{"update": {"autokarma": true, "autotime": true, "stable_karma": 3, "stable_days": 7, "unstable_karma": -3, "require_bugs": true, "require_testcases": true, "display_name": "", "notes": "- version update to 2.4.50\n- security update (CVE-2021-41524 + CVE-2021-33193)", "type": "security", "status": "stable", "request": null, "severity": "high", "suggest": "unspecified", "locked": false, "pushed": true, "critpath": false, "critpath_groups": null, "close_bugs": true, "date_submitted": "2021-10-05 18:31:28", "date_modified": null, "date_approved": null, "date_testing": "2021-10-06 17:13:06", "date_stable": "2021-10-07 17:17:56", "alias": "FEDORA-2021-5d2d4b6ac5", "test_gating_status": "passed", "from_tag": null, "date_pushed": "2021-10-07 17:17:56", "meets_testing_requirements": true, "url": "https://bodhi.stg.fedoraproject.org/updates/FEDORA-2021-5d2d4b6ac5", "title": "httpd-2.4.50-1.fc34", "version_hash": "d9ca2bc8a9d2e5eeba408ab20d3ab7b3a0882b83", "release": {"name": "F34", "long_name": "Fedora 34", "version": "34", "id_prefix": "FEDORA", "branch": "f34", "dist_tag": "f34", "stable_tag": "f34-updates", "testing_tag": "f34-updates-testing", "candidate_tag": "f34-updates-candidate", "pending_signing_tag": "f34-signing-pending", "pending_testing_tag": "f34-updates-testing-pending", "pending_stable_tag": "f34-updates-pending", "override_tag": "f34-override", "mail_template": "fedora_errata_template", "state": "archived", "composed_by_bodhi": true, "create_automatic_updates": false, "package_manager": "dnf", "testing_repository": "updates-testing", "released_on": null, "eol": null, "critpath_mandatory_days_in_testing": 14, "mandatory_days_in_testing": 7, "critpath_min_karma": 2, "min_karma": 1, "setting_status": null}, "user": {"name": "luhliarik", "email": "luhliari@redhat.com", "id": 959, "avatar": "https://seccdn.libravatar.org/avatar/8e63b107c1a61890dc2700ceb13a4fe83ebea194ae95cb89e656c660349e961d?s=24&d=retro", "openid": "luhliarik.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "modularity-wg"}, {"name": "trust admins"}]}, "comments": [{"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for testing by luhliarik. ", "timestamp": "2021-10-05 18:31:29", "update_id": 346021, "user_id": 91, "id": 2235469, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'ignored'.", "timestamp": "2021-10-05 18:31:29", "update_id": 346021, "user_id": 91, "id": 2235470, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'waiting'.", "timestamp": "2021-10-05 18:31:29", "update_id": 346021, "user_id": 91, "id": 2235471, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'ignored'.", "timestamp": "2021-10-05 19:13:02", "update_id": 346021, "user_id": 91, "id": 2235532, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 1, "karma_critpath": 0, "text": "Applied to my Nextcloud server and verified that it all seems to basically be working including http/2 and a mod_proxy service.", "timestamp": "2021-10-05 23:00:02", "update_id": 346021, "user_id": 1286, "id": 2235764, "bug_feedback": [{"karma": 1, "comment_id": 2235764, "bug_id": 1996514, "bug": {"bug_id": 1996514, "title": "CVE-2021-33193 httpd: Request splitting via HTTP/2 method injection and mod_proxy [fedora-all]", "security": true, "parent": false}}, {"karma": 1, "comment_id": 2235764, "bug_id": 2010554, "bug": {"bug_id": 2010554, "title": "httpd-2.4.50 is available", "security": false, "parent": false}}, {"karma": 1, "comment_id": 2235764, "bug_id": 2010935, "bug": {"bug_id": 2010935, "title": "CVE-2021-41524 httpd: NULL pointer dereference via crafted request during HTTP/2 request processing [fedora-all]", "security": true, "parent": false}}], "testcase_feedback": [{"karma": 0, "comment_id": 2235764, "testcase_id": 233, "testcase": {"name": "QA:Testcase HTTPd", "id": 233}}], "user": {"name": "vwbusguy", "email": "vwfoxguru@gmail.com", "id": 1286, "avatar": "https://seccdn.libravatar.org/avatar/f60c57abb6d6c4b8ab3b8e7e8def7497e7b0482ec461d5394b44f0313b19a410?s=24&d=retro", "openid": "vwbusguy.