eclipse-sig April 2021

eclipse-sig@lists.fedoraproject.org

1 participants
50 discussions

[Bug 1895560] New: not support for java 11
by bugzilla＠redhat.com 23 Apr '21

23 Apr '21

https://bugzilla.redhat.com/show_bug.cgi?id=1895560 Bug ID: 1895560 Summary: not support for java 11 Product: Fedora Version: 32 Hardware: x86_64 OS: Linux Status: NEW Component: eclipse Severity: medium Assignee: mat.booth(a)redhat.com Reporter: flydove(a)qq.com QA Contact: extras-qa(a)fedoraproject.org CC: akurtako(a)redhat.com, andjrobins(a)gmail.com, dbhole(a)redhat.com, ebaron(a)redhat.com, eclipse-sig(a)lists.fedoraproject.org, jerboaa(a)gmail.com, jjohnstn(a)redhat.com, lef(a)fedoraproject.org, mat.booth(a)redhat.com, rgrunber(a)redhat.com Target Milestone: --- Classification: Fedora Created attachment 1727315 --> https://bugzilla.redhat.com/attachment.cgi?id=1727315&action=edit Eclipse not found java 11 eclipse Bad start java 11 and Good Runing using java 1.8.x -- You are receiving this mail because: You are on the CC list for the bug.

1 6

[Bug 1944890] New: CVE-2021-21409 eclipse: netty: Request smuggling via content-length header [fedora-all]
by bugzilla＠redhat.com 23 Apr '21

23 Apr '21

https://bugzilla.redhat.com/show_bug.cgi?id=1944890 Bug ID: 1944890 Summary: CVE-2021-21409 eclipse: netty: Request smuggling via content-length header [fedora-all] Product: Fedora Version: 33 Status: NEW Component: eclipse Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: mat.booth(a)gmail.com Reporter: psampaio(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: akurtako(a)redhat.com, andjrobins(a)gmail.com, dbhole(a)redhat.com, ebaron(a)redhat.com, eclipse-sig(a)lists.fedoraproject.org, jerboaa(a)gmail.com, jjohnstn(a)redhat.com, lef(a)fedoraproject.org, mat.booth(a)gmail.com, rgrunber(a)redhat.com Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug.

1 4

[Bug 1937446] New: CVE-2020-13959 eclipse: velocity: XSS in the default error page for VelocityView [fedora-all]
by bugzilla＠redhat.com 23 Apr '21

23 Apr '21

https://bugzilla.redhat.com/show_bug.cgi?id=1937446 Bug ID: 1937446 Summary: CVE-2020-13959 eclipse: velocity: XSS in the default error page for VelocityView [fedora-all] Product: Fedora Version: 33 Status: NEW Component: eclipse Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: mat.booth(a)redhat.com Reporter: gsuckevi(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: akurtako(a)redhat.com, andjrobins(a)gmail.com, dbhole(a)redhat.com, ebaron(a)redhat.com, eclipse-sig(a)lists.fedoraproject.org, jerboaa(a)gmail.com, jjohnstn(a)redhat.com, lef(a)fedoraproject.org, mat.booth(a)redhat.com, rgrunber(a)redhat.com Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug.

1 5

[Bug 1937442] New: CVE-2020-13936 eclipse: velocity: arbitrary code execution when attacker is able to modify templates [fedora-all]
by bugzilla＠redhat.com 23 Apr '21

23 Apr '21

https://bugzilla.redhat.com/show_bug.cgi?id=1937442 Bug ID: 1937442 Summary: CVE-2020-13936 eclipse: velocity: arbitrary code execution when attacker is able to modify templates [fedora-all] Product: Fedora Version: 33 Status: NEW Component: eclipse Keywords: Security, SecurityTracking Severity: high Priority: high Assignee: mat.booth(a)redhat.com Reporter: gsuckevi(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: akurtako(a)redhat.com, andjrobins(a)gmail.com, dbhole(a)redhat.com, ebaron(a)redhat.com, eclipse-sig(a)lists.fedoraproject.org, jerboaa(a)gmail.com, jjohnstn(a)redhat.com, lef(a)fedoraproject.org, mat.booth(a)redhat.com, rgrunber(a)redhat.com Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug.

1 4

[Bug 1937366] New: CVE-2021-21295 eclipse: netty: possible request smuggling in HTTP/2 due missing validation [fedora-all]
by bugzilla＠redhat.com 23 Apr '21

23 Apr '21

https://bugzilla.redhat.com/show_bug.cgi?id=1937366 Bug ID: 1937366 Summary: CVE-2021-21295 eclipse: netty: possible request smuggling in HTTP/2 due missing validation [fedora-all] Product: Fedora Version: 33 Status: NEW Component: eclipse Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: mat.booth(a)redhat.com Reporter: gsuckevi(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: akurtako(a)redhat.com, andjrobins(a)gmail.com, dbhole(a)redhat.com, ebaron(a)redhat.com, eclipse-sig(a)lists.fedoraproject.org, jerboaa(a)gmail.com, jjohnstn(a)redhat.com, lef(a)fedoraproject.org, mat.booth(a)redhat.com, rgrunber(a)redhat.com Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug.

1 5

[Bug 1934117] New: CVE-2020-27223 jetty: request containing multiple Accept headers with a large number of "quality" parameters may lead to DoS [fedora-all]
by bugzilla＠redhat.com 21 Apr '21

21 Apr '21

https://bugzilla.redhat.com/show_bug.cgi?id=1934117 Bug ID: 1934117 Summary: CVE-2020-27223 jetty: request containing multiple Accept headers with a large number of "quality" parameters may lead to DoS [fedora-all] Product: Fedora Version: 33 Status: NEW Component: jetty Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: mat.booth(a)redhat.com Reporter: gsuckevi(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: eclipse-sig(a)lists.fedoraproject.org, java-sig-commits(a)lists.fedoraproject.org, jjohnstn(a)redhat.com, krzysztof.daniel(a)gmail.com, mat.booth(a)redhat.com, mizdebsk(a)redhat.com, sochotni(a)redhat.com Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug.

