{"update": {"autokarma": true, "autotime": true, "stable_karma": 3, "stable_days": 7, "unstable_karma": -3, "require_bugs": true, "require_testcases": true, "display_name": "", "notes": "- Update the git2 crate to version 0.18.2.\n- Update the libgit2-sys crate to version 0.16.2.\n\nVersion 0.16.2 of the libgit2-sys crate includes an update of the bundled copy of libgit2 to version 1.7.2 to address CVE-2024-24575 and CVE-2024-24577.\n\nSince the libgit2 bindings cause applications that use them to statically link libgit2, this update also includes rebuilds of all affected applications.", "type": "security", "status": "stable", "request": null, "severity": "high", "suggest": "unspecified", "locked": false, "pushed": true, "critpath": false, "critpath_groups": "", "close_bugs": true, "date_submitted": "2024-02-14 00:04:59", "date_modified": null, "date_approved": "2024-02-19 08:15:59", "date_testing": "2024-02-14 02:10:51", "date_stable": "2024-02-20 01:38:39", "alias": "FEDORA-2024-8ba389815f", "test_gating_status": "ignored", "from_tag": "f39-build-side-83562", "date_pushed": "2024-02-20 01:38:39", "meets_testing_requirements": true, "url": "https://bodhi.stg.fedoraproject.org/updates/FEDORA-2024-8ba389815f", "title": "rust-asyncgit-0.24.3-3.fc39 rust-bat-0.24.0-3.fc39 rust-cargo-c-0.9.28-4.fc39 rust-eza-0.17.3-2.fc39 rust-git-absorb-0.6.11-3.fc39 rust-git-delta-0.16.5-9.fc39 rust-git2-0.18.2-1.fc39 rust-gitui-0.24.3-4.fc39 rust-libgit2-sys-0.16.2-1.fc39 rust-lsd-1.0.0-3.fc39 rust-pore-0.1.10-3.fc39 rust-pretty-git-prompt-0.2.1-20.fc39 rust-shadow-rs-0.8.1-8.fc39 rust-silver-2.0.1-7.fc39 rust-tokei-12.1.2-8.fc39 rust-vergen-5.1.17-8.fc39", "version_hash": "0bacaac66077d64a577fe0319be589cbca93b76b", "release": {"name": "F39", "long_name": "Fedora 39", "version": "39", "id_prefix": "FEDORA", "branch": "f39", "dist_tag": "f39", "stable_tag": "f39-updates", "testing_tag": "f39-updates-testing", "candidate_tag": "f39-updates-candidate", "pending_signing_tag": "f39-signing-pending", "pending_testing_tag": "f39-updates-testing-pending", "pending_stable_tag": "f39-updates-pending", "override_tag": "f39-override", "mail_template": "fedora_errata_template", "state": "current", "composed_by_bodhi": true, "create_automatic_updates": false, "package_manager": "dnf", "testing_repository": "updates-testing", "released_on": null, "eol": "2024-11-26", "critpath_mandatory_days_in_testing": 14, "mandatory_days_in_testing": 7, "critpath_min_karma": 2, "min_karma": 1, "setting_status": null}, "user": {"name": "decathorpe", "email": "decathorpe@gmail.com", "id": 388, "avatar": "https://seccdn.libravatar.org/avatar/67f4ac6a6b20752d6c2ff1f21b29d10c6fcdd05a35ffccdca789fe670dfc3efb?s=24&d=retro", "openid": "decathorpe.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "provenpackager"}, {"name": "fedorabugs"}, {"name": "fedora-contributor"}, {"name": "packaging-committee"}, {"name": "pantheon-sig"}, {"name": "multimedia-sig"}, {"name": "ipausers"}, {"name": "libreoffice-sig"}, {"name": "rust-sig"}, {"name": "diversity-pride"}, {"name": "signed_fpca"}, {"name": "cosmic-sig"}, {"name": "trust admins"}, {"name": "fesco"}]}, "comments": [{"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'waiting'.", "timestamp": "2024-02-14 00:05:00", "update_id": 