{"update": {"autokarma": false, "autotime": false, "stable_karma": 5, "stable_days": 14, "unstable_karma": -3, "require_bugs": true, "require_testcases": true, "display_name": "", "notes": "Security fix for **CVE-2022-34526**.", "type": "security", "status": "stable", "request": null, "severity": "medium", "suggest": "unspecified", "locked": false, "pushed": true, "critpath": true, "critpath_groups": null, "close_bugs": true, "date_submitted": "2022-08-01 08:33:44", "date_modified": null, "date_approved": null, "date_testing": "2022-08-02 01:15:05", "date_stable": "2022-08-06 01:52:03", "alias": "FEDORA-2022-83b9a5bf0f", "test_gating_status": "passed", "from_tag": null, "date_pushed": "2022-08-06 01:52:03", "meets_testing_requirements": true, "url": "https://bodhi.stg.fedoraproject.org/updates/FEDORA-2022-83b9a5bf0f", "title": "libtiff-4.4.0-4.fc36", "version_hash": "a095c4266cb98cca58b67814e5e712eace182e87", "release": {"name": "F36", "long_name": "Fedora 36", "version": "36", "id_prefix": "FEDORA", "branch": "f36", "dist_tag": "f36", "stable_tag": "f36-updates", "testing_tag": "f36-updates-testing", "candidate_tag": "f36-updates-candidate", "pending_signing_tag": "f36-signing-pending", "pending_testing_tag": "f36-updates-testing-pending", "pending_stable_tag": "f36-updates-pending", "override_tag": "f36-override", "mail_template": "fedora_errata_template", "state": "archived", "composed_by_bodhi": true, "create_automatic_updates": false, "package_manager": "dnf", "testing_repository": "updates-testing", "released_on": null, "eol": "2023-05-16", "critpath_mandatory_days_in_testing": 14, "mandatory_days_in_testing": 7, "critpath_min_karma": 2, "min_karma": 1, "setting_status": null}, "user": {"name": "nforro", "email": "nforro@redhat.com", "id": 970, "avatar": "https://seccdn.libravatar.org/avatar/c0a1b276101723475a0d713e0f2a26a75b86db21d698fd3be9aa83b0eab37e45?s=24&d=retro", "openid": "nforro.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}, "comments": [{"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for testing by nforro. ", "timestamp": "2022-08-01 08:33:45", "update_id": 436526, "user_id": 91, "id": 2662694, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'waiting'.", "timestamp": "2022-08-01 08:33:46", "update_id": 436526, "user_id": 91, "id": 2662695, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'failed'.", "timestamp": "2022-08-01 11:29:01", "update_id": 436526, "user_id": 91, "id": 2662835, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'passed'.", "timestamp": "2022-08-01 12:27:18", "update_id": 436526, "user_id": 91, "id": 2662900, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": -1, "karma_critpath": 0, "text": "Installation fails with this message\n\nDependencies resolved.\n\n Problem 1: problem with installed package libtiff-devel-4.4.0-2.fc36.x86_64\n  - package libtiff-devel-4.4.0-2.fc36.x86_64 requires libtiff(x86-64) = 4.4.0-2.fc36, but none of the providers can be installed\n  - cannot install both libtiff-4.4.0-4.fc36.x86_64 and libtiff-4.4.0-2.fc36.x86_64\n  - cannot install the best update candidate for package libtiff-4.4.0-2.fc36.x86_64\n Problem 2: problem with installed package vtk-mpich-devel-9.1.0-12.fc36.x86_64\n  - package vtk-mpich-devel-9.1.0-12.fc36.x86_64 requires libtiff-devel(x86-64), but none of the providers can be installed\n  - package libtiff-devel-4.4.0-2.fc36.x86_64 requires libtiff(x86-64) = 4.4.0-2.fc36, but none of the providers can be installed\n  - package libtiff-devel-4.3.0-6.fc36.x86_64 requires libtiff(x86-64) = 4.3.0-6.fc36, but none of the providers can be installed\n  - cannot install both libtiff-4.4.0-4.fc36.x86_64 and libtiff-4.4.0-2.fc36.x86_64\n  - cannot install both libtiff-4.4.0-4.fc36.x86_64 and libtiff-4.3.0-6.fc36.x86_64\n  - libtiff-4.4.0-4.fc36.i686 has inferior architecture\n  - cannot install the best update candidate for package libtiff-4.4.0-2.fc36.i686\n Problem 3: problem with installed package vtk-devel-9.1.0-12.fc36.x86_64\n  - package vtk-devel-9.1.0-12.fc36.x86_64 