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "irc-support-operators"}, {"name": "ask-fedora"}]}}, {"karma": 0, "karma_critpath": 0, "text": "FYI, this update also seems to address CVE-2021-41773 : https://bugzilla.redhat.com/show_bug.cgi?id=2010758", "timestamp": "2021-10-05 23:26:33", "update_id": 346021, "user_id": 1286, "id": 2235794, "bug_feedback": [{"karma": 0, "comment_id": 2235794, "bug_id": 1996514, "bug": {"bug_id": 1996514, "title": "CVE-2021-33193 httpd: Request splitting via HTTP/2 method injection and mod_proxy [fedora-all]", "security": true, "parent": false}}, {"karma": 0, "comment_id": 2235794, "bug_id": 2010554, "bug": {"bug_id": 2010554, "title": "httpd-2.4.50 is available", "security": false, "parent": false}}, {"karma": 0, "comment_id": 2235794, "bug_id": 2010935, "bug": {"bug_id": 2010935, "title": "CVE-2021-41524 httpd: NULL pointer dereference via crafted request during HTTP/2 request processing [fedora-all]", "security": true, "parent": false}}], "testcase_feedback": [{"karma": 0, "comment_id": 2235794, "testcase_id": 233, "testcase": {"name": "QA:Testcase HTTPd", "id": 233}}], "user": {"name": "vwbusguy", "email": "vwfoxguru@gmail.com", "id": 1286, "avatar": "https://seccdn.libravatar.org/avatar/f60c57abb6d6c4b8ab3b8e7e8def7497e7b0482ec461d5394b44f0313b19a410?s=24&d=retro", "openid": "vwbusguy.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "irc-support-operators"}, {"name": "ask-fedora"}]}}, {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-10-06 01:13:03", "update_id": 346021, "user_id": 2935, "id": 2235821, "bug_feedback": [{"karma": 0, "comment_id": 2235821, "bug_id": 2010935, "bug": {"bug_id": 2010935, "title": "CVE-2021-41524 httpd: NULL pointer dereference via crafted request during HTTP/2 request processing [fedora-all]", "security": true, "parent": false}}, {"karma": 0, "comment_id": 2235821, "bug_id": 1996514, "bug": {"bug_id": 1996514, "title": "CVE-2021-33193 httpd: Request splitting via HTTP/2 method injection and mod_proxy [fedora-all]", "security": true, "parent": false}}, {"karma": 0, "comment_id": 2235821, "bug_id": 2010554, "bug": {"bug_id": 2010554, "title": "httpd-2.4.50 is available", "security": false, "parent": false}}], "testcase_feedback": [{"karma": 0, "comment_id": 2235821, "testcase_id": 233, "testcase": {"name": "QA:Testcase HTTPd", "id": 233}}], "user": {"name": "imabug", "email": "eugenemah@gmail.com", "id": 2935, "avatar": "https://seccdn.libravatar.org/avatar/ea8ba927783ee0ef10e6f05f14791abf925972bac4f31aba458058d3e7907a6d?s=24&d=retro", "openid": "imabug.id.stg.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedora-hams"}, {"name": "trust admins"}]}}, {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-10-06 17:10:24", "update_id": 346021, "user_id": 3953, "id": 2237059, "bug_feedback": [{"karma": 0, "comment_id": 2237059, "bug_id": 1996514, "bug": {"bug_id": 1996514, "title": "CVE-2021-33193 httpd: Request splitting via HTTP/2 method injection and mod_proxy [fedora-all]", "security": true, "parent": false}}, {"karma": 0, "comment_id": 2237059, "bug_id": 2010554, "bug": {"bug_id": 2010554, "title": "httpd-2.4.50 is available", "security": false, "parent": false}}, {"karma": 0, "comment_id": 2237059, "bug_id": 2010935, "bug": {"bug_id": 2010935, "title": "CVE-2021-41524 httpd: NULL pointer dereference via crafted request during HTTP/2 request processing [fedora-all]", "security": true, "parent": false}}], "testcase_feedback": [{"karma": 0, "comment_id": 2237059, "testcase_id": 233, "testcase": {"name": "QA:Testcase HTTPd", "id": 233}}], "user": {"name": "ibims", "email": "m-teuber@gmx.de", "id": 3953, "avatar": "https://seccdn.libravatar.org/avatar/2db5e031827484f8d98c8db3ffcd574f223ccacd5cfbe5e5a50aba30a469feb1?s=24&d=retro", "openid": "ibims.id.stg.