[Bug 1094143] New: Desktop centric polkit ejabberdctl policy file, prevents server use
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1094143
Bug ID: 1094143
Summary: Desktop centric polkit ejabberdctl policy file,
prevents server use
Product: Fedora
Version: 20
Component: ejabberd
Assignee: lemenkov(a)gmail.com
Reporter: stefw(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erlang(a)lists.fedoraproject.org, jkaluza(a)redhat.com,
lemenkov(a)gmail.com, martin(a)laptop.org
Blocks: 1094121
Description of problem:
The shipped polkit policy is completely desktop-centric and expects that the
admin user is logged in a local session (ie: a seat in logind parlance, with a
monitor and keyboard).
This prevents DBus API use when logged in via ssh (and using pkttyagent as your
polkit agent) or via Cockpit.
The <allow_any> tag in polkit policy applies to non-local sessions. It should
be set to something other than 'no' unless the action directly affects hardware
of the login seat.
Version-Release number of selected component (if applicable):
2.1.13-7.fc20
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1094121
[Bug 1094121] Tracker: Fix desktop centric polkit policy
--
You are receiving this mail because:
You are on the CC list for the bug.
7 years, 4 months
[Bug 1166064] New: CVE-2012-6662 jquery-ui: XSS vulnerability in default content in Tooltip widget
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1166064
Bug ID: 1166064
Summary: CVE-2012-6662 jquery-ui: XSS vulnerability in default
content in Tooltip widget
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: vkaigoro(a)redhat.com
CC: abaron(a)redhat.com, abokovoy(a)redhat.com,
andrew(a)topdog.za.net, andrewniemants(a)gmail.com,
aortega(a)redhat.com, apatters(a)redhat.com,
apevec(a)redhat.com, athmanem(a)gmail.com,
ayoung(a)redhat.com, bazanluis20(a)gmail.com,
bkabrda(a)redhat.com, bkearney(a)redhat.com,
bleanhar(a)redhat.com, brett.lentz(a)gmail.com,
bruno(a)wolff.to, casper(a)casperlefantom.net,
cbillett(a)redhat.com, ccoleman(a)redhat.com,
chat-to-me(a)raveit.de, chkr(a)plauener.de,
chrisw(a)redhat.com, comzeradd(a)fedoraproject.org,
cpelland(a)redhat.com, croberts(a)redhat.com,
dajohnso(a)redhat.com, dallan(a)redhat.com, dan(a)danny.cz,
david.r(a)ultracar.co.uk, dclarizi(a)redhat.com,
devrim(a)gunduz.org, dmcphers(a)redhat.com,
dridi.boukelmoune(a)gmail.com, echevemaster(a)gmail.com,
emmanuel(a)seyman.fr, erlang(a)lists.fedoraproject.org,
extras-orphan(a)fedoraproject.org, fabio(a)locati.cc,
fdc(a)fcami.net, fedora(a)famillecollet.com,
frankly3d(a)gmail.com, gbailey(a)lxpro.com,
gkotton(a)redhat.com, gmccullo(a)redhat.com,
herrold(a)owlriver.com, hhorak(a)redhat.com,
hobbes1069(a)gmail.com, home(a)trarbentley.net,
i(a)cicku.me, i(a)stingr.net, ian(a)ianweller.org,
iarnell(a)gmail.com, ipa-maint(a)redhat.com,
ivaxer(a)gmail.com, jamielinux(a)fedoraproject.org,
jaswinder(a)kernel.org, jdetiber(a)redhat.com,
jdornak(a)redhat.com, jhardy(a)redhat.com,