requires libtiff-devel(x86-64), but none of the providers can be installed\n  - package libtiff-devel-4.4.0-2.fc36.x86_64 requires libtiff(x86-64) = 4.4.0-2.fc36, but none of the providers can be installed\n  - package libtiff-devel-4.3.0-6.fc36.x86_64 requires libtiff(x86-64) = 4.3.0-6.fc36, but none of the providers can be installed\n  - cannot install both libtiff-4.4.0-4.fc36.x86_64 and libtiff-4.4.0-2.fc36.x86_64\n  - cannot install both libtiff-4.4.0-4.fc36.x86_64 and libtiff-4.3.0-6.fc36.x86_64\n  - package libtiff-tools-4.4.0-4.fc36.x86_64 requires libtiff(x86-64) = 4.4.0-4.fc36, but none of the providers can be installed\n  - cannot install the best update candidate for package libtiff-tools-4.4.0-2.fc36.x86_64", "timestamp": "2022-08-01 13:12:32", "update_id": 436526, "user_id": 6532, "id": 2663006, "bug_feedback": [{"karma": 0, "comment_id": 2663006, "bug_id": 2112760, "bug": {"bug_id": 2112760, "title": "CVE-2022-34526 libtiff: A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit [fedora-all]", "security": true, "parent": false}}], "testcase_feedback": [], "user": {"name": "tyrbiter", "email": "brian@fenrir.org.uk", "id": 6532, "avatar": "https://seccdn.libravatar.org/avatar/2a4c5b8b398d9ef9fdc5371c7cd74bb94df580391f5373b4c662d97d414c5405?s=24&d=retro", "openid": "tyrbiter.id.stg.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}, {"karma": 0, "karma_critpath": 0, "text": "@tyrbiter How did you install the update? AFAICT it's not in testing yet, if you installed it manually from Koji, did you install also libtiff-tools and libtiff-devel subpackages?", "timestamp": "2022-08-01 13:26:04", "update_id": 436526, "user_id": 970, "id": 2663017, "bug_feedback": [{"karma": 0, "comment_id": 2663017, "bug_id": 2112760, "bug": {"bug_id": 2112760, "title": "CVE-2022-34526 libtiff: A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit [fedora-all]", "security": true, "parent": false}}], "testcase_feedback": [], "user": {"name": "nforro", "email": "nforro@redhat.com", "id": 970, "avatar": "https://seccdn.libravatar.org/avatar/c0a1b276101723475a0d713e0f2a26a75b86db21d698fd3be9aa83b0eab37e45?s=24&d=retro", "openid": "nforro.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to testing.", "timestamp": "2022-08-02 01:16:47", "update_id": 436526, "user_id": 91, "id": 2663632, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.", "timestamp": "2022-08-02 01:16:55", "update_id": 436526, "user_id": 91, "id": 2663684, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 1, "karma_critpath": 0, "text": "Works.", "timestamp": "2022-08-02 02:06:30", "update_id": 436526, "user_id": 198, "id": 2663792, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bojan", "email": "bojan@rexursive.com", "id": 198, "avatar": "https://seccdn.libravatar.org/avatar/adb4c3f28bd6969871988f992b1bf71e404f03e3570fbfa0fc9bd7d0bf0003f8?s=24&d=retro", "openid": "bojan.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}, {"karma": 1, "karma_critpath": 0, "text": "For some reason this worked for me today when I ran an update with updates-testing enabled, and yes i have -tools and -devel installed. None of the vtk packages have updated, I have no idea why this happened.", "timestamp": "2022-08-02 09:42:34", "update_id": 436526, "user_id": 6532, "id": 2664056, "bug_feedback": [{"karma": 0, "comment_id": 2664056, "bug_id": 2112760, "bug": {"bug_id": 2112760, "title": "CVE-2022-34526 libtiff: A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit [fedora-all]", "security": true, "parent": false}}], "testcase_feedback": [], "user": {"name": "tyrbiter", "email": "brian@fenrir.org.uk", "id": 6532, "avatar": "https://seccdn.libravatar.org/avatar/2a4c5b8b398d9ef9fdc5371c7cd74bb94df580391f5373b4c662d97d414c5405?s=24&d=retro", "openid": "tyrbiter.id.stg.