https://bugzilla.redhat.com/show_bug.cgi?id=1895560
Bug ID: 1895560
Summary: not support for java 11
Product: Fedora
Version: 32
Hardware: x86_64
OS: Linux
Status: NEW
Component: eclipse
Severity: medium
Assignee: mat.booth(a)redhat.com
Reporter: flydove(a)qq.com
QA Contact: extras-qa(a)fedoraproject.org
CC: akurtako(a)redhat.com, andjrobins(a)gmail.com,
dbhole(a)redhat.com, ebaron(a)redhat.com,
eclipse-sig(a)lists.fedoraproject.org,
jerboaa(a)gmail.com, jjohnstn(a)redhat.com,
lef(a)fedoraproject.org, mat.booth(a)redhat.com,
rgrunber(a)redhat.com
Target Milestone: ---
Classification: Fedora
Created attachment 1727315
--> https://bugzilla.redhat.com/attachment.cgi?id=1727315&action=edit
Eclipse not found java 11
eclipse Bad start java 11 and Good Runing using java 1.8.x
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1944890
Bug ID: 1944890
Summary: CVE-2021-21409 eclipse: netty: Request smuggling via
content-length header [fedora-all]
Product: Fedora
Version: 33
Status: NEW
Component: eclipse
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: mat.booth(a)gmail.com
Reporter: psampaio(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: akurtako(a)redhat.com, andjrobins(a)gmail.com,
dbhole(a)redhat.com, ebaron(a)redhat.com,
eclipse-sig(a)lists.fedoraproject.org,
jerboaa(a)gmail.com, jjohnstn(a)redhat.com,
lef(a)fedoraproject.org, mat.booth(a)gmail.com,
rgrunber(a)redhat.com
Target Milestone: ---
Classification: Fedora
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1937446
Bug ID: 1937446
Summary: CVE-2020-13959 eclipse: velocity: XSS in the default
error page for VelocityView [fedora-all]
Product: Fedora
Version: 33
Status: NEW
Component: eclipse
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: mat.booth(a)redhat.com
Reporter: gsuckevi(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: akurtako(a)redhat.com, andjrobins(a)gmail.com,
dbhole(a)redhat.com, ebaron(a)redhat.com,
eclipse-sig(a)lists.fedoraproject.org,
jerboaa(a)gmail.com, jjohnstn(a)redhat.com,
lef(a)fedoraproject.org, mat.booth(a)redhat.com,
rgrunber(a)redhat.com
Target Milestone: ---
Classification: Fedora
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1937442
Bug ID: 1937442
Summary: CVE-2020-13936 eclipse: velocity: arbitrary code
execution when attacker is able to modify templates
[fedora-all]
Product: Fedora
Version: 33
Status: NEW
Component: eclipse
Keywords: Security, SecurityTracking
Severity: high
Priority: high
Assignee: mat.booth(a)redhat.com
Reporter: gsuckevi(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: akurtako(a)redhat.com, andjrobins(a)gmail.com,
dbhole(a)redhat.com, ebaron(a)redhat.com,
eclipse-sig(a)lists.fedoraproject.org,
jerboaa(a)gmail.com, jjohnstn(a)redhat.com,
lef(a)fedoraproject.org, mat.booth(a)redhat.com,
rgrunber(a)redhat.com
Target Milestone: ---
Classification: Fedora
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1937366
Bug ID: 1937366
Summary: CVE-2021-21295 eclipse: netty: possible request
smuggling in HTTP/2 due missing validation
[fedora-all]
Product: Fedora
Version: 33
Status: NEW
Component: eclipse
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: mat.booth(a)redhat.com
Reporter: gsuckevi(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: akurtako(a)redhat.com, andjrobins(a)gmail.com,
dbhole(a)redhat.com, ebaron(a)redhat.com,
eclipse-sig(a)lists.fedoraproject.org,
jerboaa(a)gmail.com, jjohnstn(a)redhat.com,
lef(a)fedoraproject.org, mat.booth(a)redhat.com,
rgrunber(a)redhat.com
Target Milestone: ---
Classification: Fedora
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1934117
Bug ID: 1934117
Summary: CVE-2020-27223 jetty: request containing multiple
Accept headers with a large number of "quality"
parameters may lead to DoS [fedora-all]
Product: Fedora
Version: 33
Status: NEW
Component: jetty
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: mat.booth(a)redhat.com
Reporter: gsuckevi(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: eclipse-sig(a)lists.fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
jjohnstn(a)redhat.com, krzysztof.daniel(a)gmail.com,