jialiu(a)redhat.com, jimi(a)sngx.net, jkeck(a)redhat.com,
jmlich(a)redhat.com, jochen(a)herr-schmitt.de,
joelsmith(a)redhat.com, jokajak(a)fedoraproject.org,
jokerman(a)redhat.com, jonathansteffan(a)gmail.com,
jorton(a)redhat.com, jprause(a)redhat.com,
jrafanie(a)redhat.com, jsmith.fedora(a)gmail.com,
jstribny(a)redhat.com, jvlcek(a)redhat.com,
karlthered(a)gmail.com, katello-bugs(a)redhat.com,
kevin(a)scrye.com, kseifried(a)redhat.com,
ktdreyer(a)ktdreyer.com, kwizart(a)gmail.com,
leigh123linux(a)googlemail.com, lemenkov(a)gmail.com,
lhh(a)redhat.com, limburgher(a)gmail.com,
lmacken(a)redhat.com, lmeyer(a)redhat.com,
loganjerry(a)gmail.com, lpeer(a)redhat.com, luto(a)mit.edu,
markmc(a)redhat.com, matt(a)cs.wisc.edu,
mbarnes(a)redhat.com, mburns(a)redhat.com,
mcepl(a)redhat.com, mclasen(a)redhat.com,
metherid(a)gmail.com, mhroncok(a)redhat.com,
michel(a)michel-slm.name, mike(a)cchtml.com,
miketwebster(a)gmail.com, mkosek(a)redhat.com,
mmaslano(a)redhat.com, mmccomas(a)redhat.com,
mmccune(a)redhat.com, mmcgrath(a)redhat.com,
mrunge(a)redhat.com, nelsonab(a)red-tux.net,
nonamedotc(a)gmail.com, nushio(a)fedoraproject.org,
obarenbo(a)redhat.com, oliver(a)linux-kernel.at,
orion(a)cora.nwra.com,
paulo.cesar.pereira.de.andrade(a)gmail.com,
pavel(a)zhukoff.net, perl-devel(a)lists.fedoraproject.org,
peter.borsa(a)gmail.com, phalliday(a)excelsiorsystems.net,
pmyers(a)redhat.com, praiskup(a)redhat.com,
promac(a)gmail.com, puiterwijk(a)redhat.com,
pviktori(a)redhat.com, pvoborni(a)redhat.com,
python-maint(a)redhat.com, rbean(a)redhat.com,
rbryant(a)redhat.com, rcritten(a)redhat.com,
relrod(a)redhat.com, rhos-maint(a)redhat.com,
rnovacek(a)redhat.com, robinlee.sysu(a)gmail.com,
satya.komaragiri(a)gmail.com, sclewis(a)redhat.com,
scott(a)foolishpride.org, sdodson(a)sdodson.com,
shawn.iwinski(a)gmail.com, smparrish(a)gmail.com,
ssorce(a)redhat.com, stickster(a)gmail.com, sven(a)lank.es,
tadej.janez(a)tadej.hicsalta.si,
tchollingsworth(a)gmail.com, thomas.moschny(a)gmx.de,
thozza(a)redhat.com, tim4dev(a)gmail.com, tjay(a)redhat.com,
tmckay(a)redhat.com, tomckay(a)redhat.com,
vanmeeuwen+fedora(a)kolabsys.com, volker27(a)gmx.at,
vondruch(a)redhat.com, vonsch(a)gmail.com,
wojdyr(a)gmail.com, wtogami(a)gmail.com,
xlecauch(a)redhat.com, yeylon(a)redhat.com,
yohangraterol92(a)gmail.com, zbyszek(a)in.waw.pl
jQuery UI 1.10.0 release fixes XSS issue [1] in jQuery Tooltip widget.
>From [1]:
...
WIDGETS
Tooltip
Fixed: XSS vulnerability in default content. (#8861, f285440)
...
The issue was initially reported in [2], and then actually fixed in [3] by
commit [4].
[1]: http://jqueryui.com/changelog/1.10.0/
[2]: http://bugs.jqueryui.com/ticket/8859
[3]: http://bugs.jqueryui.com/ticket/8861
[4]:
https://github.com/jquery/jquery-ui/commit/f2854408cce7e4b7fc6bf867676190...
--
Note: whiteboard lists quite some packages, which are known to have jQuery
embedded.
--
You are receiving this mail because:
You are on the CC list for the bug.