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}, {"name": "trust admins"}]}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to testing.", "timestamp": "2021-10-06 17:14:40", "update_id": 346021, "user_id": 91, "id": 2237070, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for stable by bodhi. ", "timestamp": "2021-10-06 17:14:46", "update_id": 346021, "user_id": 91, "id": 2237102, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'passed'.", "timestamp": "2021-10-06 18:00:03", "update_id": 346021, "user_id": 91, "id": 2237340, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 1, "karma_critpath": 0, "text": "Worked for me on 5 systems.", "timestamp": "2021-10-07 02:52:03", "update_id": 346021, "user_id": 459, "id": 2240204, "bug_feedback": [{"karma": 0, "comment_id": 2240204, "bug_id": 1996514, "bug": {"bug_id": 1996514, "title": "CVE-2021-33193 httpd: Request splitting via HTTP/2 method injection and mod_proxy [fedora-all]", "security": true, "parent": false}}, {"karma": 0, "comment_id": 2240204, "bug_id": 2010554, "bug": {"bug_id": 2010554, "title": "httpd-2.4.50 is available", "security": false, "parent": false}}, {"karma": 0, "comment_id": 2240204, "bug_id": 2010935, "bug": {"bug_id": 2010935, "title": "CVE-2021-41524 httpd: NULL pointer dereference via crafted request during HTTP/2 request processing [fedora-all]", "security": true, "parent": false}}], "testcase_feedback": [{"karma": 0, "comment_id": 2240204, "testcase_id": 233, "testcase": {"name": "QA:Testcase HTTPd", "id": 233}}], "user": {"name": "dowdle", "email": "dowdle@montanalinux.org", "id": 459, "avatar": "https://seccdn.libravatar.org/avatar/97a93745adee34916591fbb630bc4bcaa595cd7213d56d4d0e8ae9f155d6c762?s=24&d=retro", "openid": "dowdle.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to stable.", "timestamp": "2021-10-07 17:18:43", "update_id": 346021, "user_id": 91, "id": 2241302, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}], "builds": [{"nvr": "httpd-2.4.50-1.fc34", "signed": true, "release_id": 47, "type": "rpm", "epoch": 0}], "bugs": [{"bug_id": 1996514, "title": "CVE-2021-33193 httpd: Request splitting via HTTP/2 method injection and mod_proxy [fedora-all]", "security": true, "parent": false, "feedback": [{"karma": 0, "comment_id": 2237059, "bug_id": 1996514, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-10-06 17:10:24", "update_id": 346021, "user_id": 3953, "id": 2237059, "testcase_feedback": [{"karma": 0, "comment_id": 2237059, "testcase_id": 233, "testcase": {"name": "QA:Testcase HTTPd", "id": 233}}], "user": {"name": "ibims", "email": "m-teuber@gmx.de", "id": 3953, "avatar": "https://seccdn.libravatar.org/avatar/2db5e031827484f8d98c8db3ffcd574f223ccacd5cfbe5e5a50aba30a469feb1?s=24&d=retro", "openid": "ibims.id.stg.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}, {"name": "trust admins"}]}}}, {"karma": 0, "comment_id": 2240204, "bug_id": 1996514, "comment": {"karma": 1, "karma_critpath": 0, "text": "Worked for me on 5 systems.", "timestamp": "2021-10-07 02:52:03", "update_id": 346021, "user_id": 459, "id": 2240204, "testcase_feedback": [{"karma": 0, "comment_id": 2240204, "testcase_id": 233, "testcase": {"name": "QA:Testcase HTTPd", "id": 233}}], "user": {"name": "dowdle", "email": "dowdle@montanalinux.org", "id": 459, "avatar": "https://seccdn.libravatar.org/avatar/97a93745adee34916591fbb630bc4bcaa595cd7213d56d4d0e8ae9f155d6c762?s=24&d=retro", "openid": "dowdle.id.stg.fedoraproject.org", "groups": []}}}, {"karma": -1, "comment_id": 2241938, "bug_id": 1996514, "comment": {"karma": -1, "karma_critpath": 0, "text": "2.4.50 has an incomplete Patch and IS NOT SHIPABLE\n\nF33 needs a Build for  2.4.51", "timestamp": "2021-10-08 08:04:40", "update_id": 346019, "user_id": 1579, "id": 2241938, "testcase_feedback": [{"karma": -1, "comment_id": 2241938, "testcase_id": 233, "testcase": {"name": "QA:Testcase HTTPd", "id": 233}}], "user": {"name": "rdtcustomercare", "email": "customercare@resellerdesktop.de", "id": 1579, "avatar": "https://seccdn.libravatar.org/avatar/b08adddfca04d990bbbe10aafb31bfe1ecdc600736da65574e208991c9090e35?s=24&d=retro", "openid": "rdtcustomercare.id.stg.fedoraproject.org", "groups": [{"name": "ipausers"}]}}}, {"karma": -1, "comment_id": 2241943, "bug_id": 1996514, "comment": {"karma": -1, "karma_critpath": 0, "text": "for security reasons this update has to be removed.