{"update": {"autokarma": true, "autotime": true, "stable_karma": 3, "stable_days": 7, "unstable_karma": -3, "require_bugs": true, "require_testcases": true, "display_name": "", "notes": "Security fix for CVE-2021-3602\n\n", "type": "security", "status": "stable", "request": null, "severity": "medium", "suggest": "unspecified", "locked": false, "pushed": true, "critpath": false, "critpath_groups": null, "close_bugs": true, "date_submitted": "2021-07-16 19:08:51", "date_modified": "2021-07-23 14:13:45", "date_approved": null, "date_testing": "2021-07-24 01:24:46", "date_stable": "2021-08-02 01:06:02", "alias": "FEDORA-2021-112557d2c5", "test_gating_status": "passed", "from_tag": null, "date_pushed": "2021-08-02 01:06:02", "meets_testing_requirements": true, "url": "https://bodhi.stg.fedoraproject.org/updates/FEDORA-2021-112557d2c5", "title": "buildah-1.21.4-4.fc33", "version_hash": "7c9b26d8f4e681aa494fc85ee0a9de8480573f34", "release": {"name": "F33", "long_name": "Fedora 33", "version": "33", "id_prefix": "FEDORA", "branch": "f33", "dist_tag": "f33", "stable_tag": "f33-updates", "testing_tag": "f33-updates-testing", "candidate_tag": "f33-updates-candidate", "pending_signing_tag": "f33-signing-pending", "pending_testing_tag": "f33-updates-testing-pending", "pending_stable_tag": "f33-updates-pending", "override_tag": "f33-override", "mail_template": "fedora_errata_template", "state": "archived", "composed_by_bodhi": true, "create_automatic_updates": false, "package_manager": "dnf", "testing_repository": "updates-testing", "released_on": null, "eol": null, "critpath_mandatory_days_in_testing": 14, "mandatory_days_in_testing": 7, "critpath_min_karma": 2, "min_karma": 1, "setting_status": null}, "user": {"name": "lsm5", "email": "lsm5@redhat.com", "id": 228, "avatar": "https://seccdn.libravatar.org/avatar/05bd0d0810e225c716eba3290a5596c557d1ea3e4e2b0cf0de8e62a925927b5c?s=24&d=retro", "openid": "lsm5.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "container-sig"}]}, "comments": [{"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for testing by lsm5. ", "timestamp": "2021-07-16 19:08:51", "update_id": 323439, "user_id": 91, "id": 2119948, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'failed'.", "timestamp": "2021-07-16 19:08:52", "update_id": 323439, "user_id": 91, "id": 2119949, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'waiting'.", "timestamp": "2021-07-16 19:08:52", "update_id": 323439, "user_id": 91, "id": 2119950, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "lsm5 edited this update.", "timestamp": "2021-07-16 19:09:23", "update_id": 323439, "user_id": 91, "id": 2119951, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'failed'.", "timestamp": "2021-07-16 19:09:23", "update_id": 323439, "user_id": 91, "id": 2119952, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "lsm5 edited this update.", "timestamp": "2021-07-16 19:09:51", "update_id": 323439, "user_id": 91, "id": 2119953, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to testing.", "timestamp": "2021-07-17 01:12:15", "update_id": 323439, "user_id": 91, "id": 2120291, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "lsm5 edited this update.