7 years, 4 months
[Bug 1166041] New: CVE-2010-5312 jquery-ui: XSS vulnerability in jQuery.ui.dialog title option
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1166041
Bug ID: 1166041
Summary: CVE-2010-5312 jquery-ui: XSS vulnerability in
jQuery.ui.dialog title option
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: vkaigoro(a)redhat.com
CC: abaron(a)redhat.com, abokovoy(a)redhat.com,
andrew(a)topdog.za.net, andrewniemants(a)gmail.com,
aortega(a)redhat.com, apatters(a)redhat.com,
apevec(a)redhat.com, athmanem(a)gmail.com,
ayoung(a)redhat.com, bazanluis20(a)gmail.com,
bkabrda(a)redhat.com, bkearney(a)redhat.com,
bleanhar(a)redhat.com, brett.lentz(a)gmail.com,
bruno(a)wolff.to, casper(a)casperlefantom.net,
cbillett(a)redhat.com, ccoleman(a)redhat.com,
chat-to-me(a)raveit.de, chkr(a)plauener.de,
chrisw(a)redhat.com, comzeradd(a)fedoraproject.org,
cpelland(a)redhat.com, croberts(a)redhat.com,
dajohnso(a)redhat.com, dallan(a)redhat.com, dan(a)danny.cz,
david.r(a)ultracar.co.uk, dclarizi(a)redhat.com,
devrim(a)gunduz.org, dmcphers(a)redhat.com,
dridi.boukelmoune(a)gmail.com, echevemaster(a)gmail.com,
emmanuel(a)seyman.fr, erlang(a)lists.fedoraproject.org,
extras-orphan(a)fedoraproject.org, fabio(a)locati.cc,
fdc(a)fcami.net, fedora(a)famillecollet.com,
frankly3d(a)gmail.com, gbailey(a)lxpro.com,
gkotton(a)redhat.com, gmccullo(a)redhat.com,
herrold(a)owlriver.com, hhorak(a)redhat.com,
hobbes1069(a)gmail.com, home(a)trarbentley.net,
i(a)cicku.me, i(a)stingr.net, ian(a)ianweller.org,
iarnell(a)gmail.com, ipa-maint(a)redhat.com,
ivaxer(a)gmail.com, jamielinux(a)fedoraproject.org,
jaswinder(a)kernel.org, jdetiber(a)redhat.com,
jdornak(a)redhat.com, jhardy(a)redhat.com,
jialiu(a)redhat.com, jimi(a)sngx.net, jkeck(a)redhat.com,
jmlich(a)redhat.com, jochen(a)herr-schmitt.de,
joelsmith(a)redhat.com, jokajak(a)fedoraproject.org,
jokerman(a)redhat.com, jonathansteffan(a)gmail.com,
jorton(a)redhat.com, jprause(a)redhat.com,
jrafanie(a)redhat.com, jsmith.fedora(a)gmail.com,
jstribny(a)redhat.com, jvlcek(a)redhat.com,
karlthered(a)gmail.com, katello-bugs(a)redhat.com,
kevin(a)scrye.com, kseifried(a)redhat.com,
ktdreyer(a)ktdreyer.com, kwizart(a)gmail.com,
leigh123linux(a)googlemail.com, lemenkov(a)gmail.com,
lhh(a)redhat.com, limburgher(a)gmail.com,
lmacken(a)redhat.com, lmeyer(a)redhat.com,
loganjerry(a)gmail.com, lpeer(a)redhat.com, luto(a)mit.edu,
markmc(a)redhat.com, matt(a)cs.wisc.edu,
mbarnes(a)redhat.com, mburns(a)redhat.com,
mcepl(a)redhat.com, mclasen(a)redhat.com,
metherid(a)gmail.com, mhroncok(a)redhat.com,
michel(a)michel-slm.name, mike(a)cchtml.com,
miketwebster(a)gmail.com, mkosek(a)redhat.com,
mmaslano(a)redhat.com, mmccomas(a)redhat.com,
mmccune(a)redhat.com, mmcgrath(a)redhat.com,
mrunge(a)redhat.com, nelsonab(a)red-tux.net,
nonamedotc(a)gmail.com, nushio(a)fedoraproject.org,
obarenbo(a)redhat.com, oliver(a)linux-kernel.at,
orion(a)cora.nwra.com,
paulo.cesar.pereira.de.andrade(a)gmail.com,
pavel(a)zhukoff.net, perl-devel(a)lists.fedoraproject.org,
peter.borsa(a)gmail.com, phalliday(a)excelsiorsystems.net,
pmyers(a)redhat.com, praiskup(a)redhat.com,
promac(a)gmail.com, puiterwijk(a)redhat.com,
pviktori(a)redhat.com, pvoborni(a)redhat.com,
python-maint(a)redhat.com, rbean(a)redhat.com,
rbryant(a)redhat.com, rcritten(a)redhat.com,
relrod(a)redhat.com, rhos-maint(a)redhat.com,
rnovacek(a)redhat.com, robinlee.sysu(a)gmail.com,
satya.komaragiri(a)gmail.com, sclewis(a)redhat.com,
scott(a)foolishpride.org, sdodson(a)sdodson.com,
shawn.iwinski(a)gmail.com, smparrish(a)gmail.com,
ssorce(a)redhat.com, stickster(a)gmail.com, sven(a)lank.es,
tadej.janez(a)tadej.hicsalta.si,
tchollingsworth(a)gmail.com, thomas.moschny(a)gmx.de,
thozza(a)redhat.com, tim4dev(a)gmail.com, tjay(a)redhat.com,
tmckay(a)redhat.com, tomckay(a)redhat.com,
vanmeeuwen+fedora(a)kolabsys.com, volker27(a)gmx.at,
vondruch(a)redhat.com, vonsch(a)gmail.com,
wojdyr(a)gmail.com, wtogami(a)gmail.com,
xlecauch(a)redhat.com, yeylon(a)redhat.com,
yohangraterol92(a)gmail.com, zbyszek(a)in.waw.pl
jQuery UI 1.10.0 release fixes XSS issue [1] in jQuery.ui.dialog title option.