\n\nhttps://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-42013", "timestamp": "2021-10-08 08:07:25", "update_id": 346019, "user_id": 6075, "id": 2241943, "testcase_feedback": [{"karma": -1, "comment_id": 2241943, "testcase_id": 233, "testcase": {"name": "QA:Testcase HTTPd", "id": 233}}], "user": {"name": "mschwarz", "email": "fedoradev@cloud-foo.de", "id": 6075, "avatar": "https://seccdn.libravatar.org/avatar/d88a780857fad21172a7d2369e92de8b422c86e967da3fc1d8677f1a10a2fc5b?s=24&d=retro", "openid": "mschwarz.id.stg.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}, {"name": "trust admins"}]}}}, {"karma": 1, "comment_id": 2235764, "bug_id": 1996514, "comment": {"karma": 1, "karma_critpath": 0, "text": "Applied to my Nextcloud server and verified that it all seems to basically be working including http/2 and a mod_proxy service.", "timestamp": "2021-10-05 23:00:02", "update_id": 346021, "user_id": 1286, "id": 2235764, "testcase_feedback": [{"karma": 0, "comment_id": 2235764, "testcase_id": 233, "testcase": {"name": "QA:Testcase HTTPd", "id": 233}}], "user": {"name": "vwbusguy", "email": "vwfoxguru@gmail.com", "id": 1286, "avatar": "https://seccdn.libravatar.org/avatar/f60c57abb6d6c4b8ab3b8e7e8def7497e7b0482ec461d5394b44f0313b19a410?s=24&d=retro", "openid": "vwbusguy.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "irc-support-operators"}, {"name": "ask-fedora"}]}}}, {"karma": 0, "comment_id": 2235794, "bug_id": 1996514, "comment": {"karma": 0, "karma_critpath": 0, "text": "FYI, this update also seems to address CVE-2021-41773 : https://bugzilla.redhat.com/show_bug.cgi?id=2010758", "timestamp": "2021-10-05 23:26:33", "update_id": 346021, "user_id": 1286, "id": 2235794, "testcase_feedback": [{"karma": 0, "comment_id": 2235794, "testcase_id": 233, "testcase": {"name": "QA:Testcase HTTPd", "id": 233}}], "user": {"name": "vwbusguy", "email": "vwfoxguru@gmail.com", "id": 1286, "avatar": "https://seccdn.libravatar.org/avatar/f60c57abb6d6c4b8ab3b8e7e8def7497e7b0482ec461d5394b44f0313b19a410?s=24&d=retro", "openid": "vwbusguy.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "irc-support-operators"}, {"name": "ask-fedora"}]}}}, {"karma": 0, "comment_id": 2235795, "bug_id": 1996514, "comment": {"karma": -1, "karma_critpath": 0, "text": "I don't believe this is installable. It changes httpd to require `system-logos(httpd-logo-ng)` instead of `system-logos-httpd`, but the fedora-logos package on Fedora 33 is too old to provide that. Current stable in F33 is [fedora-logos-30.0.2-5.fc33](https://koji.fedoraproject.org/koji/buildinfo?buildID=1550344), whose fedora-logos-httpd package only provides `fedora-logos-httpd` and `system-logos-httpd`, it does not provide `system-logos(httpd-logo-ng)`.\n\nThis is why the openQA tests fail. They actually work successfully, but then detect that the httpd from the update was not used, the older 2.4.48 build from the updates repository was used.", "timestamp": "2021-10-05 23:43:39", "update_id": 346019, "user_id": 302, "id": 2235795, "testcase_feedback": [{"karma": 0, "comment_id": 2235795, "testcase_id": 233, "testcase": {"name": "QA:Testcase HTTPd", "id": 233}}], "user": {"name": "adamwill", "email": "awilliam@redhat.com", "id": 302, "avatar": "https://seccdn.libravatar.org/avatar/51720fbb2ec5dfd2bc005ac374a3bfd3190cb8f45f3bb8d6bdf35fb6a051d03b?s=24&d=retro", "openid": "adamwill.id.stg.