\n\nNew build(s):\n\n- buildah-1.21.4-4.fc33\n\nRemoved build(s):\n\n- buildah-1.21.3-1.fc33\n\nKarma has been reset.", "timestamp": "2021-07-23 14:13:44", "update_id": 323439, "user_id": 91, "id": 2126905, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for testing by lsm5. ", "timestamp": "2021-07-23 14:13:44", "update_id": 323439, "user_id": 91, "id": 2126906, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "@santiago already blessed this build yesterday on chat. Setting karma to +3 only.", "timestamp": "2021-07-23 14:14:11", "update_id": 323439, "user_id": 228, "id": 2126907, "bug_feedback": [{"karma": 0, "comment_id": 2126907, "bug_id": 1969264, "bug": {"bug_id": 1969264, "title": "CVE-2021-3602 buildah: Host environment variables leaked in build container when using chroot isolation", "security": true, "parent": true}}, {"karma": 0, "comment_id": 2126907, "bug_id": 1982880, "bug": {"bug_id": 1982880, "title": "CVE-2021-3602 buildah: Host environment variables leaked in build container when using chroot isolation [fedora-all]", "security": true, "parent": false}}], "testcase_feedback": [], "user": {"name": "lsm5", "email": "lsm5@redhat.com", "id": 228, "avatar": "https://seccdn.libravatar.org/avatar/05bd0d0810e225c716eba3290a5596c557d1ea3e4e2b0cf0de8e62a925927b5c?s=24&d=retro", "openid": "lsm5.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "container-sig"}]}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to testing.", "timestamp": "2021-07-24 01:25:11", "update_id": 323439, "user_id": 91, "id": 2127575, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'passed'.", "timestamp": "2021-07-24 01:56:14", "update_id": 323439, "user_id": 91, "id": 2127634, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for stable by bodhi. ", "timestamp": "2021-07-31 01:26:27", "update_id": 323439, "user_id": 91, "id": 2148529, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to stable.", "timestamp": "2021-08-02 01:06:44", "update_id": 323439, "user_id": 91, "id": 2150777, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}], "builds": [{"nvr": "buildah-1.21.4-4.fc33", "signed": true, "release_id": 40, "type": "rpm", "epoch": 0}], "bugs": [{"bug_id": 1969264, "title": "CVE-2021-3602 buildah: Host environment variables leaked in build container when using chroot isolation", "security": true, "parent": true, "feedback": [{"karma": 0, "comment_id": 2126904, "bug_id": 1969264, "comment": {"karma": 0, "karma_critpath": 0, "text": "@santiago already gave us his +1 on chat yesterday, So setting karma to +3 only.", "timestamp": "2021-07-23 14:03:57", "update_id": 320638, "user_id": 228, "id": 2126904, "testcase_feedback": [], "user": {"name": "lsm5", "email": "lsm5@redhat.com", "id": 228, "avatar": "https://seccdn.libravatar.org/avatar/05bd0d0810e225c716eba3290a5596c557d1ea3e4e2b0cf0de8e62a925927b5c?s=24&d=retro", "openid": "lsm5.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "container-sig"}]}}}, {"karma": 0, "comment_id": 2126907, "bug_id": 1969264, "comment": {"karma": 0, "karma_critpath": 0, "text": "@santiago already blessed this build yesterday on chat. Setting karma to +3 only.", "timestamp": "2021-07-23 14:14:11", "update_id": 323439, "user_id": 228, "id": 2126907, "testcase_feedback": [], "user": {"name": "lsm5", "email": "lsm5@redhat.com", "id": 228, "avatar": "https://seccdn.libravatar.org/avatar/05bd0d0810e225c716eba3290a5596c557d1ea3e4e2b0cf0de8e62a925927b5c?s=24&d=retro", "openid": "lsm5.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "container-sig"}]}}}, {"karma": 0, "comment_id": 2125448, "bug_id": 1969264, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-07-22 03:32:19", "update_id": 323457, "user_id": 6535, "id": 2125448, "testcase_feedback": [], "user": {"name": "t0xic0der", "email": "akashdeep.dhar@gmail.com", "id": 6535, "avatar": "https://seccdn.libravatar.org/avatar/e412343841597e2fb1e952dd2b1077fc95537604ce04a27c5bfb94bdb0dc3da8?s=24&d=retro", "openid": "t0xic0der.