{"update": {"autokarma": true, "autotime": true, "stable_karma": 3, "stable_days": 7, "unstable_karma": -3, "require_bugs": false, "require_testcases": true, "display_name": "", "notes": "Security fix for CVE-2017-12102, CVE-2017-12103, CVE-2017-12104, CVE-2017-12081, CVE-2017-12082, CVE-2017-12086,  CVE-2017-12099, CVE-2017-12100, CVE-2017-12101, CVE-2017-12105, CVE-2017-2908, CVE-2017-2899, CVE-2017-2900, fix CVE-2017-2901, CVE-2017-2902, CVE-2017-2903, CVE-2017-2904, CVE-2017-2905, CVE-2017-2906, CVE-2017-2907, CVE-2017-2918.\n\nIncludes manual backports of the following upstream commits:\n\n\n- a6700362 \u201cMemory: add MEM_malloc_arrayN() function to protect against overflow.\u201d\n- d30cc1ea \u201cFix buffer overflows in TIFF, PNG, IRIS, DPX, HDR and AVI loading.\u201d\n- 07aed40 \u201cFix buffer overflow vulernability in thumbnail file reading.\u201d\n- e6df028 \u201cFix buffer overflow vulnerabilities in mesh code.\u201d\n- e6df028 \u201cFix buffer overflow vulnerability in curve, font, particles code.\u201d", "type": "security", "status": "stable", "request": null, "severity": "medium", "suggest": "unspecified", "locked": false, "pushed": true, "critpath": false, "critpath_groups": null, "close_bugs": true, "date_submitted": "2022-04-08 13:58:11", "date_modified": null, "date_approved": null, "date_testing": "2022-04-08 20:37:30", "date_stable": "2022-04-17 22:08:47", "alias": "FEDORA-EPEL-2022-4a24f39c87", "test_gating_status": "ignored", "from_tag": null, "date_pushed": "2022-04-17 22:08:47", "meets_testing_requirements": true, "url": "https://bodhi.stg.fedoraproject.org/updates/FEDORA-EPEL-2022-4a24f39c87", "title": "blender-2.68a-9.el7", "version_hash": "736be87b17fa036eab51daedede5b102944ee6fe", "release": {"name": "EPEL-7", "long_name": "Fedora EPEL 7", "version": "7", "id_prefix": "FEDORA-EPEL", "branch": "epel7", "dist_tag": "epel7", "stable_tag": "epel7", "testing_tag": "epel7-testing", "candidate_tag": "epel7-testing-candidate", "pending_signing_tag": "epel7-signing-pending", "pending_testing_tag": "epel7-testing-pending", "pending_stable_tag": "epel7-pending", "override_tag": "epel7-override", "mail_template": "fedora_epel_legacy_errata_template", "state": "archived", "composed_by_bodhi": true, "create_automatic_updates": false, "package_manager": "unspecified", "testing_repository": null, "released_on": null, "eol": null, "critpath_mandatory_days_in_testing": 14, "mandatory_days_in_testing": 7, "critpath_min_karma": 2, "min_karma": 1, "setting_status": null}, "user": {"name": "music", "email": "code@musicinmybrain.net", "id": 5936, "avatar": "https://seccdn.libravatar.org/avatar/cbba028ab32ef1c5c6bfa001d27d8e20aa2821bab34f8a9914a71c6eb18a873c?s=24&d=retro", "openid": "music.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "provenpackager"}, {"name": "python-sig"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "neuro-sig"}, {"name": "rust-sig"}, {"name": "python-packagers-sig"}]}, "comments": [{"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for testing by music. ", "timestamp": "2022-04-08 13:58:12", "update_id": 392768, "user_id": 91, "id": 2472917, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'ignored'.", "timestamp": "2022-04-08 13:58:12", "update_id": 392768, "user_id": 91, "id": 2472918, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to testing.", "timestamp": "2022-04-08 20:38:21", "update_id": 392768, "user_id": 91, "id": 2473313, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for stable by bodhi. ", "timestamp": "2022-04-15 20:38:56", "update_id": 392768, "user_id": 91, "id": 2491060, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to stable.", "timestamp": "2022-04-17 22:10:54", "update_id": 392768, "user_id": 91, "id": 