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "provenpackager"}, {"name": "packager"}, {"name": "qa-tools-sig"}, {"name": "fedora-contributor"}, {"name": "news"}, {"name": "gittriage"}, {"name": "sysadmin"}, {"name": "gitspin-kickstarts"}, {"name": "signed_fpca"}, {"name": "gitgeneric-release"}, {"name": "yak_farmers"}, {"name": "triagers"}, {"name": "qa"}, {"name": "sysadmin-qa"}, {"name": "fedorabugs"}, {"name": "ipausers"}, {"name": "gitmkinitrd"}, {"name": "qa-admin"}, {"name": "aws-qa"}, {"name": "change-wranglers"}, {"name": "fedora-ci-admins"}, {"name": "common-issues-triage"}, {"name": "sysadmin-main"}, {"name": "trust admins"}, {"name": "program-management"}, {"name": "gitfedora-project-schedule"}]}}}, {"karma": 0, "comment_id": 2235821, "bug_id": 1996514, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-10-06 01:13:03", "update_id": 346021, "user_id": 2935, "id": 2235821, "testcase_feedback": [{"karma": 0, "comment_id": 2235821, "testcase_id": 233, "testcase": {"name": "QA:Testcase HTTPd", "id": 233}}], "user": {"name": "imabug", "email": "eugenemah@gmail.com", "id": 2935, "avatar": "https://seccdn.libravatar.org/avatar/ea8ba927783ee0ef10e6f05f14791abf925972bac4f31aba458058d3e7907a6d?s=24&d=retro", "openid": "imabug.id.stg.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedora-hams"}, {"name": "trust admins"}]}}}]}, {"bug_id": 2010554, "title": "httpd-2.4.50 is available", "security": false, "parent": false, "feedback": [{"karma": 0, "comment_id": 2237059, "bug_id": 2010554, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-10-06 17:10:24", "update_id": 346021, "user_id": 3953, "id": 2237059, "testcase_feedback": [{"karma": 0, "comment_id": 2237059, "testcase_id": 233, "testcase": {"name": "QA:Testcase HTTPd", "id": 233}}], "user": {"name": "ibims", "email": "m-teuber@gmx.de", "id": 3953, "avatar": "https://seccdn.libravatar.org/avatar/2db5e031827484f8d98c8db3ffcd574f223ccacd5cfbe5e5a50aba30a469feb1?s=24&d=retro", "openid": "ibims.id.stg.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}, {"name": "trust admins"}]}}}, {"karma": 0, "comment_id": 2240204, "bug_id": 2010554, "comment": {"karma": 1, "karma_critpath": 0, "text": "Worked for me on 5 systems.", "timestamp": "2021-10-07 02:52:03", "update_id": 346021, "user_id": 459, "id": 2240204, "testcase_feedback": [{"karma": 0, "comment_id": 2240204, "testcase_id": 233, "testcase": {"name": "QA:Testcase HTTPd", "id": 233}}], "user": {"name": "dowdle", "email": "dowdle@montanalinux.org", "id": 459, "avatar": "https://seccdn.libravatar.org/avatar/97a93745adee34916591fbb630bc4bcaa595cd7213d56d4d0e8ae9f155d6c762?s=24&d=retro", "openid": "dowdle.id.stg.fedoraproject.org", "groups": []}}}, {"karma": -1, "comment_id": 2241938, "bug_id": 2010554, "comment": {"karma": -1, "karma_critpath": 0, "text": "2.4.50 has an incomplete Patch and IS NOT SHIPABLE\n\nF33 needs a Build for  2.4.51", "timestamp": "2021-10-08 08:04:40", "update_id": 346019, "user_id": 1579, "id": 2241938, "testcase_feedback": [{"karma": -1, "comment_id": 2241938, "testcase_id": 233, "testcase": {"name": "QA:Testcase HTTPd", "id": 233}}], "user": {"name": "rdtcustomercare", "email": "customercare@resellerdesktop.de", "id": 1579, "avatar": "https://seccdn.libravatar.org/avatar/b08adddfca04d990bbbe10aafb31bfe1ecdc600736da65574e208991c9090e35?s=24&d=retro", "openid": "rdtcustomercare.id.stg.fedoraproject.org", "groups": [{"name": "ipausers"}]}}}, {"karma": -1, "comment_id": 2241943, "bug_id": 2010554, "comment": {"karma": -1, "karma_critpath": 0, "text": "for security reasons this update has to be removed.\n\nhttps://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-42013", "timestamp": "2021-10-08 08:07:25", "update_id": 346019, "user_id": 6075, "id": 2241943, "testcase_feedback": [{"karma": -1, "comment_id": 2241943, "testcase_id": 233, "testcase": {"name": "QA:Testcase HTTPd", "id": 233}}], "user": {"name": "mschwarz", "email": "fedoradev@cloud-foo.de", "id": 6075, "avatar": "https://seccdn.libravatar.org/avatar/d88a780857fad21172a7d2369e92de8b422c86e967da3fc1d8677f1a10a2fc5b?s=24&d=retro", "openid": "mschwarz.id.stg.