{"update": {"autokarma": false, "autotime": false, "stable_karma": 3, "stable_days": 0, "unstable_karma": -3, "require_bugs": false, "require_testcases": false, "display_name": "", "notes": "Part of the SFTP handshake involves \"extensions\", which are key/value pairs,\ncomprised of strings. In SSH, strings are encoded for network transport as a\n32-bit length, followed by the bytes. The mod_sftp module currently places no bounds/length limitations when reading these SFTP extension key/value data from the network. A malicious attacker might attempt to encode large values, and allocate more memory than is necessary, causing excessive resource usage or the FTP daemon to crash.\n\nThis update limits the amount of memory allocated to handle these extensions.", "type": "security", "status": "stable", "request": null, "severity": "unspecified", "suggest": "unspecified", "locked": false, "pushed": true, "critpath": false, "critpath_groups": null, "close_bugs": true, "date_submitted": "2015-12-01 17:22:34", "date_modified": null, "date_approved": null, "date_testing": "2015-12-03 04:01:01", "date_stable": "2015-12-18 04:56:15", "alias": "FEDORA-EPEL-2015-0ec0c87b3a", "test_gating_status": null, "from_tag": null, "date_pushed": "2015-12-18 04:56:15", "meets_testing_requirements": false, "url": "https://bodhi.stg.fedoraproject.org/updates/FEDORA-EPEL-2015-0ec0c87b3a", "title": "proftpd-1.3.5a-2.el7", "version_hash": "f1c0d6c2c11a5f1e71432b8464d2358a4f1eb65a", "release": {"name": "EPEL-7", "long_name": "Fedora EPEL 7", "version": "7", "id_prefix": "FEDORA-EPEL", "branch": "epel7", "dist_tag": "epel7", "stable_tag": "epel7", "testing_tag": "epel7-testing", "candidate_tag": "epel7-testing-candidate", "pending_signing_tag": "epel7-signing-pending", "pending_testing_tag": "epel7-testing-pending", "pending_stable_tag": "epel7-pending", "override_tag": "epel7-override", "mail_template": "fedora_epel_legacy_errata_template", "state": "archived", "composed_by_bodhi": true, "create_automatic_updates": false, "package_manager": "unspecified", "testing_repository": null, "released_on": null, "eol": null, "critpath_mandatory_days_in_testing": 14, "mandatory_days_in_testing": 7, "critpath_min_karma": 2, "min_karma": 1, "setting_status": null}, "user": {"name": "pghmcfc", "email": "paul@city-fan.org", "id": 165, "avatar": "https://seccdn.libravatar.org/avatar/e6d92d9d894db58d2c7e8c1a627b669f062f35ef31fdaa8d8c7b57068b2416e1?s=24&d=retro", "openid": "pghmcfc.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "provenpackager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "perl-maint-sig"}]}, "comments": [{"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for testing by pghmcfc. ", "timestamp": "2015-12-01 17:22:34", "update_id": 45875, "user_id": 91, "id": 360073, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to testing.", "timestamp": "2015-12-03 04:21:05", "update_id": 45875, "user_id": 91, "id": 360649, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes", "timestamp": "2015-12-17 06:00:10", "update_id": 45875, "user_id": 91, "id": 367211, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for stable by pghmcfc. ", "timestamp": "2015-12-17 08:48:23", "update_id": 45875, "user_id": 91, "id": 367343, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to stable.", "timestamp": "2015-12-18 07:26:14", "update_id": 45875, "user_id": 91, "id": 367796, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}], "builds": [{"nvr": "proftpd-1.3.5a-2.el7", "signed": true, "release_id": 8, "type": "rpm", "epoch": 0}], "bugs": [{"bug_id": 1286977, "title": "proftpd: unbounded SFTP extended attribute key/values", "security": true, "parent": true, "feedback": []}, {"bug_id": 1286979, "title": "proftpd: unbounded SFTP extended attribute key/values [epel-all]", "security": true, "parent": false, "feedback": []}], "updateid": "FEDORA-EPEL-2015-0ec0c87b3a", "karma": 0, "content_type": "rpm", "test_cases": []}, "can_edit": false, "ci_allowed": false}