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "fi-apprentice"}, {"name": "sysadmin"}, {"name": "sysadmin-openshift"}, {"name": "fedorabugs"}, {"name": "websites-apps-admin"}, {"name": "ipausers"}, {"name": "web"}, {"name": "sysadmin-web"}, {"name": "signed_fpca"}, {"name": "fedora-join"}, {"name": "websites-apps"}, {"name": "sysadmin-mote"}, {"name": "fedora-contributor"}, {"name": "sysadmin-noc"}, {"name": "websites-apps-cms"}, {"name": "council"}, {"name": "sysadmin-badges"}, {"name": "community-blog"}, {"name": "communishift-gitlabce"}, {"name": "infra-sig"}]}}}, {"karma": 0, "comment_id": 2125805, "bug_id": 1969264, "comment": {"karma": -1, "karma_critpath": 0, "text": "Has anyone tried rootless? Everything fails for me, even `podman version`:\n```\nError: failed to get new shm lock manager: failed to create 2048 locks in /libpod_rootless_lock_1001: permission denied\n```", "timestamp": "2021-07-22 16:57:45", "update_id": 323457, "user_id": 3407, "id": 2125805, "testcase_feedback": [], "user": {"name": "santiago", "email": "santiago@redhat.com", "id": 3407, "avatar": "https://seccdn.libravatar.org/avatar/ea76e06d92bea441997ae5b01983859fcee775de243c13c2efb1731b6f444328?s=24&d=retro", "openid": "santiago.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "container-sig"}, {"name": "gitrpmgrill"}, {"name": "trust admins"}]}}}, {"karma": 0, "comment_id": 2125887, "bug_id": 1969264, "comment": {"karma": 1, "karma_critpath": 0, "text": "Previous comment (shm lock manager) was due to a broken system, with `/dev/shm` not mounted and mode 700. After a reboot, tests pass cleanly. LGTM.", "timestamp": "2021-07-22 18:30:44", "update_id": 323457, "user_id": 3407, "id": 2125887, "testcase_feedback": [], "user": {"name": "santiago", "email": "santiago@redhat.com", "id": 3407, "avatar": "https://seccdn.libravatar.org/avatar/ea76e06d92bea441997ae5b01983859fcee775de243c13c2efb1731b6f444328?s=24&d=retro", "openid": "santiago.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "container-sig"}, {"name": "gitrpmgrill"}, {"name": "trust admins"}]}}}, {"karma": 0, "comment_id": 2126029, "bug_id": 1969264, "comment": {"karma": 1, "karma_critpath": 0, "text": "LGTM - all tests passing, including podman. Current failures in this bodhi are the RELRO flake", "timestamp": "2021-07-22 21:59:48", "update_id": 311512, "user_id": 3407, "id": 2126029, "testcase_feedback": [], "user": {"name": "santiago", "email": "santiago@redhat.com", "id": 3407, "avatar": "https://seccdn.libravatar.org/avatar/ea76e06d92bea441997ae5b01983859fcee775de243c13c2efb1731b6f444328?s=24&d=retro", "openid": "santiago.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "container-sig"}, {"name": "gitrpmgrill"}, {"name": "trust admins"}]}}}, {"karma": 1, "comment_id": 2126109, "bug_id": 1969264, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-07-22 23:04:14", "update_id": 311512, "user_id": 534, "id": 2126109, "testcase_feedback": [], "user": {"name": "ngompa", "email": "ngompa13@gmail.com", "id": 534, "avatar": "https://seccdn.libravatar.org/avatar/78eb5545c77d95a891c05cb362dfc4525c92e5398a7645c5bd23e126784d44a9?s=24&d=retro", "openid": "ngompa.