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}, {"name": "trust admins"}]}}}, {"karma": 1, "comment_id": 2235764, "bug_id": 2010554, "comment": {"karma": 1, "karma_critpath": 0, "text": "Applied to my Nextcloud server and verified that it all seems to basically be working including http/2 and a mod_proxy service.", "timestamp": "2021-10-05 23:00:02", "update_id": 346021, "user_id": 1286, "id": 2235764, "testcase_feedback": [{"karma": 0, "comment_id": 2235764, "testcase_id": 233, "testcase": {"name": "QA:Testcase HTTPd", "id": 233}}], "user": {"name": "vwbusguy", "email": "vwfoxguru@gmail.com", "id": 1286, "avatar": "https://seccdn.libravatar.org/avatar/f60c57abb6d6c4b8ab3b8e7e8def7497e7b0482ec461d5394b44f0313b19a410?s=24&d=retro", "openid": "vwbusguy.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "irc-support-operators"}, {"name": "ask-fedora"}]}}}, {"karma": 0, "comment_id": 2235794, "bug_id": 2010554, "comment": {"karma": 0, "karma_critpath": 0, "text": "FYI, this update also seems to address CVE-2021-41773 : https://bugzilla.redhat.com/show_bug.cgi?id=2010758", "timestamp": "2021-10-05 23:26:33", "update_id": 346021, "user_id": 1286, "id": 2235794, "testcase_feedback": [{"karma": 0, "comment_id": 2235794, "testcase_id": 233, "testcase": {"name": "QA:Testcase HTTPd", "id": 233}}], "user": {"name": "vwbusguy", "email": "vwfoxguru@gmail.com", "id": 1286, "avatar": "https://seccdn.libravatar.org/avatar/f60c57abb6d6c4b8ab3b8e7e8def7497e7b0482ec461d5394b44f0313b19a410?s=24&d=retro", "openid": "vwbusguy.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "irc-support-operators"}, {"name": "ask-fedora"}]}}}, {"karma": 0, "comment_id": 2235795, "bug_id": 2010554, "comment": {"karma": -1, "karma_critpath": 0, "text": "I don't believe this is installable. It changes httpd to require `system-logos(httpd-logo-ng)` instead of `system-logos-httpd`, but the fedora-logos package on Fedora 33 is too old to provide that. Current stable in F33 is [fedora-logos-30.0.2-5.fc33](https://koji.fedoraproject.org/koji/buildinfo?buildID=1550344), whose fedora-logos-httpd package only provides `fedora-logos-httpd` and `system-logos-httpd`, it does not provide `system-logos(httpd-logo-ng)`.\n\nThis is why the openQA tests fail. They actually work successfully, but then detect that the httpd from the update was not used, the older 2.4.48 build from the updates repository was used.", "timestamp": "2021-10-05 23:43:39", "update_id": 346019, "user_id": 302, "id": 2235795, "testcase_feedback": [{"karma": 0, "comment_id": 2235795, "testcase_id": 233, "testcase": {"name": "QA:Testcase HTTPd", "id": 233}}], "user": {"name": "adamwill", "email": "awilliam@redhat.com", "id": 302, "avatar": "https://seccdn.libravatar.org/avatar/51720fbb2ec5dfd2bc005ac374a3bfd3190cb8f45f3bb8d6bdf35fb6a051d03b?s=24&d=retro", "openid": "adamwill.id.stg.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "provenpackager"}, {"name": "packager"}, {"name": "qa-tools-sig"}, {"name": "fedora-contributor"}, {"name": "news"}, {"name": "gittriage"}, {"name": "sysadmin"}, {"name": "gitspin-kickstarts"}, {"name": "signed_fpca"}, {"name": "gitgeneric-release"}, {"name": "yak_farmers"}, {"name": "triagers"}, {"name": "qa"}, {"name": "sysadmin-qa"}, {"name": "fedorabugs"}, {"name": "ipausers"}, {"name": "gitmkinitrd"}, {"name": "qa-admin"}, {"name": "aws-qa"}, {"name": "change-wranglers"}, {"name": "fedora-ci-admins"}, {"name": "common-issues-triage"}, {"name": "sysadmin-main"}, {"name": "trust admins"}, {"name": "program-management"}, {"name": "gitfedora-project-schedule"}]}}}, {"karma": 0, "comment_id": 2235821, "bug_id": 2010554, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-10-06 01:13:03", "update_id": 346021, "user_id": 2935, "id": 2235821, "testcase_feedback": [{"karma": 0, "comment_id": 2235821, "testcase_id": 233, "testcase": {"name": "QA:Testcase HTTPd", "id": 233}}], "user": {"name": "imabug", "email": "eugenemah@gmail.com", "id": 2935, "avatar": "https://seccdn.libravatar.org/avatar/ea8ba927783ee0ef10e6f05f14791abf925972bac4f31aba458058d3e7907a6d?s=24&d=retro", "openid": "imabug.id.stg.