1 4

[Bug 1902827] New: CVE-2020-27218 jetty: buffer not correctly recycled in Gzip Request inflation [fedora-all]
by bugzilla＠redhat.com 21 Apr '21

21 Apr '21

https://bugzilla.redhat.com/show_bug.cgi?id=1902827 Bug ID: 1902827 Summary: CVE-2020-27218 jetty: buffer not correctly recycled in Gzip Request inflation [fedora-all] Product: Fedora Version: 33 Status: NEW Component: jetty Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: mat.booth(a)redhat.com Reporter: gsuckevi(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: eclipse-sig(a)lists.fedoraproject.org, java-sig-commits(a)lists.fedoraproject.org, jjohnstn(a)redhat.com, krzysztof.daniel(a)gmail.com, mat.booth(a)redhat.com, mizdebsk(a)redhat.com, sochotni(a)redhat.com Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug.

1 3

[Bug 1933810] New: CVE-2020-11987 eclipse: batik: SSRF due to improper input validation by the NodePickerPanel [fedora-all]
by bugzilla＠redhat.com 16 Apr '21

16 Apr '21

https://bugzilla.redhat.com/show_bug.cgi?id=1933810 Bug ID: 1933810 Summary: CVE-2020-11987 eclipse: batik: SSRF due to improper input validation by the NodePickerPanel [fedora-all] Product: Fedora Version: 33 Status: NEW Component: eclipse Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: mat.booth(a)redhat.com Reporter: gsuckevi(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: akurtako(a)redhat.com, andjrobins(a)gmail.com, dbhole(a)redhat.com, ebaron(a)redhat.com, eclipse-sig(a)lists.fedoraproject.org, jerboaa(a)gmail.com, jjohnstn(a)redhat.com, lef(a)fedoraproject.org, mat.booth(a)redhat.com, rgrunber(a)redhat.com Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug.

1 6

[Bug 1873489] New: Xorg/Wayland crash on os.kill(0, 15) executed from eclipse python debugger
by bugzilla＠redhat.com 08 Apr '21

08 Apr '21

https://bugzilla.redhat.com/show_bug.cgi?id=1873489 Bug ID: 1873489 Summary: Xorg/Wayland crash on os.kill(0, 15) executed from eclipse python debugger Product: Fedora Version: 32 Status: NEW Component: eclipse-pydev Assignee: mat.booth(a)redhat.com Reporter: ldoktor(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: akurtako(a)redhat.com, eclipse-sig(a)lists.fedoraproject.org, jjohnstn(a)redhat.com, mat.booth(a)redhat.com Target Milestone: --- Classification: Fedora Description of problem: When debugging certain app I got Wayland crashes, then reproduced it on Xorg as well. Simplest reproduction I got to is to create a file that executes "os.kill(0, 15)" and run/debug it from eclipse. Version-Release number of selected component (if applicable): eclipse-equinox-osgi-4.14-5.fc32.x86_64 eclipse-jgit-5.6.0-2.fc32.noarch eclipse-jdt-4.14-5.fc32.noarch eclipse-pydev-7.7.0-1.fc32.x86_64 eclipse-egit-5.6.0-2.fc32.noarch eclipse-swt-4.14-5.fc32.x86_64 eclipse-ecf-core-3.14.6-4.fc32.noarch eclipse-platform-4.14-5.fc32.x86_64 eclipse-emf-core-2.20.0-5.fc32.noarch libwayland-egl-1.18.0-1.fc32.i686 libwayland-server-1.18.0-1.fc32.x86_64 xorg-x11-server-Xwayland-1.20.8-1.fc32.x86_64 qt5-qtwayland-5.14.2-4.fc32.x86_64 gnome-session-wayland-session-3.36.0-2.fc32.x86_64 xorg-x11-server-Xorg-1.20.8-1.fc32.x86_64 How reproducible: Always Steps to Reproduce: 1. create a python file with "import os; os.kill(0, 15)" 2. select "Run As"->"Python Run" Actual results: Eclipse crashes and Wayland/Xorg as well (Xorg restarts, Wayland stays dead) Expected results: Ideally Eclipse should stay unaffected but at least it'd be nice if Wayland/Xorg survived. Additional info: It also works when I start debugging any script and manually execute the "os.kill(0, 15)" from the pydev console. On the other hand everything works well when the process is started elsewhere and pydev is only accessed via "import pydevd; pydevd.settrace("127.0.0.1", True, True)" directly from the script (execution only kills the python process, Eclipse as well as Wayland/Xorg survives) -- You are receiving this mail because: You are on the CC list for the bug.

1 3

[Bug 1480900] Opening git project from a `git worktree` directory fails
by bugzilla＠redhat.com 08 Apr '21

08 Apr '21

https://bugzilla.redhat.com/show_bug.cgi?id=1480900 Alexander Kurtakov <akurtako(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED CC| |akurtako(a)redhat.com Resolution|--- |UPSTREAM Last Closed| |2021-04-08 10:08:12 --- Comment #2 from Alexander Kurtakov <akurtako(a)redhat.com> --- This bug is from F26 and so many things changed since then but upstream hasn't acted on this one. It will be part of fedora when upstream supports it so no point in this bug. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

eclipse-sig April 2021