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "python-sig"}, {"name": "provenpackager"}, {"name": "kde-sig"}, {"name": "communishift"}, {"name": "kaizen"}, {"name": "respins-sig"}, {"name": "fedorabugs"}, {"name": "ipausers"}, {"name": "sig-hyperscale"}, {"name": "epel-packagers-sig"}, {"name": "fedora-contributor"}, {"name": "python-packagers-sig"}, {"name": "signed_fpca"}, {"name": "centosproject-email-aliases"}, {"name": "caddy"}, {"name": "fesco"}, {"name": "sig-extras"}, {"name": "go-sig"}, {"name": "rust-sig"}, {"name": "gitlab-centos-sig-hyperscale"}, {"name": "sig-altimages"}, {"name": "ocp-cico-hyperscale"}, {"name": "asahi-sig"}, {"name": "lxqt-sig"}, {"name": "sig-docs"}, {"name": "discourse-experiments"}, {"name": "multimedia-sig"}, {"name": "discussion-mods-asahi"}, {"name": "asahi-sig-admin"}, {"name": "cloud-sig"}, {"name": "pantheon-sig"}, {"name": "gitlab-centos-sig-altimages"}, {"name": "btrfs-sig"}, {"name": "budgie-sig"}, {"name": "miracle-sig"}, {"name": "mkdocs-sig"}, {"name": "metrics-sig"}, {"name": "cosmic-sig"}, {"name": "ocp-cico-pagure"}, {"name": "xr-sig"}]}}}, {"karma": 0, "comment_id": 2120864, "bug_id": 1969264, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-07-17 18:49:15", "update_id": 323457, "user_id": 892, "id": 2120864, "testcase_feedback": [], "user": {"name": "vtrefny", "email": "vtrefny@redhat.com", "id": 892, "avatar": "https://seccdn.libravatar.org/avatar/95ac5aea9a3286a9c62547143dc353f378557eed37f6ea8ebe9b5eacb57d32fe?s=24&d=retro", "openid": "vtrefny.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "gitanaconda"}, {"name": "storage_apis"}]}}}, {"karma": 0, "comment_id": 2126107, "bug_id": 1969264, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-07-22 23:01:41", "update_id": 311512, "user_id": 3717, "id": 2126107, "testcase_feedback": [], "user": {"name": "carlwgeorge", "email": "carl@redhat.com", "id": 3717, "avatar": "https://seccdn.libravatar.org/avatar/016a5f3568d521d40c077bd1f06aa5b9eab60232808db00b9e3488bbb7477299?s=24&d=retro", "openid": "carlwgeorge.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "python-sig"}, {"name": "infra-sig"}, {"name": "provenpackager"}, {"name": "sysadmin-web"}, {"name": "epel-packagers-sig"}, {"name": "fedorabugs"}, {"name": "centosproject-email-aliases"}, {"name": "fedora-contributor"}, {"name": "caddy"}, {"name": "ipausers"}, {"name": "centos-rcm"}, {"name": "qa_users"}, {"name": "signed_fpca"}, {"name": "go-sig"}, {"name": "centos-git-admins"}, {"name": "bodhiadmin"}, {"name": "sysadmin-releng"}]}}}]}, {"bug_id": 1982880, "title": "CVE-2021-3602 buildah: Host environment variables leaked in build container when using chroot isolation [fedora-all]", "security": true, "parent": false, "feedback": [{"karma": 0, "comment_id": 2126904, "bug_id": 1982880, "comment": {"karma": 0, "karma_critpath": 0, "text": "@santiago already gave us his +1 on chat yesterday, So setting karma to +3 only.", "timestamp": "2021-07-23 14:03:57", "update_id": 320638, "user_id": 228, "id": 2126904, "testcase_feedback": [], "user": {"name": "lsm5", "email": "lsm5@redhat.com", "id": 228, "avatar": "https://seccdn.libravatar.org/avatar/05bd0d0810e225c716eba3290a5596c557d1ea3e4e2b0cf0de8e62a925927b5c?s=24&d=retro", "openid": "lsm5.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "container-sig"}]}}}, {"karma": 0, "comment_id": 2126907, "bug_id": 1982880, "comment": {"karma": 0, "karma_critpath": 0, "text": "@santiago already blessed this build yesterday on chat. Setting karma to +3 only.", "timestamp": "2021-07-23 14:14:11", "update_id": 323439, "user_id": 228, "id": 2126907, "testcase_feedback": [], "user": {"name": "lsm5", "email": "lsm5@redhat.com", "id": 228, "avatar": "https://seccdn.libravatar.org/avatar/05bd0d0810e225c716eba3290a5596c557d1ea3e4e2b0cf0de8e62a925927b5c?s=24&d=retro", "openid": "lsm5.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "container-sig"}]}}}]}], "updateid": "FEDORA-2021-112557d2c5", "karma": 0, "content_type": "rpm", "test_cases": []}, "can_edit": false, "ci_allowed": false}