2492100, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}], "builds": [{"nvr": "blender-2.68a-9.el7", "signed": true, "release_id": 8, "type": "rpm", "epoch": 1}], "bugs": [{"bug_id": 1571612, "title": "CVE-2017-12086 blender: Integer overflow in BKE_mesh_calc_normals_tessface potentially leading to code execution [epel-7]", "security": true, "parent": false, "feedback": []}, {"bug_id": 1610813, "title": "CVE-2017-2899 blender: Integer Overflow in imb_loadtiff [epel-7]", "security": true, "parent": false, "feedback": []}, {"bug_id": 1610816, "title": "CVE-2017-2900 blender: Integer Overflow in IMB_ibImageFromMemory [epel-7]", "security": true, "parent": false, "feedback": []}, {"bug_id": 1610819, "title": "CVE-2017-2901 blender: Integer Overflow in imb_loadiris [epel-7]", "security": true, "parent": false, "feedback": []}, {"bug_id": 1610822, "title": "CVE-2017-2902 blender: Integer Overflow in DPX loading [epel-7]", "security": true, "parent": false, "feedback": []}, {"bug_id": 1610824, "title": "CVE-2017-2903 blender: Integer Overflow in logImageOpenFromMemory [epel-7]", "security": true, "parent": false, "feedback": []}, {"bug_id": 1610827, "title": "CVE-2017-2904 blender: Integer Overflow in the RADIANCE loading functionality [epel-7]", "security": true, "parent": false, "feedback": []}, {"bug_id": 1610829, "title": "CVE-2017-2905 blender: Integer Overflow in the bmp loading functionality [epel-7]", "security": true, "parent": false, "feedback": []}, {"bug_id": 1610832, "title": "CVE-2017-2906 blender: Integer Overflow in the animation playing functionality [epel-7]", "security": true, "parent": false, "feedback": []}, {"bug_id": 1610834, "title": "CVE-2017-2907 blender: Integer Overflow in the animation playing functionality [epel-7]", "security": true, "parent": false, "feedback": []}, {"bug_id": 1610836, "title": "CVE-2017-2908 blender: Integer Overflow in the thumbnail functionality [epel-7]", "security": true, "parent": false, "feedback": []}, {"bug_id": 1610840, "title": "CVE-2017-12105 blender: Integer Overflow in the BKE_mesh_vertexCos_get function [epel-7]", "security": true, "parent": false, "feedback": []}, {"bug_id": 1610843, "title": "CVE-2017-2918 blender: Integer Overflow in the Image loading functionality [epel-7]", "security": true, "parent": false, "feedback": []}, {"bug_id": 1610846, "title": "CVE-2017-12104 blender: Integer Overflow when it draws a Particle object [epel-7]", "security": true, "parent": false, "feedback": []}, {"bug_id": 1610848, "title": "CVE-2017-12103 blender: Integer Overflow when it converts text rendered as a font into a curve [epel-7]", "security": true, "parent": false, "feedback": []}, {"bug_id": 1610851, "title": "CVE-2017-12102 blender: Integer Overflow when it converts converts curves to polygons [epel-7]", "security": true, "parent": false, "feedback": []}, {"bug_id": 1610856, "title": "CVE-2017-12101 blender: Integer Overflow in the modifier_mdef_compact_influences functionality [epel-7]", "security": true, "parent": false, "feedback": []}, {"bug_id": 1610858, "title": "CVE-2017-12100 blender: Integer Overflow in the multires_load_old_dm functionality [epel-7]", "security": true, "parent": false, "feedback": []}, {"bug_id": 1610860, "title": "CVE-2017-12099 blender: Integer Overflow in the legacy Mesh attribute tface [epel-7]", "security": true, "parent": false, "feedback": []}, {"bug_id": 1610862, "title": "CVE-2017-12082 blender: Integer Overflow in the CustomData Mesh loading functionality [epel-7]", "security": true, "parent": false, "feedback": []}, {"bug_id": 1610865, "title": "CVE-2017-12081 blender: Integer Overflow in the upgrade of a legacy Mesh attribute [epel-7]", "security": true, "parent": false, "feedback": []}], "updateid": "FEDORA-EPEL-2022-4a24f39c87", "karma": 0, "content_type": "rpm", "test_cases": []}, "can_edit": false, "ci_allowed": false}