[Bug 1933810] New: CVE-2020-11987 eclipse: batik: SSRF due to improper input validation by the NodePickerPanel [fedora-all]
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1933810
Bug ID: 1933810
Summary: CVE-2020-11987 eclipse: batik: SSRF due to improper
input validation by the NodePickerPanel [fedora-all]
Product: Fedora
Version: 33
Status: NEW
Component: eclipse
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: mat.booth(a)redhat.com
Reporter: gsuckevi(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: akurtako(a)redhat.com, andjrobins(a)gmail.com,
dbhole(a)redhat.com, ebaron(a)redhat.com,
eclipse-sig(a)lists.fedoraproject.org,
jerboaa(a)gmail.com, jjohnstn(a)redhat.com,
lef(a)fedoraproject.org, mat.booth(a)redhat.com,
rgrunber(a)redhat.com
Target Milestone: ---
Classification: Fedora
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
3 years
[Bug 1873489] New: Xorg/Wayland crash on os.kill(0, 15) executed from eclipse python debugger
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1873489
Bug ID: 1873489
Summary: Xorg/Wayland crash on os.kill(0, 15) executed from
eclipse python debugger
Product: Fedora
Version: 32
Status: NEW
Component: eclipse-pydev
Assignee: mat.booth(a)redhat.com
Reporter: ldoktor(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: akurtako(a)redhat.com,
eclipse-sig(a)lists.fedoraproject.org,
jjohnstn(a)redhat.com, mat.booth(a)redhat.com
Target Milestone: ---
Classification: Fedora
Description of problem:
When debugging certain app I got Wayland crashes, then reproduced it on Xorg as
well. Simplest reproduction I got to is to create a file that executes
"os.kill(0, 15)" and run/debug it from eclipse.
Version-Release number of selected component (if applicable):
eclipse-equinox-osgi-4.14-5.fc32.x86_64
eclipse-jgit-5.6.0-2.fc32.noarch
eclipse-jdt-4.14-5.fc32.noarch
eclipse-pydev-7.7.0-1.fc32.x86_64
eclipse-egit-5.6.0-2.fc32.noarch
eclipse-swt-4.14-5.fc32.x86_64
eclipse-ecf-core-3.14.6-4.fc32.noarch
eclipse-platform-4.14-5.fc32.x86_64
eclipse-emf-core-2.20.0-5.fc32.noarch
libwayland-egl-1.18.0-1.fc32.i686
libwayland-server-1.18.0-1.fc32.x86_64
xorg-x11-server-Xwayland-1.20.8-1.fc32.x86_64
qt5-qtwayland-5.14.2-4.fc32.x86_64
gnome-session-wayland-session-3.36.0-2.fc32.x86_64
xorg-x11-server-Xorg-1.20.8-1.fc32.x86_64
How reproducible:
Always
Steps to Reproduce:
1. create a python file with "import os; os.kill(0, 15)"
2. select "Run As"->"Python Run"
Actual results:
Eclipse crashes and Wayland/Xorg as well (Xorg restarts, Wayland stays dead)
Expected results:
Ideally Eclipse should stay unaffected but at least it'd be nice if
Wayland/Xorg survived.
Additional info:
It also works when I start debugging any script and manually execute the
"os.kill(0, 15)" from the pydev console. On the other hand everything works
well when the process is started elsewhere and pydev is only accessed via
"import pydevd; pydevd.settrace("127.0.0.1", True, True)" directly from the
script (execution only kills the python process, Eclipse as well as
Wayland/Xorg survives)
--
You are receiving this mail because:
You are on the CC list for the bug.
3 years
[Bug 1939630] New: CVE-2020-27225 eclipse: Help Subsystem does not authenticate active help requests
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1939630
Bug ID: 1939630
Summary: CVE-2020-27225 eclipse: Help Subsystem does not
authenticate active help requests
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: psampaio(a)redhat.com
CC: akurtako(a)redhat.com, andjrobins(a)gmail.com,
dbhole(a)redhat.com, ebaron(a)redhat.com,
eclipse-sig(a)lists.fedoraproject.org,
jerboaa(a)gmail.com, jjohnstn(a)redhat.com,
lef(a)fedoraproject.org, mat.booth(a)redhat.com,
mcermak(a)redhat.com, mprchlik(a)redhat.com,
patrickm(a)redhat.com, rgrunber(a)redhat.com,
vkadlcik(a)redhat.com
Target Milestone: ---
Classification: Other
In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does
not authenticate active help requests to the local help web server, allowing an
unauthenticated local attacker to issue active help commands to the associated
Eclipse Platform process or Eclipse Rich Client Platform process.