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedora-hams"}, {"name": "trust admins"}]}}}]}, {"bug_id": 2010935, "title": "CVE-2021-41524 httpd: NULL pointer dereference via crafted request during HTTP/2 request processing [fedora-all]", "security": true, "parent": false, "feedback": [{"karma": 0, "comment_id": 2235821, "bug_id": 2010935, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-10-06 01:13:03", "update_id": 346021, "user_id": 2935, "id": 2235821, "testcase_feedback": [{"karma": 0, "comment_id": 2235821, "testcase_id": 233, "testcase": {"name": "QA:Testcase HTTPd", "id": 233}}], "user": {"name": "imabug", "email": "eugenemah@gmail.com", "id": 2935, "avatar": "https://seccdn.libravatar.org/avatar/ea8ba927783ee0ef10e6f05f14791abf925972bac4f31aba458058d3e7907a6d?s=24&d=retro", "openid": "imabug.id.stg.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedora-hams"}, {"name": "trust admins"}]}}}, {"karma": 0, "comment_id": 2237059, "bug_id": 2010935, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2021-10-06 17:10:24", "update_id": 346021, "user_id": 3953, "id": 2237059, "testcase_feedback": [{"karma": 0, "comment_id": 2237059, "testcase_id": 233, "testcase": {"name": "QA:Testcase HTTPd", "id": 233}}], "user": {"name": "ibims", "email": "m-teuber@gmx.de", "id": 3953, "avatar": "https://seccdn.libravatar.org/avatar/2db5e031827484f8d98c8db3ffcd574f223ccacd5cfbe5e5a50aba30a469feb1?s=24&d=retro", "openid": "ibims.id.stg.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}, {"name": "trust admins"}]}}}, {"karma": 0, "comment_id": 2240204, "bug_id": 2010935, "comment": {"karma": 1, "karma_critpath": 0, "text": "Worked for me on 5 systems.", "timestamp": "2021-10-07 02:52:03", "update_id": 346021, "user_id": 459, "id": 2240204, "testcase_feedback": [{"karma": 0, "comment_id": 2240204, "testcase_id": 233, "testcase": {"name": "QA:Testcase HTTPd", "id": 233}}], "user": {"name": "dowdle", "email": "dowdle@montanalinux.org", "id": 459, "avatar": "https://seccdn.libravatar.org/avatar/97a93745adee34916591fbb630bc4bcaa595cd7213d56d4d0e8ae9f155d6c762?s=24&d=retro", "openid": "dowdle.id.stg.fedoraproject.org", "groups": []}}}, {"karma": -1, "comment_id": 2241938, "bug_id": 2010935, "comment": {"karma": -1, "karma_critpath": 0, "text": "2.4.50 has an incomplete Patch and IS NOT SHIPABLE\n\nF33 needs a Build for  2.4.51", "timestamp": "2021-10-08 08:04:40", "update_id": 346019, "user_id": 1579, "id": 2241938, "testcase_feedback": [{"karma": -1, "comment_id": 2241938, "testcase_id": 233, "testcase": {"name": "QA:Testcase HTTPd", "id": 233}}], "user": {"name": "rdtcustomercare", "email": "customercare@resellerdesktop.de", "id": 1579, "avatar": "https://seccdn.libravatar.org/avatar/b08adddfca04d990bbbe10aafb31bfe1ecdc600736da65574e208991c9090e35?s=24&d=retro", "openid": "rdtcustomercare.id.stg.fedoraproject.org", "groups": [{"name": "ipausers"}]}}}, {"karma": -1, "comment_id": 2241943, "bug_id": 2010935, "comment": {"karma": -1, "karma_critpath": 0, "text": "for security reasons this update has to be removed.\n\nhttps://httpd.apache.org/security/vulnerabilities_24.html#CVE-2021-42013", "timestamp": "2021-10-08 08:07:25", "update_id": 346019, "user_id": 6075, "id": 2241943, "testcase_feedback": [{"karma": -1, "comment_id": 2241943, "testcase_id": 233, "testcase": {"name": "QA:Testcase HTTPd", "id": 233}}], "user": {"name": "mschwarz", "email": "fedoradev@cloud-foo.de", "id": 6075, "avatar": "https://seccdn.libravatar.org/avatar/d88a780857fad21172a7d2369e92de8b422c86e967da3fc1d8677f1a10a2fc5b?s=24&d=retro", "openid": "mschwarz.id.stg.