>From [1]:
...
WIDGETS
Dialog
Fixed: Title XSS Vulnerability. (#6016, 7e9060c)
...
Upstream commit that fixes this:
https://github.com/jquery/jquery-ui/commit/7e9060c109b928769a664dbcc2c17b...
More info can be found in the upstream bugtracker [2].
[1]: http://jqueryui.com/changelog/1.10.0/
[2]: http://bugs.jqueryui.com/ticket/6016
--
Note: whiteboard lists quite some packages, which are known to have jQuery
embedded.
--
You are receiving this mail because:
You are on the CC list for the bug.
7 years, 4 months
[Bug 1077547] New: Riak service won't start
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1077547
Bug ID: 1077547
Summary: Riak service won't start
Product: Fedora
Version: 20
Component: riak
Severity: high
Assignee: lemenkov(a)gmail.com
Reporter: j.mark.brooks(a)gmail.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erlang(a)lists.fedoraproject.org, lemenkov(a)gmail.com
Description of problem:
Version-Release number of selected component (if applicable):
How reproducible:
Steps to Reproduce:
1.
2.
3.
Actual results:
Expected results:
Additional info:
--
You are receiving this mail because:
You are on the CC list for the bug.
7 years, 5 months
[Bug 1036780] New: rabbitmq-server wrapper script drops arguments
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1036780
Bug ID: 1036780
Summary: rabbitmq-server wrapper script drops arguments
Product: Fedora
Version: rawhide
Component: rabbitmq-server
Assignee: hubert.plociniczak(a)gmail.com
Reporter: rhbugs(a)rbu.sh
QA Contact: extras-qa(a)fedoraproject.org
CC: erlang(a)lists.fedoraproject.org,
hubert.plociniczak(a)gmail.com, lemenkov(a)gmail.com
Description of problem:
the wrapper script /usr/sbin/rabbitmqctl drops all arguments to the command in
certain cases, for example when the calling user is not root.
I am running a rabbitmq node as a local user (for development) as a regular
user, outside of /var. This works fine, however the Fedora-specific wrapper to
"rabbitctl" will obscure access to the rabbitctl script. It took me quite a
while to debug what was happening, until I found out the command is really a
wrapper whose sole purpose is munging arguments -- and it does it wrong.
Version-Release number of selected component (if applicable):
I am on 3.1.5-1.fc19 but I see the same bug in rawhide.
How reproducible:
Always.
Steps to Reproduce:
1. Be non-root / non-rabbitmq user
2. Run rabbitmqctl status
Actual results:
Error: could not recognise command
Usage:
rabbitmqctl [-n <node>] [-q] <command> [<command options>]
...
Expected results:
Status of node rabbit@localhost ...
[{pid,1234},...
Additional info:
The warning "Only root or rabbitmq should run" should really be "Only root or
rabbitmq must run", as currently it makes it impossible for anyone else.
However, this is not true, as any user *can* run rabbitmq.
Furthermore, users in the rabbitmq group should be able to run management
commands, given the correct parameters.
Lastly, the "rabbitmq-plugins" case looks fishy too, as it allows anyone to run
the rabbitmq-plugins command, and makes the first line obsolete.
--
You are receiving this mail because:
You are on the CC list for the bug.
