https://bugzilla.redhat.com/show_bug.cgi?id=1244745
Bug ID: 1244745
Summary: tsung-1.6.0 is available
Product: Fedora
Version: rawhide
Component: tsung
Keywords: FutureFeature, Triaged
Assignee: i(a)cicku.me
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: erlang(a)lists.fedoraproject.org, i(a)cicku.me,
lemenkov(a)gmail.com
Latest upstream release: 1.6.0
Current version/release in rawhide: 1.5.1-6.fc23
URL: http://tsung.erlang-projects.org/dist/
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1135810
Bug ID: 1135810
Summary: erlang-riak_sysmon-2.0.0 is available
Product: Fedora
Version: rawhide
Component: erlang-riak_sysmon
Keywords: FutureFeature, Triaged
Assignee: lemenkov(a)gmail.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: erlang(a)lists.fedoraproject.org, lemenkov(a)gmail.com
Latest upstream release: 2.0.0
Current version/release in Fedora Rawhide: 1.1.3-5.fc22
URL: https://api.github.com/repos/basho/riak_sysmon/tags
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring Soon this service
will be implemented by a new system: https://github.com/fedora-infra/anitya/
It will require to manage monitored projects via a new web interface. Please
make yourself familiar with the new system to ease the transition.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1188024
Bug ID: 1188024
Summary: erlang-lfe-0.9.1 is available
Product: Fedora
Version: rawhide
Component: erlang-lfe
Keywords: FutureFeature, Triaged
Assignee: lemenkov(a)gmail.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: erlang(a)lists.fedoraproject.org, lemenkov(a)gmail.com
Latest upstream release: 0.9.1
Current version/release in Fedora Rawhide: 0.9.0-2.fc22
URL: https://github.com/rvirding/lfe/tags
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring Soon this service
will be implemented by a new system: https://release-monitoring.org/
It will require to manage monitored projects via a new web interface. Please
make yourself familiar with the new system to ease the transition.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1236481
Bug ID: 1236481
Summary: package does not include command
Product: Fedora
Version: 21
Component: erlang-lfe
Severity: high
Assignee: lemenkov(a)gmail.com
Reporter: piervit(a)pvittet.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erlang(a)lists.fedoraproject.org, lemenkov(a)gmail.com
Description of problem:
According to the lfe doc (https://github.com/lfe/lfe/blob/develop/README.md)
post the installation of lfe, there should be an "lfe" command available.
Using the yum install version, I don't get an executable file:
$ repoquery -l erlang-lfe
/usr/lib64/erlang/lib/lfe-0.9.0
/usr/lib64/erlang/lib/lfe-0.9.0/ebin
/usr/lib64/erlang/lib/lfe-0.9.0/ebin/lfe.app
/usr/lib64/erlang/lib/lfe-0.9.0/ebin/lfe_bits.beam
/usr/lib64/erlang/lib/lfe-0.9.0/ebin/lfe_codegen.beam
/usr/lib64/erlang/lib/lfe-0.9.0/ebin/lfe_comp.beam
/usr/lib64/erlang/lib/lfe-0.9.0/ebin/lfe_env.beam
/usr/lib64/erlang/lib/lfe-0.9.0/ebin/lfe_eval.beam
/usr/lib64/erlang/lib/lfe-0.9.0/ebin/lfe_gen.beam
/usr/lib64/erlang/lib/lfe-0.9.0/ebin/lfe_init.beam
/usr/lib64/erlang/lib/lfe-0.9.0/ebin/lfe_io.beam
/usr/lib64/erlang/lib/lfe-0.9.0/ebin/lfe_io_format.beam
/usr/lib64/erlang/lib/lfe-0.9.0/ebin/lfe_io_pretty.beam
/usr/lib64/erlang/lib/lfe-0.9.0/ebin/lfe_lib.beam
/usr/lib64/erlang/lib/lfe-0.9.0/ebin/lfe_lint.beam
/usr/lib64/erlang/lib/lfe-0.9.0/ebin/lfe_macro.beam
/usr/lib64/erlang/lib/lfe-0.9.0/ebin/lfe_macro_include.beam
/usr/lib64/erlang/lib/lfe-0.9.0/ebin/lfe_macro_record.beam
/usr/lib64/erlang/lib/lfe-0.9.0/ebin/lfe_ms.beam
/usr/lib64/erlang/lib/lfe-0.9.0/ebin/lfe_parse.beam
/usr/lib64/erlang/lib/lfe-0.9.0/ebin/lfe_pmod.beam
/usr/lib64/erlang/lib/lfe-0.9.0/ebin/lfe_qlc.beam
/usr/lib64/erlang/lib/lfe-0.9.0/ebin/lfe_scan.beam
/usr/lib64/erlang/lib/lfe-0.9.0/ebin/lfe_shell.beam
/usr/lib64/erlang/lib/lfe-0.9.0/ebin/lfe_trans.beam
/usr/share/doc/erlang-lfe
/usr/share/doc/erlang-lfe/LICENSE
/usr/share/doc/erlang-lfe/README.md
/usr/share/doc/erlang-lfe/doc
/usr/share/doc/erlang-lfe/doc/lfe_bits.txt
/usr/share/doc/erlang-lfe/doc/lfe_comp.txt
/usr/share/doc/erlang-lfe/doc/lfe_gen.txt
/usr/share/doc/erlang-lfe/doc/lfe_io.txt