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}, {"karma": 0, "karma_critpath": 0, "text": "This update can be pushed to stable now if the maintainer wishes", "timestamp": "2022-08-02 09:43:31", "update_id": 436526, "user_id": 91, "id": 2664057, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2022-08-03 14:43:15", "update_id": 436526, "user_id": 5881, "id": 2666205, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "geraldosimiao", "email": "geraldo.simiao.kutz@gmail.com", "id": 5881, "avatar": "https://seccdn.libravatar.org/avatar/03fa5b58e8ac78544bf41ad8ecf9ee1920f2ebedb86542c2f4cdf7ef15813168?s=24&d=retro", "openid": "geraldosimiao.id.stg.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "fedora-br"}, {"name": "advocates"}, {"name": "respins-sig"}]}}, {"karma": 1, "karma_critpath": 0, "text": "works", "timestamp": "2022-08-03 18:59:54", "update_id": 436526, "user_id": 4598, "id": 2666429, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "andilinux", "email": "Kartz@gmx.net", "id": 4598, "avatar": "https://seccdn.libravatar.org/avatar/b820090b49856dc08f6ed6f3cd43f9d1920be6ee51f83ebb0b4f9904a7306f1a?s=24&d=retro", "openid": "andilinux.id.stg.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "fedora-join"}, {"name": "ask-fedora"}]}}, {"karma": 1, "karma_critpath": 0, "text": "works", "timestamp": "2022-08-03 19:09:16", "update_id": 436526, "user_id": 4598, "id": 2666469, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "andilinux", "email": "Kartz@gmx.net", "id": 4598, "avatar": "https://seccdn.libravatar.org/avatar/b820090b49856dc08f6ed6f3cd43f9d1920be6ee51f83ebb0b4f9904a7306f1a?s=24&d=retro", "openid": "andilinux.id.stg.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "fedora-join"}, {"name": "ask-fedora"}]}}, {"karma": 1, "karma_critpath": 0, "text": "works", "timestamp": "2022-08-03 19:18:21", "update_id": 436526, "user_id": 4598, "id": 2666510, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "andilinux", "email": "Kartz@gmx.net", "id": 4598, "avatar": "https://seccdn.libravatar.org/avatar/b820090b49856dc08f6ed6f3cd43f9d1920be6ee51f83ebb0b4f9904a7306f1a?s=24&d=retro", "openid": "andilinux.id.stg.fedoraproject.org", "groups": [{"name": "qa"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "fedora-join"}, {"name": "ask-fedora"}]}}, {"karma": 1, "karma_critpath": 0, "text": "no regressions noted", "timestamp": "2022-08-04 02:52:10", "update_id": 436526, "user_id": 124, "id": 2667112, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "filiperosset", "email": "rosset.filipe@gmail.com", "id": 124, "avatar": "https://seccdn.libravatar.org/avatar/f4394b8fb4c9a99c4b534dc724912fe75a5b87fe15048985ece8388c2441d0ca?s=24&d=retro", "openid": "filiperosset.id.stg.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "provenpackager"}, {"name": "packager"}, {"name": "trust admins"}, {"name": "signed_fpca"}, {"name": "fedora-contributor"}, {"name": "l10n"}, {"name": "cvsl10n"}, {"name": "ipausers"}, {"name": "fedora-br"}, {"name": "fedorabugs"}, {"name": "ambassadors"}]}}, {"karma": 1, "karma_critpath": 0, "text": "Works", "timestamp": "2022-08-04 19:07:39", "update_id": 436526, "user_id": 491, "id": 2668012, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "pwalter", "email": "walter.pete@yandex.com", "id": 491, "avatar": "https://seccdn.libravatar.org/avatar/20f7756718e08ef810fe23344dfdcafe17dfb277e2c27d5cbf81e35b66247795?s=24&d=retro", "openid": "pwalter.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "provenpackager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for stable by nforro. ", "timestamp": "2022-08-05 07:31:58", "update_id": 436526, "user_id": 91, "id": 2668731, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to stable.", "timestamp": "2022-08-06 01:52:47", "update_id": 436526, "user_id": 91, "id": 2669481, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}], "builds": [{"nvr": "libtiff-4.4.0-4.fc36", "signed": true, "release_id": 56, "type": "rpm", "epoch": 0}], "bugs": [{"bug_id": 2112760, "title": "CVE-2022-34526 libtiff: A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit [fedora-all]", "security": true, "parent": false, "feedback": [{"karma": 0, "comment_id": 2663006, "bug_id": 2112760, "comment": {"karma": -1, "karma_critpath": 0, "text": "Installation fails with this message\n\nDependencies resolved.