{"update": {"autokarma": true, "autotime": false, "stable_karma": 1, "stable_days": 0, "unstable_karma": -3, "require_bugs": true, "require_testcases": true, "display_name": "", "notes": "ClamAV 0.100.3\n==============\n\nClamAV 0.100.3 is a patch release to address a few security related bugs.\n\nThis patch release is being released alongside the 0.101.2 patch so that users who are unable to upgrade to 0.101 due to libclamav API changes are protected.\n\nThe bug fixes in this release are limited to security-related bugs only. Users are encouraged to upgrade to 0.101.2 for additional improvements.\n\n- Fixes for the following vulnerabilities:\n  - CVE-2019-1787:\n    An out-of-bounds heap read condition may occur when scanning PDF\n    documents. The defect is a failure to correctly keep track of the number\n    of bytes remaining in a buffer when indexing file data.\n  - CVE-2019-1789:\n    An out-of-bounds heap read condition may occur when scanning PE files\n    (i.e. Windows EXE and DLL files) that have been packed using Aspack as a\n    result of inadequate bound-checking.\n  - CVE-2019-1788:\n    An out-of-bounds heap write condition may occur when scanning OLE2 files\n    such as Microsoft Office 97-2003 documents. The invalid write happens when\n    an invalid pointer is mistakenly used to initialize a 32bit integer to\n    zero. This is likely to crash the application.\n\nThank you to the Google OSS-Fuzz project for identifying and reporting the bugs patched in this release.\n\n", "type": "security", "status": "stable", "request": null, "severity": "high", "suggest": "unspecified", "locked": false, "pushed": true, "critpath": false, "critpath_groups": null, "close_bugs": true, "date_submitted": "2019-04-04 22:37:38", "date_modified": "2019-04-05 03:09:45", "date_approved": null, "date_testing": "2019-04-05 02:57:11", "date_stable": "2019-04-09 01:03:28", "alias": "FEDORA-EPEL-2019-9c8cf7e4be", "test_gating_status": "ignored", "from_tag": null, "date_pushed": "2019-04-09 01:03:28", "meets_testing_requirements": true, "url": "https://bodhi.stg.fedoraproject.org/updates/FEDORA-EPEL-2019-9c8cf7e4be", "title": "clamav-0.100.3-1.el6", "version_hash": "5b45dec59dee6e18bd2249b8e468081ae5b9c172", "release": {"name": "EL-6", "long_name": "Fedora EPEL 6", "version": "6", "id_prefix": "FEDORA-EPEL", "branch": "el6", "dist_tag": "dist-6E-epel", "stable_tag": "dist-6E-epel", "testing_tag": "dist-6E-epel-testing", "candidate_tag": "dist-6E-epel-testing-candidate", "pending_signing_tag": "", "pending_testing_tag": "", "pending_stable_tag": "", "override_tag": "dist-6E-epel-override", "mail_template": "fedora_epel_legacy_errata_template", "state": "archived", "composed_by_bodhi": true, "create_automatic_updates": false, "package_manager": "unspecified", "testing_repository": null, "released_on": null, "eol": null, "critpath_mandatory_days_in_testing": 14, "mandatory_days_in_testing": 7, "critpath_min_karma": 2, "min_karma": 1, "setting_status": null}, "user": {"name": "robert", "email": "redhat@linuxnetz.de", "id": 172, "avatar": "https://seccdn.libravatar.org/avatar/5ce2f7b6de1c95bdf5b1d0f117f568f9955a164c0916ea7552b5db21bf3e689a?s=24&d=retro", "openid": "robert.id.stg.fedoraproject.org", "groups": [{"name": "proventesters"}, {"name": "provenpackager"}, {"name": "packager"}, {"name": "ipausers"}, {"name": "ambassadors"}, {"name": "campusambassadors"}, {"name": "gitfedora-web"}, {"name": "fedora-contributor"}, {"name": "advocates"}, {"name": "fedorabugs"}, {"name": "gitsecurity-spin"}, {"name": "signed_fpca"}, {"name": "gitfama"}, {"name": "epel-packagers-sig"}, {"name": "web"}, {"name": "clamav"}, {"name": "trust admins"}]}, "comments": [{"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for testing by robert. ", "timestamp": "2019-04-04 22:37:38", "update_id": 135871, "user_id": 91, "id": 922399, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "robert edited this update.", "timestamp": "2019-04-04 22:40:19", "update_id": 135871, "user_id": 91, "id": 922400, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to