/usr/share/doc/erlang-lfe/doc/lfe_lib.txt
/usr/share/doc/erlang-lfe/doc/lfe_macro.txt
/usr/share/doc/erlang-lfe/doc/lfe_shell.txt
/usr/share/doc/erlang-lfe/doc/lfescript.txt
/usr/share/doc/erlang-lfe/doc/user_guide.txt
/usr/share/doc/erlang-lfe/doc/version_history.md
/usr/share/doc/erlang-lfe/examples
/usr/share/doc/erlang-lfe/examples/church.lfe
/usr/share/doc/erlang-lfe/examples/core-macros.lfe
/usr/share/doc/erlang-lfe/examples/ets_demo.lfe
/usr/share/doc/erlang-lfe/examples/fizzbuzz.lfe
/usr/share/doc/erlang-lfe/examples/gps1.lfe
/usr/share/doc/erlang-lfe/examples/guessing-game.lfe
/usr/share/doc/erlang-lfe/examples/http-async.lfe
/usr/share/doc/erlang-lfe/examples/http-sync.lfe
/usr/share/doc/erlang-lfe/examples/internal-state.lfe
/usr/share/doc/erlang-lfe/examples/joes-fav.lfe
/usr/share/doc/erlang-lfe/examples/lfe_eval.lfe
/usr/share/doc/erlang-lfe/examples/messenger-back.lfe
/usr/share/doc/erlang-lfe/examples/messenger.lfe
/usr/share/doc/erlang-lfe/examples/mnesia_demo.lfe
/usr/share/doc/erlang-lfe/examples/object-via-closure.lfe
/usr/share/doc/erlang-lfe/examples/object-via-process.lfe
/usr/share/doc/erlang-lfe/examples/ping_pong.lfe
/usr/share/doc/erlang-lfe/examples/ring.lfe
/usr/share/doc/erlang-lfe/examples/sample-lfe-shellscript
/usr/share/doc/erlang-lfe/examples/sample-lfescript
/usr/share/doc/erlang-lfe/examples/simple-erl-exercises.lfe
Version-Release number of selected component (if applicable): 0.9.0
How reproducible:
Steps to Reproduce:
1. yum install erlang-lfe
2. try to execute it (or repoquery -l erlang-lfe)
Actual results:
You will not find an lfe command.
Expected results:
You would like an lfe command.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1185515
Bug ID: 1185515
Summary: RabbitMQ: /api/definitions rsponse splitting
vulnerability
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: kseifried(a)redhat.com
CC: abaron(a)redhat.com, aortega(a)redhat.com,
apevec(a)redhat.com, ayoung(a)redhat.com,
chrisw(a)redhat.com, dallan(a)redhat.com,
erlang(a)lists.fedoraproject.org, gkotton(a)redhat.com,
hubert.plociniczak(a)gmail.com, jeckersb(a)redhat.com,
josh(a)fornwall.com, lemenkov(a)gmail.com, lhh(a)redhat.com,
lpeer(a)redhat.com, markmc(a)redhat.com,
pmyers(a)redhat.com, rbryant(a)redhat.com,
rjones(a)redhat.com, s(a)shk.io, sclewis(a)redhat.com,
yeylon(a)redhat.com
26433 fix response-splitting vulnerability in /api/downloads (since 2.1.0)
Bug 26433 allowed an attacker to specify a URL to /api/definitions which
would cause an arbitrary additional header to be returned. This was
fixed by stripping out CR/LF from the "download" query string parameter.
Upstream patches:
http://hg.rabbitmq.com/rabbitmq-management/rev/dceba16cc105
References:
https://groups.google.com/forum/#!topic/rabbitmq-users/-3Z2FyGtXhs
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1185514
Bug ID: 1185514
Summary: RabbitMQ: /api/... XSS vulnerability
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: kseifried(a)redhat.com
CC: abaron(a)redhat.com, aortega(a)redhat.com,
apevec(a)redhat.com, ayoung(a)redhat.com,
chrisw(a)redhat.com, dallan(a)redhat.com,
erlang(a)lists.fedoraproject.org, gkotton(a)redhat.com,
hubert.plociniczak(a)gmail.com, jeckersb(a)redhat.com,
josh(a)fornwall.com, lemenkov(a)gmail.com, lhh(a)redhat.com,
lpeer(a)redhat.com, markmc(a)redhat.com,
pmyers(a)redhat.com, rbryant(a)redhat.com,
rjones(a)redhat.com, s(a)shk.io, sclewis(a)redhat.com,
yeylon(a)redhat.com
26437 prevent /api/* from returning text/html error messages which could act as
an XSS vector (since 2.1.0)
Bug 26437 allowed an attacker to create a URL to "/api/..." which would
provoke an internal server error, resulting in the server returning an
html page with text from the URL embedded and not escaped. This was
fixed by ensuring all URLs below /api/ only ever return responses with a
content type of application/json, even in the case of an internal server
error.
Upstream patches:
http://hg.rabbitmq.com/rabbitmq-web-dispatch/rev/caf3d0a80cf3
References:
https://groups.google.com/forum/#!topic/rabbitmq-users/-3Z2FyGtXhs
--
You are receiving this mail because:
You are on the CC list for the bug.