mat.booth(a)redhat.com, mizdebsk(a)redhat.com,
sochotni(a)redhat.com
Target Milestone: ---
Classification: Fedora
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1902827
Bug ID: 1902827
Summary: CVE-2020-27218 jetty: buffer not correctly recycled in
Gzip Request inflation [fedora-all]
Product: Fedora
Version: 33
Status: NEW
Component: jetty
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: mat.booth(a)redhat.com
Reporter: gsuckevi(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: eclipse-sig(a)lists.fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
jjohnstn(a)redhat.com, krzysztof.daniel(a)gmail.com,
mat.booth(a)redhat.com, mizdebsk(a)redhat.com,
sochotni(a)redhat.com
Target Milestone: ---
Classification: Fedora
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1933810
Bug ID: 1933810
Summary: CVE-2020-11987 eclipse: batik: SSRF due to improper
input validation by the NodePickerPanel [fedora-all]
Product: Fedora
Version: 33
Status: NEW
Component: eclipse
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: mat.booth(a)redhat.com
Reporter: gsuckevi(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: akurtako(a)redhat.com, andjrobins(a)gmail.com,
dbhole(a)redhat.com, ebaron(a)redhat.com,
eclipse-sig(a)lists.fedoraproject.org,
jerboaa(a)gmail.com, jjohnstn(a)redhat.com,
lef(a)fedoraproject.org, mat.booth(a)redhat.com,
rgrunber(a)redhat.com
Target Milestone: ---
Classification: Fedora
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1873489
Bug ID: 1873489
Summary: Xorg/Wayland crash on os.kill(0, 15) executed from
eclipse python debugger
Product: Fedora
Version: 32
Status: NEW
Component: eclipse-pydev
Assignee: mat.booth(a)redhat.com
Reporter: ldoktor(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: akurtako(a)redhat.com,
eclipse-sig(a)lists.fedoraproject.org,
jjohnstn(a)redhat.com, mat.booth(a)redhat.com
Target Milestone: ---
Classification: Fedora
Description of problem:
When debugging certain app I got Wayland crashes, then reproduced it on Xorg as
well. Simplest reproduction I got to is to create a file that executes
"os.kill(0, 15)" and run/debug it from eclipse.
Version-Release number of selected component (if applicable):
eclipse-equinox-osgi-4.14-5.fc32.x86_64
eclipse-jgit-5.6.0-2.fc32.noarch
eclipse-jdt-4.14-5.fc32.noarch
eclipse-pydev-7.7.0-1.fc32.x86_64
eclipse-egit-5.6.0-2.fc32.noarch
eclipse-swt-4.14-5.fc32.x86_64
eclipse-ecf-core-3.14.6-4.fc32.noarch
eclipse-platform-4.14-5.fc32.x86_64
eclipse-emf-core-2.20.0-5.fc32.noarch
libwayland-egl-1.18.0-1.fc32.i686
libwayland-server-1.18.0-1.fc32.x86_64
xorg-x11-server-Xwayland-1.20.8-1.fc32.x86_64
qt5-qtwayland-5.14.2-4.fc32.x86_64
gnome-session-wayland-session-3.36.0-2.fc32.x86_64
xorg-x11-server-Xorg-1.20.8-1.fc32.x86_64
How reproducible:
Always
Steps to Reproduce:
1. create a python file with "import os; os.kill(0, 15)"
2. select "Run As"->"Python Run"
Actual results:
Eclipse crashes and Wayland/Xorg as well (Xorg restarts, Wayland stays dead)
Expected results:
Ideally Eclipse should stay unaffected but at least it'd be nice if
Wayland/Xorg survived.
Additional info:
It also works when I start debugging any script and manually execute the
"os.kill(0, 15)" from the pydev console. On the other hand everything works
well when the process is started elsewhere and pydev is only accessed via
"import pydevd; pydevd.settrace("127.0.0.1", True, True)" directly from the
script (execution only kills the python process, Eclipse as well as
Wayland/Xorg survives)
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1480900
Alexander Kurtakov <akurtako(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |CLOSED
CC| |akurtako(a)redhat.com
Resolution|--- |UPSTREAM
Last Closed| |2021-04-08 10:08:12
--- Comment #2 from Alexander Kurtakov <akurtako(a)redhat.com> ---
This bug is from F26 and so many things changed since then but upstream hasn't
acted on this one. It will be part of fedora when upstream supports it so no
point in this bug.
--
You are receiving this mail because:
You are on the CC list for the bug.