{"update": {"autokarma": true, "autotime": false, "stable_karma": 1, "stable_days": 0, "unstable_karma": -3, "require_bugs": false, "require_testcases": false, "display_name": "", "notes": "Update to 5.2.24: fixes XSS vulnerability CVE-2017-11503.", "type": "security", "status": "stable", "request": null, "severity": "unspecified", "suggest": "unspecified", "locked": false, "pushed": true, "critpath": false, "critpath_groups": null, "close_bugs": true, "date_submitted": "2017-07-27 12:21:42", "date_modified": null, "date_approved": null, "date_testing": "2017-07-27 21:56:50", "date_stable": "2017-08-04 13:51:16", "alias": "FEDORA-2017-ab55648aa7", "test_gating_status": null, "from_tag": null, "date_pushed": "2017-08-04 13:51:16", "meets_testing_requirements": false, "url": "https://bodhi.stg.fedoraproject.org/updates/FEDORA-2017-ab55648aa7", "title": "php-PHPMailer-5.2.24-1.fc26", "version_hash": "fbde31bac200d93457e9b1f376e06c8f0faac230", "release": {"name": "F26", "long_name": "Fedora 26", "version": "26", "id_prefix": "FEDORA", "branch": "f26", "dist_tag": "f26", "stable_tag": "f26-updates", "testing_tag": "f26-updates-testing", "candidate_tag": "f26-updates-candidate", "pending_signing_tag": "f26-signing-pending", "pending_testing_tag": "f26-updates-testing-pending", "pending_stable_tag": "f26-updates-pending", "override_tag": "f26-override", "mail_template": "fedora_errata_template", "state": "archived", "composed_by_bodhi": true, "create_automatic_updates": null, "package_manager": "dnf", "testing_repository": "updates-testing", "released_on": null, "eol": null, "critpath_mandatory_days_in_testing": 14, "mandatory_days_in_testing": 7, "critpath_min_karma": 2, "min_karma": 1, "setting_status": null}, "user": {"name": "monnerat", "email": "patrick@monnerat.net", "id": 1154, "avatar": "https://seccdn.libravatar.org/avatar/84108d4c3cb2ee3294a7fe13790a72539be917f80a6a324425a9f12a8c6ea996?s=24&d=retro", "openid": "monnerat.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}, "comments": [{"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for testing by monnerat. ", "timestamp": "2017-07-27 12:21:42", "update_id": 93189, "user_id": 91, "id": 640256, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to testing.", "timestamp": "2017-07-28 01:53:44", "update_id": 93189, "user_id": 91, "id": 640553, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes", "timestamp": "2017-08-04 00:01:23", "update_id": 93189, "user_id": 91, "id": 643379, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for stable by monnerat. ", "timestamp": "2017-08-04 07:30:57", "update_id": 93189, "user_id": 91, "id": 643469, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to stable.", "timestamp": "2017-08-04 16:53:34", "update_id": 93189, "user_id": 91, "id": 643606, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}], "builds": [{"nvr": "php-PHPMailer-5.2.24-1.fc26", "signed": true, "release_id": 16, "type": "rpm", "epoch": 0}], "bugs": [{"bug_id": 1474418, "title": "CVE-2017-11503 php-PHPMailer: phpmailer: XSS in code_generator.php [fedora-all]", "security": true, "parent": false, "feedback": [{"karma": 0, "comment_id": 640285, "bug_id": 1474418, "comment": {"karma": 0, "karma_critpath": 0, "text": "Thanks for the patch! Since You seem to be in the know: the release notes state 'There was also an undisclosed potential XSS vulnerability in the default exception handler (unused by default)'...does this mean the default exception handler is not used by default? Is 'default exception handler' just a name here?", "timestamp": "2017-07-27 14:24:10", "update_id": 93191, "user_id": 207, "id": 640285, "testcase_feedback": [], "user": {"name": "anonymous", "email": null, "id": 207, "avatar": "https://seccdn.libravatar.org/avatar/37a8eec1ce19687d132fe29051dca629d164e2c4958ba141d5f4133a33f0688f?s=24&d=retro", "openid": "anonymous.id.stg.fedoraproject.org", "groups": []}}}, {"karma": 0, "comment_id": 640286, "bug_id": 1474418, "comment": {"karma": 0, "karma_critpath": 0, "text": "As I am only the packager for Fedora, please contact upstream for security-related questions.\n... and please login and leave karma here if you are happy with the release. Thank you!", "timestamp": "2017-07-27 14:30:44", "update_id": 93191, "user_id": 1154, "id": 640286, "testcase_feedback": [], "user": {"name": "monnerat", "email": "patrick@monnerat.net", "id": 1154, "avatar": "https://seccdn.libravatar.org/avatar/84108d4c3cb2ee3294a7fe13790a72539be917f80a6a324425a9f12a8c6ea996?s=24&d=retro", "openid": "monnerat.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}}, {"karma": 0, "comment_id": 640291, "bug_id": 1474418, "comment": {"karma": 0, "karma_critpath": 0, "text": "\"Thanks for the patch!\" was referring to the patch for both XSS issues someone with a name similar to Yours submitted to PHPMailer, sorry for the confusion. Can't really test Fedora environments. The question was meant to be a more general one and I chose the wrong means of communication. Cheers!", "timestamp": "2017-07-27 14:50:59", "update_id": 93191, "user_id": 207, "id": 640291, "testcase_feedback": [], "user": {"name": "anonymous", "email": null, "id": 207, "avatar": "https://seccdn.libravatar.org/avatar/37a8eec1ce19687d132fe29051dca629d164e2c4958ba141d5f4133a33f0688f?s=24&d=retro", "openid": "anonymous.id.stg.fedoraproject.org", "groups": []}}}, {"karma": 1, "comment_id": 640609, "bug_id": 1474418, "comment": {"karma": 1, "karma_critpath": 0, "text": "Thank for patch. ", "timestamp": "2017-07-28 06:41:10", "update_id": 93191, "user_id": 3716, "id": 640609, "testcase_feedback": [], "user": {"name": "robbinespu", "email": "robbinespu@gmail.com", "id": 3716, "avatar": "https://seccdn.libravatar.org/avatar/258ee83644c338ff784dc1a06130c8c9bcef5629c743a1c71eaab418026b80ba?s=24&d=retro", "openid": "robbinespu.id.stg.fedoraproject.org", "groups": []}}}, {"karma": 1, "comment_id": 641993, "bug_id": 1474418, "comment": {"karma": 1, "karma_critpath": 0, "text": "LGTM", "timestamp": "2017-08-01 02:52:18", "update_id": 93190, "user_id": 3716, "id": 641993, "testcase_feedback": [], "user": {"name": "robbinespu", "email": "robbinespu@gmail.com", "id": 3716, "avatar": "https://seccdn.libravatar.org/avatar/258ee83644c338ff784dc1a06130c8c9bcef5629c743a1c71eaab418026b80ba?s=24&d=retro", "openid": "robbinespu.id.stg.fedoraproject.org", "groups": []}}}]}], "updateid": "FEDORA-2017-ab55648aa7", "karma": 0, "content_type": "rpm", "test_cases": []}, "can_edit": false, "ci_allowed": false}