testing.", "timestamp": "2019-04-05 02:57:18", "update_id": 135871, "user_id": 91, "id": 922589, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "sergiomb edited this update.", "timestamp": "2019-04-05 03:09:44", "update_id": 135871, "user_id": 91, "id": 922593, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2019-04-08 08:38:01", "update_id": 135871, "user_id": 468, "id": 924322, "bug_feedback": [{"karma": 0, "comment_id": 924322, "bug_id": 1694098, "bug": {"bug_id": 1694098, "title": "Update clamav to current version", "security": false, "parent": false}}, {"karma": 0, "comment_id": 924322, "bug_id": 1696106, "bug": {"bug_id": 1696106, "title": "CVE-2019-1787 clamav: out-of-bounds heap read when scanning PDF documents", "security": true, "parent": true}}, {"karma": 0, "comment_id": 924322, "bug_id": 1696110, "bug": {"bug_id": 1696110, "title": "CVE-2019-1789 clamav: out-of-bounds heap read when scanning PE files", "security": true, "parent": true}}, {"karma": 0, "comment_id": 924322, "bug_id": 1696116, "bug": {"bug_id": 1696116, "title": "CVE-2019-1788 clamav: out-of-bounds heap write when scanning OLE2 files", "security": true, "parent": true}}, {"karma": 0, "comment_id": 924322, "bug_id": 1696146, "bug": {"bug_id": 1696146, "title": "CVE-2019-1785 CVE-2019-1786 CVE-2019-1787 CVE-2019-1788 CVE-2019-1789 CVE-2019-1798 clamav: various flaws [epel-all]", "security": true, "parent": false}}, {"karma": 0, "comment_id": 924322, "bug_id": 1696391, "bug": {"bug_id": 1696391, "title": "push 0.101.2 to stable now.. to fix RCE vulnerability in < 0.101.2", "security": false, "parent": false}}], "testcase_feedback": [{"karma": 0, "comment_id": 924322, "testcase_id": 245, "testcase": {"name": "QA:Testcase ClamAV", "id": 245}}], "user": {"name": "kwizart", "email": "kwizart@gmail.com", "id": 468, "avatar": "https://seccdn.libravatar.org/avatar/0287f4cda13f0a0fa5d8f1c5fd31409ebdc4daf396b43be6866e307786f4f3c4?s=24&d=retro", "openid": "kwizart.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "provenpackager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "web"}, {"name": "ask-fedora"}, {"name": "trust admins"}]}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for batched by bodhi. ", "timestamp": "2019-04-08 08:38:01", "update_id": 135871, "user_id": 91, "id": 924323, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for stable by bodhi. ", "timestamp": "2019-04-08 23:47:24", "update_id": 135871, "user_id": 91, "id": 924825, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to stable.", "timestamp": "2019-04-09 01:03:50", "update_id": 135871, "user_id": 91, "id": 924930, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}], "builds": [{"nvr": "clamav-0.100.3-1.el6", "signed": true, "release_id": 10, "type": "rpm", "epoch": 0}], "bugs": [{"bug_id": 1694098, "title": "Update clamav to current version", "security": false, "parent": false, "feedback": [{"karma": 0, "comment_id": 924322, "bug_id": 1694098, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2019-04-08 08:38:01", "update_id": 135871, "user_id": 468, "id": 924322, "testcase_feedback": [{"karma": 0, "comment_id": 924322, "testcase_id": 245, "testcase": {"name": "QA:Testcase ClamAV", "id": 245}}], "user": {"name": "kwizart", "email": "kwizart@gmail.com", "id": 468, "avatar": "https://seccdn.libravatar.org/avatar/0287f4cda13f0a0fa5d8f1c5fd31409ebdc4daf396b43be6866e307786f4f3c4?s=24&d=retro", "openid": "kwizart.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "provenpackager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "web"}, {"name": "ask-fedora"}, {"name": "trust admins"}]}}}]}, {"bug_id": 1696106, "title": "CVE-2019-1787 clamav: out-of-bounds heap read when scanning PDF documents", "security": true, "parent": true, "feedback": [{"karma": 0, "comment_id": 924322, "bug_id": 1696106, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2019-04-08 08:38:01", "update_id": 135871, "user_id": 468, "id": 924322, "testcase_feedback": [{"karma": 0, "comment_id": 924322, "testcase_id": 245, "testcase": {"name": "QA:Testcase ClamAV", "id": 245}}], "user": {"name": "kwizart", "email": "kwizart@gmail.com", "id": 468, "avatar": "https://seccdn.libravatar.org/avatar/0287f4cda13f0a0fa5d8f1c5fd31409ebdc4daf396b43be6866e307786f4f3c4?s=24&d=retro", "openid": "kwizart.