588935, "user_id": 91, "id": 3407803, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'ignored'.", "timestamp": "2024-02-14 00:05:14", "update_id": 588935, "user_id": 91, "id": 3407804, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for testing by bodhi. ", "timestamp": "2024-02-14 00:17:23", "update_id": 588935, "user_id": 91, "id": 3407817, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to testing.", "timestamp": "2024-02-14 02:11:55", "update_id": 588935, "user_id": 91, "id": 3408123, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2024-02-14 13:13:29", "update_id": 588935, "user_id": 4120, "id": 3408653, "bug_feedback": [{"karma": 0, "comment_id": 3408653, "bug_id": 2263100, "bug": {"bug_id": 2263100, "title": "TRIAGE CVE-2024-24577 rust-libgit2-sys: libgit2: arbitrary code execution due to heap corruption in git_index_add [fedora-all]", "security": true, "parent": false}}, {"karma": 0, "comment_id": 3408653, "bug_id": 2263105, "bug": {"bug_id": 2263105, "title": "TRIAGE CVE-2024-24575 rust-libgit2-sys: libgit2: potential infiniate loop condition in git_revparse_single [fedora-all]", "security": true, "parent": false}}], "testcase_feedback": [], "user": {"name": "atim", "email": "ego.cordatus@gmail.com", "id": 4120, "avatar": "https://seccdn.libravatar.org/avatar/8c3a317a13d88ca7421098b94cce0501c97ca2283e7139c4992df34f6218fb3b?s=24&d=retro", "openid": "atim.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "rust-sig"}, {"name": "trust admins"}]}}, {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2024-02-16 10:17:22", "update_id": 588935, "user_id": 2240, "id": 3411867, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "frantisekz", "email": "fzatlouk@redhat.com", "id": 2240, "avatar": "https://seccdn.libravatar.org/avatar/665c5bc41bed444bc5fc8ea32da393449791968f9398dbe8ca045576e0ec52d3?s=24&d=retro", "openid": "frantisekz.id.stg.fedoraproject.org", "groups": [{"name": "qa-tools-sig"}, {"name": "qa"}, {"name": "packager"}, {"name": "provenpackager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "sysadmin"}, {"name": "ambassadors"}, {"name": "sysadmin-qa"}, {"name": "advocates"}, {"name": "qa-admin"}]}}, {"karma": 0, "karma_critpath": 0, "text": "This update can be pushed to stable now if the maintainer wishes", "timestamp": "2024-02-16 10:18:25", "update_id": 588935, "user_id": 91, "id": 3411875, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 1, "karma_critpath": 0, "text": "prints files correctly", "timestamp": "2024-02-19 08:15:59", "update_id": 588935, "user_id": 411, "id": 3415827, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "kparal", "email": "kparal@redhat.com", "id": 411, "avatar": "https://seccdn.libravatar.org/avatar/5da027c64997c654044c3d0fdefea4cde1b5cea73f8ecfca77af48e2ba5ed772?s=24&d=retro", "openid": "kparal.id.stg.fedoraproject.org", "groups": [{"name": "qa-tools-sig"}, {"name": "proventesters"}, {"name": "qa"}, {"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "qa-admin"}, {"name": "trust admins"}]}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for stable by bodhi. ", "timestamp": "2024-02-19 08:15:59", "update_id": 588935, "user_id": 91, "id": 3415828, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to stable.", "timestamp": "2024-02-20 01:40:02", "update_id": 