7 years, 8 months
[Bug 1309684] New: Rebase rabbitmq-server to ver. 3.6.0
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1309684
Bug ID: 1309684
Summary: Rebase rabbitmq-server to ver. 3.6.0
Product: Red Hat OpenStack
Version: 9.0
Component: rabbitmq-server
Keywords: FutureFeature, Triaged
Assignee: plemenko(a)redhat.com
Reporter: plemenko(a)redhat.com
QA Contact: yeylon(a)redhat.com
CC: apevec(a)redhat.com, erlang(a)lists.fedoraproject.org,
extras-qa(a)fedoraproject.org,
hubert.plociniczak(a)gmail.com, jeckersb(a)redhat.com,
lemenkov(a)gmail.com, lhh(a)redhat.com, rjones(a)redhat.com,
s(a)shk.io,
upstream-release-monitoring(a)fedoraproject.org,
yeylon(a)redhat.com
Depends On: 1309683
+++ This bug was initially created as a clone of Bug #1309683 +++
Latest upstream release: 3.6.0
Current version/release in rawhide: 3.5.7-4.fc24
URL: http://www.rabbitmq.com/
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
--- Additional comment from Upstream Release Monitoring on 2016-02-18 08:23:10
EST ---
Failed to kick off scratch build.
cmd: spectool -g /var/tmp/thn-C4bWoT/rabbitmq-server.spec
return code: 22
stdout:
Getting
http://www.rabbitmq.com/releases/rabbitmq-server/v3.6.0/rabbitmq-server-3...
to ./rabbitmq-server-3.6.0.tar.gz
stderr:
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
curl: (22) The requested URL returned error: 404 Not Found
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1309683
[Bug 1309683] rabbitmq-server-3.6.0 is available
--
You are receiving this mail because:
You are on the CC list for the bug.
7 years, 8 months
[Bug 1292170] New: erlang-18.1 is available
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1292170
Bug ID: 1292170
Summary: erlang-18.1 is available
Product: Red Hat OpenStack
Version: 8.0
Component: erlang
Keywords: FutureFeature, Triaged
Assignee: plemenko(a)redhat.com
Reporter: plemenko(a)redhat.com
QA Contact: yeylon(a)redhat.com
CC: apevec(a)redhat.com, erlang(a)lists.fedoraproject.org,
extras-qa(a)fedoraproject.org, jeckersb(a)redhat.com,
lemenkov(a)gmail.com, lhh(a)redhat.com,
rhbugs(a)n-dimensional.de, ruben.caro.estevez(a)gmail.com,
s(a)shk.io,
upstream-release-monitoring(a)fedoraproject.org,
yeylon(a)redhat.com
Depends On: 1221824
+++ This bug was initially created as a clone of Bug #1221824 +++
We really want to upgrade Erlang stack up to 18.x version. Otherwise we won't
have an option to enable HiPE (among other goodies).
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1221824
[Bug 1221824] erlang-18.1 is available
--
You are receiving this mail because:
You are on the CC list for the bug.
7 years, 8 months
[Bug 1264617] New: [abrt] erlang-erts: erl_exit_vv(): beam.smp killed by SIGABRT
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1264617
Bug ID: 1264617
Summary: [abrt] erlang-erts: erl_exit_vv(): beam.smp killed by
SIGABRT
Product: Fedora
Version: 22
Component: erlang
Assignee: lemenkov(a)gmail.com
Reporter: a.shubnikov(a)gmail.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erlang(a)lists.fedoraproject.org, jeckersb(a)redhat.com,
lemenkov(a)gmail.com, rhbugs(a)n-dimensional.de, s(a)shk.io
Version-Release number of selected component:
erlang-erts-17.4-4.fc22
Additional info:
reporter: libreport-2.6.2
backtrace_rating: 4
cmdline: /usr/lib64/erlang/erts-6.3/bin/beam.smp -- -root
/usr/lib64/erlang -progname erl -- -home /home/shuba -- -sname
17_77d04_shuba_7ab41@ingoa -setcookie erlide
crash_function: erl_exit_vv
executable: /usr/lib64/erlang/erts-6.3/bin/beam.smp
global_pid: 8879
kernel: 4.1.6-201.fc22.x86_64
runlevel: N 5
type: CCpp
uid: 1000
Truncated backtrace:
Thread no. 1 (6 frames)
#2 erl_exit_vv at beam/erl_init.c:2110
#3 erl_exit at beam/erl_init.c:2120
#4 halt_2 at beam/bif.c:3974
#5 process_main at beam/beam_emu.c:2779
#6 sched_thread_func at beam/erl_process.c:7743
#7 thr_wrapper at pthread/ethread.c:106
--
You are receiving this mail because:
You are on the CC list for the bug.
7 years, 9 months