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "provenpackager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "web"}, {"name": "ask-fedora"}, {"name": "trust admins"}]}}}]}, {"bug_id": 1696110, "title": "CVE-2019-1789 clamav: out-of-bounds heap read when scanning PE files", "security": true, "parent": true, "feedback": [{"karma": 0, "comment_id": 924322, "bug_id": 1696110, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2019-04-08 08:38:01", "update_id": 135871, "user_id": 468, "id": 924322, "testcase_feedback": [{"karma": 0, "comment_id": 924322, "testcase_id": 245, "testcase": {"name": "QA:Testcase ClamAV", "id": 245}}], "user": {"name": "kwizart", "email": "kwizart@gmail.com", "id": 468, "avatar": "https://seccdn.libravatar.org/avatar/0287f4cda13f0a0fa5d8f1c5fd31409ebdc4daf396b43be6866e307786f4f3c4?s=24&d=retro", "openid": "kwizart.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "provenpackager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "web"}, {"name": "ask-fedora"}, {"name": "trust admins"}]}}}]}, {"bug_id": 1696116, "title": "CVE-2019-1788 clamav: out-of-bounds heap write when scanning OLE2 files", "security": true, "parent": true, "feedback": [{"karma": 0, "comment_id": 924322, "bug_id": 1696116, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2019-04-08 08:38:01", "update_id": 135871, "user_id": 468, "id": 924322, "testcase_feedback": [{"karma": 0, "comment_id": 924322, "testcase_id": 245, "testcase": {"name": "QA:Testcase ClamAV", "id": 245}}], "user": {"name": "kwizart", "email": "kwizart@gmail.com", "id": 468, "avatar": "https://seccdn.libravatar.org/avatar/0287f4cda13f0a0fa5d8f1c5fd31409ebdc4daf396b43be6866e307786f4f3c4?s=24&d=retro", "openid": "kwizart.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "provenpackager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "web"}, {"name": "ask-fedora"}, {"name": "trust admins"}]}}}]}, {"bug_id": 1696146, "title": "CVE-2019-1785 CVE-2019-1786 CVE-2019-1787 CVE-2019-1788 CVE-2019-1789 CVE-2019-1798 clamav: various flaws [epel-all]", "security": true, "parent": false, "feedback": [{"karma": 0, "comment_id": 924322, "bug_id": 1696146, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2019-04-08 08:38:01", "update_id": 135871, "user_id": 468, "id": 924322, "testcase_feedback": [{"karma": 0, "comment_id": 924322, "testcase_id": 245, "testcase": {"name": "QA:Testcase ClamAV", "id": 245}}], "user": {"name": "kwizart", "email": "kwizart@gmail.com", "id": 468, "avatar": "https://seccdn.libravatar.org/avatar/0287f4cda13f0a0fa5d8f1c5fd31409ebdc4daf396b43be6866e307786f4f3c4?s=24&d=retro", "openid": "kwizart.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "provenpackager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "web"}, {"name": "ask-fedora"}, {"name": "trust admins"}]}}}]}, {"bug_id": 1696391, "title": "push 0.101.2 to stable now.. to fix RCE vulnerability in < 0.101.2", "security": false, "parent": false, "feedback": [{"karma": 0, "comment_id": 924322, "bug_id": 1696391, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2019-04-08 08:38:01", "update_id": 135871, "user_id": 468, "id": 924322, "testcase_feedback": [{"karma": 0, "comment_id": 924322, "testcase_id": 245, "testcase": {"name": "QA:Testcase ClamAV", "id": 245}}], "user": {"name": "kwizart", "email": "kwizart@gmail.com", "id": 468, "avatar": "https://seccdn.libravatar.org/avatar/0287f4cda13f0a0fa5d8f1c5fd31409ebdc4daf396b43be6866e307786f4f3c4?s=24&d=retro", "openid": "kwizart.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "provenpackager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "ambassadors"}, {"name": "web"}, {"name": "ask-fedora"}, {"name": "trust admins"}]}}}]}], "updateid": "FEDORA-EPEL-2019-9c8cf7e4be", "karma": 1, "content_type": "rpm", "test_cases": [{"name": "QA:Testcase ClamAV", "id": 245}]}, "can_edit": false, "ci_allowed": false}