References:
https://bugs.eclipse.org/bugs/show_bug.cgi?id=569855
--
You are receiving this mail because:
You are on the CC list for the bug.
3 years
[Bug 1939631] New: CVE-2020-27225 eclipse: Help Subsystem does not authenticate active help requests [fedora-all]
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1939631
Bug ID: 1939631
Summary: CVE-2020-27225 eclipse: Help Subsystem does not
authenticate active help requests [fedora-all]
Product: Fedora
Version: 33
Status: NEW
Component: eclipse
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: mat.booth(a)redhat.com
Reporter: psampaio(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: akurtako(a)redhat.com, andjrobins(a)gmail.com,
dbhole(a)redhat.com, ebaron(a)redhat.com,
eclipse-sig(a)lists.fedoraproject.org,
jerboaa(a)gmail.com, jjohnstn(a)redhat.com,
lef(a)fedoraproject.org, mat.booth(a)redhat.com,
rgrunber(a)redhat.com
Target Milestone: ---
Classification: Fedora
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
3 years
[Bug 1910322] New: subclipse(Eclipse?) does not keep passwords save
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1910322
Bug ID: 1910322
Summary: subclipse(Eclipse?) does not keep passwords save
Product: Fedora
Version: 33
Hardware: x86_64
OS: Linux
Status: NEW
Component: eclipse-subclipse
Severity: high
Assignee: mat.booth(a)redhat.com
Reporter: peljasz(a)yahoo.co.uk
QA Contact: extras-qa(a)fedoraproject.org
CC: eclipse-sig(a)lists.fedoraproject.org,
krzysztof.daniel(a)gmail.com, mat.booth(a)redhat.com
Target Milestone: ---
Classification: Fedora
Description of problem:
Connecting to a remove SVN http repo gets prompt for user+password but those
are not kept by Eclipse even during the span of same session.
Browsing an SVN repo renders user+passw prompt with each folder/file, which was
not the case until a while ago.
Version-Release number of selected component (if applicable):
eclipse-subclipse-4.3.0-8.fc33.noarch
eclipse-platform-4.17-4.fc33.x86_64
How reproducible:
Steps to Reproduce:
1.
2.
3.
Actual results:
Expected results:
Additional info:
--
You are receiving this mail because:
You are on the CC list for the bug.
3 years
[Bug 1897901] New: [abrt] eclipse-pydev: module(): __init__.py:51:<module>:AttributeError: module 'importlib._bootstrap_external' has no attribute '_w_long'
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1897901
Bug ID: 1897901
Summary: [abrt] eclipse-pydev: module():
__init__.py:51:<module>:AttributeError: module
'importlib._bootstrap_external' has no attribute
'_w_long'
Product: Fedora
Version: 33
Hardware: x86_64
Status: NEW
Whiteboard: abrt_hash:c44fb866899d088156844cb8c4e9c964cd3a84bc;VAR
IANT_ID=kde;
Component: eclipse-pydev
Assignee: mat.booth(a)redhat.com
Reporter: dgunchev(a)gmail.com
QA Contact: extras-qa(a)fedoraproject.org
CC: akurtako(a)redhat.com,
eclipse-sig(a)lists.fedoraproject.org,
jjohnstn(a)redhat.com, mat.booth(a)redhat.com
Target Milestone: ---
Classification: Fedora
Description of problem:
Just started eclipse.
