://seccdn.libravatar.org/avatar/258ee83644c338ff784dc1a06130c8c9bcef5629c743a1c71eaab418026b80ba?s=24&d=retro", "openid": "robbinespu.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to stable.", "timestamp": "2017-08-03 18:48:48", "update_id": 92251, "user_id": 91, "id": 643276, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}], "builds": [{"nvr": "evince-3.20.1-3.fc24", "signed": true, "release_id": 14, "type": "rpm", "epoch": 0}], "bugs": [{"bug_id": 1468488, "title": "CVE-2017-1000083 evince: command injection via filename in tar-compressed comics archive", "security": true, "parent": true, "feedback": [{"karma": 0, "comment_id": 634800, "bug_id": 1468488, "comment": {"karma": 1, "karma_critpath": 0, "text": "No regressions noted.", "timestamp": "2017-07-13 22:31:14", "update_id": 92250, "user_id": 194, "id": 634800, "testcase_feedback": [{"karma": 1, "comment_id": 634800, "testcase_id": 176, "testcase": {"name": "QA:Testcase evince file display", "id": 176}}], "user": {"name": "dhgutteridge", "email": "dhgutteridge@hotmail.com", "id": 194, "avatar": "https://seccdn.libravatar.org/avatar/95e7a46aa03707373935111628c2b387339f570b9175d20455a53fd00acafbcb?s=24&d=retro", "openid": "dhgutteridge.id.stg.fedoraproject.org", "groups": [{"name": "ipausers"}]}}}, {"karma": 0, "comment_id": 634922, "bug_id": 1468488, "comment": {"karma": 1, "karma_critpath": 0, "text": "works", "timestamp": "2017-07-14 06:17:58", "update_id": 92252, "user_id": 307, "id": 634922, "testcase_feedback": [{"karma": 0, "comment_id": 634922, "testcase_id": 176, "testcase": {"name": "QA:Testcase evince file display", "id": 176}}], "user": {"name": "lnie", "email": "lnie@redhat.com", "id": 307, "avatar": "https://seccdn.libravatar.org/avatar/acbe3c6c54b2d720727e6819b615121b75b25d6bfc69f245d4dcf4921bf32ec7?s=24&d=retro", "openid": "lnie.id.stg.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "trust admins"}]}}}, {"karma": 1, "comment_id": 643052, "bug_id": 1468488, "comment": {"karma": 1, "karma_critpath": 0, "text": "LGTM", "timestamp": "2017-08-03 03:06:21", "update_id": 92251, "user_id": 3716, "id": 643052, "testcase_feedback": [{"karma": 1, "comment_id": 643052, "testcase_id": 176, "testcase": {"name": "QA:Testcase evince file display", "id": 176}}], "user": {"name": "robbinespu", "email": "robbinespu@gmail.com", "id": 3716, "avatar": "https://seccdn.libravatar.org/avatar/258ee83644c338ff784dc1a06130c8c9bcef5629c743a1c71eaab418026b80ba?s=24&d=retro", "openid": "robbinespu.id.stg.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 643055, "bug_id": 1468488, "comment": {"karma": 1, "karma_critpath": 0, "text": "LGTM", "timestamp": "2017-08-03 03:07:08", "update_id": 92251, "user_id": 3716, "id": 643055, "testcase_feedback": [{"karma": 1, "comment_id": 643055, "testcase_id": 176, "testcase": {"name": "QA:Testcase evince file display", "id": 176}}], "user": {"name": "robbinespu", "email": "robbinespu@gmail.com", "id": 3716, "avatar": "https://seccdn.libravatar.org/avatar/258ee83644c338ff784dc1a06130c8c9bcef5629c743a1c71eaab418026b80ba?s=24&d=retro", "openid": "robbinespu.id.stg.fedoraproject.org", "groups": []}}}]}], "updateid": "FEDORA-2017-06c1422db8", "karma": 3, "content_type": "rpm", "test_cases": [{"name": "QA:Testcase evince file display", "id": 176}]}, "can_edit": false, "ci_allowed": false}