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}, {"name": "trust admins"}]}}}, {"karma": 1, "comment_id": 2235764, "bug_id": 2010935, "comment": {"karma": 1, "karma_critpath": 0, "text": "Applied to my Nextcloud server and verified that it all seems to basically be working including http/2 and a mod_proxy service.", "timestamp": "2021-10-05 23:00:02", "update_id": 346021, "user_id": 1286, "id": 2235764, "testcase_feedback": [{"karma": 0, "comment_id": 2235764, "testcase_id": 233, "testcase": {"name": "QA:Testcase HTTPd", "id": 233}}], "user": {"name": "vwbusguy", "email": "vwfoxguru@gmail.com", "id": 1286, "avatar": "https://seccdn.libravatar.org/avatar/f60c57abb6d6c4b8ab3b8e7e8def7497e7b0482ec461d5394b44f0313b19a410?s=24&d=retro", "openid": "vwbusguy.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "irc-support-operators"}, {"name": "ask-fedora"}]}}}, {"karma": 0, "comment_id": 2235794, "bug_id": 2010935, "comment": {"karma": 0, "karma_critpath": 0, "text": "FYI, this update also seems to address CVE-2021-41773 : https://bugzilla.redhat.com/show_bug.cgi?id=2010758", "timestamp": "2021-10-05 23:26:33", "update_id": 346021, "user_id": 1286, "id": 2235794, "testcase_feedback": [{"karma": 0, "comment_id": 2235794, "testcase_id": 233, "testcase": {"name": "QA:Testcase HTTPd", "id": 233}}], "user": {"name": "vwbusguy", "email": "vwfoxguru@gmail.com", "id": 1286, "avatar": "https://seccdn.libravatar.org/avatar/f60c57abb6d6c4b8ab3b8e7e8def7497e7b0482ec461d5394b44f0313b19a410?s=24&d=retro", "openid": "vwbusguy.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "irc-support-operators"}, {"name": "ask-fedora"}]}}}, {"karma": 0, "comment_id": 2235795, "bug_id": 2010935, "comment": {"karma": -1, "karma_critpath": 0, "text": "I don't believe this is installable. It changes httpd to require `system-logos(httpd-logo-ng)` instead of `system-logos-httpd`, but the fedora-logos package on Fedora 33 is too old to provide that. Current stable in F33 is [fedora-logos-30.0.2-5.fc33](https://koji.fedoraproject.org/koji/buildinfo?buildID=1550344), whose fedora-logos-httpd package only provides `fedora-logos-httpd` and `system-logos-httpd`, it does not provide `system-logos(httpd-logo-ng)`.\n\nThis is why the openQA tests fail. They actually work successfully, but then detect that the httpd from the update was not used, the older 2.4.48 build from the updates repository was used.", "timestamp": "2021-10-05 23:43:39", "update_id": 346019, "user_id": 302, "id": 2235795, "testcase_feedback": [{"karma": 0, "comment_id": 2235795, "testcase_id": 233, "testcase": {"name": "QA:Testcase HTTPd", "id": 233}}], "user": {"name": "adamwill", "email": "awilliam@redhat.com", "id": 302, "avatar": "https://seccdn.libravatar.org/avatar/51720fbb2ec5dfd2bc005ac374a3bfd3190cb8f45f3bb8d6bdf35fb6a051d03b?s=24&d=retro", "openid": "adamwill.id.stg.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "provenpackager"}, {"name": "packager"}, {"name": "qa-tools-sig"}, {"name": "fedora-contributor"}, {"name": "news"}, {"name": "gittriage"}, {"name": "sysadmin"}, {"name": "gitspin-kickstarts"}, {"name": "signed_fpca"}, {"name": "gitgeneric-release"}, {"name": "yak_farmers"}, {"name": "triagers"}, {"name": "qa"}, {"name": "sysadmin-qa"}, {"name": "fedorabugs"}, {"name": "ipausers"}, {"name": "gitmkinitrd"}, {"name": "qa-admin"}, {"name": "aws-qa"}, {"name": "change-wranglers"}, {"name": "fedora-ci-admins"}, {"name": "common-issues-triage"}, {"name": "sysadmin-main"}, {"name": "trust admins"}, {"name": "program-management"}, {"name": "gitfedora-project-schedule"}]}}}]}], "updateid": "FEDORA-2021-5d2d4b6ac5", "karma": 4, "content_type": "rpm", "test_cases": [{"name": "QA:Testcase HTTPd", "id": 233}]}, "can_edit": false, "ci_allowed": false}