Version-Release number of selected component:
eclipse-pydev:1-8.0.0-1.fc33
Additional info:
reporter: libreport-2.14.0
cgroup:
0::/user.slice/user-1000.slice/user@1000.service/app.slice/app-eclipse-a1bd11afe2c74d0e983356851c6ecc0b.scope
cmdline: /usr/bin/python3 -u
/usr/lib/eclipse/droplets/pydev/plugins/org.python.pydev.core_8.0.0.v20201103-1759/pysrc/pycompletionserver.py
33431
crash_function: module
exception_type: AttributeError
executable:
/usr/lib/eclipse/droplets/pydev/plugins/org.python.pydev.core_8.0.0.v20201103-1759/pysrc/pycompletionserver.py
interpreter: python3-3.9.0-1.fc33.x86_64
kernel: 5.8.18-300.fc33.x86_64
runlevel: N 5
type: Python3
uid: 1000
Truncated backtrace:
#1 [/usr/lib64/python3.7/importlib/__init__.py:51] <module>
#2 [/usr/lib64/python3.7/inspect.py:38] <module>
#3 [/usr/lib64/python3.7/xmlrpc/server.py:110] <module>
#4
[/usr/lib/eclipse/droplets/pydev/plugins/org.python.pydev.core_8.0.0.v20201103-1759/pysrc/_pydev_imps/_pydev_saved_modules.py:22]
<module>
#5
[/usr/lib/eclipse/droplets/pydev/plugins/org.python.pydev.core_8.0.0.v20201103-1759/pysrc/_pydevd_bundle/pydevd_constants.py:357]
<module>
#6
[/usr/lib/eclipse/droplets/pydev/plugins/org.python.pydev.core_8.0.0.v20201103-1759/pysrc/pycompletionserver.py:14]
<module>
--
You are receiving this mail because:
You are on the CC list for the bug.
3 years
[Bug 1901132] New: Request to build eclipse-cdt for EPEL 8
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1901132
Bug ID: 1901132
Summary: Request to build eclipse-cdt for EPEL 8
Product: Fedora EPEL
Version: epel8
Status: NEW
Component: eclipse
Assignee: lef(a)fedoraproject.org
Reporter: kretschmer.jens(a)siemens.com
QA Contact: extras-qa(a)fedoraproject.org
CC: akurtako(a)redhat.com, andjrobins(a)gmail.com,
dbhole(a)redhat.com, ebaron(a)redhat.com,
eclipse-sig(a)lists.fedoraproject.org,
jerboaa(a)gmail.com, jjohnstn(a)redhat.com,
lef(a)fedoraproject.org, mat.booth(a)redhat.com,
rgrunber(a)redhat.com
Target Milestone: ---
Classification: Fedora
Description of problem:
Please build eclipse-cdt for EPEL 8
--
You are receiving this mail because:
You are on the CC list for the bug.
3 years
[Bug 1888339] New: Error unpacking rpm package eclipse-platform-1:4.16-13.fc33.x86_64
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1888339
Bug ID: 1888339
Summary: Error unpacking rpm package
eclipse-platform-1:4.16-13.fc33.x86_64
Product: Fedora
Version: 33
Status: NEW
Component: eclipse
Assignee: mat.booth(a)redhat.com
Reporter: mycroft8(a)gmail.com
QA Contact: extras-qa(a)fedoraproject.org
CC: akurtako(a)redhat.com, andjrobins(a)gmail.com,
dbhole(a)redhat.com, ebaron(a)redhat.com,
eclipse-sig(a)lists.fedoraproject.org,
jerboaa(a)gmail.com, jjohnstn(a)redhat.com,
lef(a)fedoraproject.org, mat.booth(a)redhat.com,
rgrunber(a)redhat.com
Target Milestone: ---
Classification: Fedora
One RPM file associated with Eclipse in Fedora 33 beta is not installable.
Error unpacking rpm package eclipse-platform-1:4.16-13.fc33.x86_64
And the verification step fails.
This is a continuation of the same issue since Fedora 32.
It does not help to completely remove and re-install Eclipse. The issue
remains. It does not help to specifically enable the "latest" Eclipse.
The only workaround I can find is to not use Fedora repo's for Eclipse.
To reproduce, just try sudo dnf install eclipse-platform
--
You are receiving this mail because:
You are on the CC list for the bug.
3 years, 1 month