\n\n Problem 1: problem with installed package libtiff-devel-4.4.0-2.fc36.x86_64\n  - package libtiff-devel-4.4.0-2.fc36.x86_64 requires libtiff(x86-64) = 4.4.0-2.fc36, but none of the providers can be installed\n  - cannot install both libtiff-4.4.0-4.fc36.x86_64 and libtiff-4.4.0-2.fc36.x86_64\n  - cannot install the best update candidate for package libtiff-4.4.0-2.fc36.x86_64\n Problem 2: problem with installed package vtk-mpich-devel-9.1.0-12.fc36.x86_64\n  - package vtk-mpich-devel-9.1.0-12.fc36.x86_64 requires libtiff-devel(x86-64), but none of the providers can be installed\n  - package libtiff-devel-4.4.0-2.fc36.x86_64 requires libtiff(x86-64) = 4.4.0-2.fc36, but none of the providers can be installed\n  - package libtiff-devel-4.3.0-6.fc36.x86_64 requires libtiff(x86-64) = 4.3.0-6.fc36, but none of the providers can be installed\n  - cannot install both libtiff-4.4.0-4.fc36.x86_64 and libtiff-4.4.0-2.fc36.x86_64\n  - cannot install both libtiff-4.4.0-4.fc36.x86_64 and libtiff-4.3.0-6.fc36.x86_64\n  - libtiff-4.4.0-4.fc36.i686 has inferior architecture\n  - cannot install the best update candidate for package libtiff-4.4.0-2.fc36.i686\n Problem 3: problem with installed package vtk-devel-9.1.0-12.fc36.x86_64\n  - package vtk-devel-9.1.0-12.fc36.x86_64 requires libtiff-devel(x86-64), but none of the providers can be installed\n  - package libtiff-devel-4.4.0-2.fc36.x86_64 requires libtiff(x86-64) = 4.4.0-2.fc36, but none of the providers can be installed\n  - package libtiff-devel-4.3.0-6.fc36.x86_64 requires libtiff(x86-64) = 4.3.0-6.fc36, but none of the providers can be installed\n  - cannot install both libtiff-4.4.0-4.fc36.x86_64 and libtiff-4.4.0-2.fc36.x86_64\n  - cannot install both libtiff-4.4.0-4.fc36.x86_64 and libtiff-4.3.0-6.fc36.x86_64\n  - package libtiff-tools-4.4.0-4.fc36.x86_64 requires libtiff(x86-64) = 4.4.0-4.fc36, but none of the providers can be installed\n  - cannot install the best update candidate for package libtiff-tools-4.4.0-2.fc36.x86_64", "timestamp": "2022-08-01 13:12:32", "update_id": 436526, "user_id": 6532, "id": 2663006, "testcase_feedback": [], "user": {"name": "tyrbiter", "email": "brian@fenrir.org.uk", "id": 6532, "avatar": "https://seccdn.libravatar.org/avatar/2a4c5b8b398d9ef9fdc5371c7cd74bb94df580391f5373b4c662d97d414c5405?s=24&d=retro", "openid": "tyrbiter.id.stg.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}, {"karma": 0, "comment_id": 2663017, "bug_id": 2112760, "comment": {"karma": 0, "karma_critpath": 0, "text": "@tyrbiter How did you install the update? AFAICT it's not in testing yet, if you installed it manually from Koji, did you install also libtiff-tools and libtiff-devel subpackages?", "timestamp": "2022-08-01 13:26:04", "update_id": 436526, "user_id": 970, "id": 2663017, "testcase_feedback": [], "user": {"name": "nforro", "email": "nforro@redhat.com", "id": 970, "avatar": "https://seccdn.libravatar.org/avatar/c0a1b276101723475a0d713e0f2a26a75b86db21d698fd3be9aa83b0eab37e45?s=24&d=retro", "openid": "nforro.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}}, {"karma": 0, "comment_id": 2664056, "bug_id": 2112760, "comment": {"karma": 1, "karma_critpath": 0, "text": "For some reason this worked for me today when I ran an update with updates-testing enabled, and yes i have -tools and -devel installed. None of the vtk packages have updated, I have no idea why this happened.", "timestamp": "2022-08-02 09:42:34", "update_id": 436526, "user_id": 6532, "id": 2664056, "testcase_feedback": [], "user": {"name": "tyrbiter", "email": "brian@fenrir.org.uk", "id": 6532, "avatar": "https://seccdn.libravatar.org/avatar/2a4c5b8b398d9ef9fdc5371c7cd74bb94df580391f5373b4c662d97d414c5405?s=24&d=retro", "openid": "tyrbiter.id.stg.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "signed_fpca"}]}}}]}], "updateid": "FEDORA-2022-83b9a5bf0f", "karma": 6, "content_type": "rpm", "test_cases": []}, "can_edit": false, "ci_allowed": false}