588935, "user_id": 91, "id": 3417079, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}], "builds": [{"nvr": "rust-asyncgit-0.24.3-3.fc39", "signed": true, "release_id": 70, "type": "rpm", "epoch": 0}, {"nvr": "rust-bat-0.24.0-3.fc39", "signed": true, "release_id": 70, "type": "rpm", "epoch": 0}, {"nvr": "rust-cargo-c-0.9.28-4.fc39", "signed": true, "release_id": 70, "type": "rpm", "epoch": 0}, {"nvr": "rust-eza-0.17.3-2.fc39", "signed": true, "release_id": 70, "type": "rpm", "epoch": 0}, {"nvr": "rust-git2-0.18.2-1.fc39", "signed": true, "release_id": 70, "type": "rpm", "epoch": 0}, {"nvr": "rust-git-absorb-0.6.11-3.fc39", "signed": true, "release_id": 70, "type": "rpm", "epoch": 0}, {"nvr": "rust-git-delta-0.16.5-9.fc39", "signed": true, "release_id": 70, "type": "rpm", "epoch": 0}, {"nvr": "rust-gitui-0.24.3-4.fc39", "signed": true, "release_id": 70, "type": "rpm", "epoch": 0}, {"nvr": "rust-libgit2-sys-0.16.2-1.fc39", "signed": true, "release_id": 70, "type": "rpm", "epoch": 0}, {"nvr": "rust-lsd-1.0.0-3.fc39", "signed": true, "release_id": 70, "type": "rpm", "epoch": 0}, {"nvr": "rust-pore-0.1.10-3.fc39", "signed": true, "release_id": 70, "type": "rpm", "epoch": 0}, {"nvr": "rust-pretty-git-prompt-0.2.1-20.fc39", "signed": true, "release_id": 70, "type": "rpm", "epoch": 0}, {"nvr": "rust-shadow-rs-0.8.1-8.fc39", "signed": true, "release_id": 70, "type": "rpm", "epoch": 0}, {"nvr": "rust-silver-2.0.1-7.fc39", "signed": true, "release_id": 70, "type": "rpm", "epoch": 0}, {"nvr": "rust-tokei-12.1.2-8.fc39", "signed": true, "release_id": 70, "type": "rpm", "epoch": 0}, {"nvr": "rust-vergen-5.1.17-8.fc39", "signed": true, "release_id": 70, "type": "rpm", "epoch": 0}], "bugs": [{"bug_id": 2263100, "title": "TRIAGE CVE-2024-24577 rust-libgit2-sys: libgit2: arbitrary code execution due to heap corruption in git_index_add [fedora-all]", "security": true, "parent": false, "feedback": [{"karma": 0, "comment_id": 3408653, "bug_id": 2263100, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2024-02-14 13:13:29", "update_id": 588935, "user_id": 4120, "id": 3408653, "testcase_feedback": [], "user": {"name": "atim", "email": "ego.cordatus@gmail.com", "id": 4120, "avatar": "https://seccdn.libravatar.org/avatar/8c3a317a13d88ca7421098b94cce0501c97ca2283e7139c4992df34f6218fb3b?s=24&d=retro", "openid": "atim.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "rust-sig"}, {"name": "trust admins"}]}}}]}, {"bug_id": 2263105, "title": "TRIAGE CVE-2024-24575 rust-libgit2-sys: libgit2: potential infiniate loop condition in git_revparse_single [fedora-all]", "security": true, "parent": false, "feedback": [{"karma": 0, "comment_id": 3408653, "bug_id": 2263105, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2024-02-14 13:13:29", "update_id": 588935, "user_id": 4120, "id": 3408653, "testcase_feedback": [], "user": {"name": "atim", "email": "ego.cordatus@gmail.com", "id": 4120, "avatar": "https://seccdn.libravatar.org/avatar/8c3a317a13d88ca7421098b94cce0501c97ca2283e7139c4992df34f6218fb3b?s=24&d=retro", "openid": "atim.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "rust-sig"}, {"name": "trust admins"}]}}}]}], "updateid": "FEDORA-2024-8ba389815f", "karma": 3, "content_type": "rpm", "test_cases": []}, "can_edit": false, "ci_allowed": false}