https://bugzilla.redhat.com/show_bug.cgi?id=1296926
Bug ID: 1296926
Summary: Unable to build after rebase to PostgreSQL 9.5
Product: Fedora
Version: rawhide
Component: ambari
Assignee: pmackinn(a)redhat.com
Reporter: pkajaba(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
me(a)coolsvap.net, moceap(a)hotmail.com,
pmackinn(a)redhat.com
Description of problem:
Unable to build after rebase to PostgreSQL 9.5
here is koji url:
http://koji.fedoraproject.org/koji/taskinfo?taskID=12465992
After short look to log, it does not seem to be related to PostgreSQL
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=2keP2DmEbS&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1289690
Bug ID: 1289690
Summary: hawtjni-1.11 is available
Product: Fedora
Version: rawhide
Component: hawtjni
Assignee: mgoldman(a)redhat.com
Reporter: puntogil(a)libero.it
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
mgoldman(a)redhat.com, mizdebsk(a)redhat.com
Latest upstream release: 1.1
Current version/release in rawhide: 1.10-5.fc23
URL: https://github.com/fusesource/hawtjni/tags
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=3ccpUhFqRw&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1294230
Bug ID: 1294230
Summary: Please provide support for EPEL7
Product: Fedora
Version: rawhide
Component: powermock
Severity: medium
Assignee: rkennke(a)redhat.com
Reporter: projects.rg(a)smart.ms
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
jerboaa(a)gmail.com, msimacek(a)redhat.com,
neugens(a)redhat.com, projects.rg(a)smart.ms,
rkennke(a)redhat.com
Description of problem:
There are packages for EPEL6 and 5. Please apply it also for EPEL7.
Version-Release number of selected component (if applicable):
-
How reproducible:
yes
Steps to Reproduce:
1. run an EPEL7 system
2. dnf install powermock
3.
Actual results:
no package found.
Expected results:
powermock gets installed with success.
Additional info:
DEBUG util.py:393: Getting requirements for powermock-1.6.2-2.el7.src
DEBUG util.py:393: --> maven-local-3.4.1-11.el7.noarch
DEBUG util.py:393: --> apache-commons-logging-1.1.2-7.el7.noarch
DEBUG util.py:393: --> tomcat-servlet-3.0-api-7.0.54-2.el7_1.noarch
DEBUG util.py:393: --> junit-4.11-8.el7.noarch
DEBUG util.py:393: --> cglib-2.2-18.el7.noarch
DEBUG util.py:393: --> maven-plugin-bundle-2.3.7-12.el7.noarch
DEBUG util.py:393: --> javassist-3.16.1-10.el7.noarch
DEBUG util.py:393: --> mockito-1.9.0-19.el7.noarch
DEBUG util.py:393: --> mockito-1.9.0-19.el7.noarch
DEBUG util.py:393: --> objenesis-1.2-18.el7.noarch
DEBUG util.py:393: --> sonatype-oss-parent-7-6.el7.noarch
DEBUG util.py:393: Error: No Package found for mvn(cglib:cglib-nodep)
DEBUG util.py:393: Error: No Package found for mvn(org.easymock:easymock)
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=GemvJMgqTe&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1311085
Bug ID: 1311085
Summary: CVE-2015-5346 Apache Tomcat Session fixation
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: low
Priority: low
Assignee: security-response-team(a)redhat.com
Reporter: twalsh(a)redhat.com
CC: aileenc(a)redhat.com, alazarot(a)redhat.com,
alee(a)redhat.com, asantos(a)redhat.com,
bbaranow(a)redhat.com, bdawidow(a)redhat.com,
bmaxwell(a)redhat.com, brms-jira(a)redhat.com,
ccoleman(a)redhat.com, cdewolf(a)redhat.com,
chazlett(a)redhat.com, csutherl(a)redhat.com,
dandread(a)redhat.com, darran.lofthouse(a)redhat.com,
dknox(a)redhat.com, dmcphers(a)redhat.com,
epp-bugs(a)redhat.com, etirelli(a)redhat.com,
fnasser(a)redhat.com, gvarsami(a)redhat.com,
hfnukal(a)redhat.com, huwang(a)redhat.com,
ivan.afonichev(a)gmail.com, jason.greene(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jawilson(a)redhat.com, jboss-set(a)redhat.com,
jbpapp-maint(a)redhat.com, jclere(a)redhat.com,
jcoleman(a)redhat.com, jdg-bugs(a)redhat.com,
jdoyle(a)redhat.com, jialiu(a)redhat.com,
joelsmith(a)redhat.com, jokerman(a)redhat.com,
jpallich(a)redhat.com, jshepherd(a)redhat.com,
kconner(a)redhat.com, krzysztof.daniel(a)gmail.com,
kseifried(a)redhat.com, ldimaggi(a)redhat.com,
lgao(a)redhat.com, lmeyer(a)redhat.com,
lpetrovi(a)redhat.com, mbabacek(a)redhat.com,
mbaluch(a)redhat.com, me(a)coolsvap.net,
miburman(a)redhat.com, mmccomas(a)redhat.com,
mweiler(a)redhat.com, mwinkler(a)redhat.com,
myarboro(a)redhat.com, nwallace(a)redhat.com,
pavelp(a)redhat.com, pcheung(a)redhat.com,
pgier(a)redhat.com, psakar(a)redhat.com,
pslavice(a)redhat.com, rnetuka(a)redhat.com,
rrajasek(a)redhat.com, rsvoboda(a)redhat.com,
rwagner(a)redhat.com, rzhang(a)redhat.com,
soa-p-jira(a)post-office.corp.redhat.com,
spinder(a)redhat.com, tcunning(a)redhat.com,
theute(a)redhat.com, tkirby(a)redhat.com,
ttarrant(a)redhat.com, twalsh(a)redhat.com,
vtunka(a)redhat.com, weli(a)redhat.com
When recycling the Request object to use for a new request, the
requestedSessionSSL field was not recycled. This meant that a session ID
provided in the next request to be processed using the recycled Request object
could be used when it should not have been. This gave the client the ability to
control the session ID. In theory, this could have been used as part of a
session fixation attack but it would have been hard to achieve as the attacker
would not have been able to force the victim to use the 'correct' Request
object. It was also necessary for at least one web application to be configured
to use the SSL session ID as the HTTP session ID. This is not a common
configuration.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1311093
Bug ID: 1311093
Summary: CVE-2016-0763 tomcat: security manager bypass via
setGlobalContext()
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: anemec(a)redhat.com
CC: aileenc(a)redhat.com, alazarot(a)redhat.com,
alee(a)redhat.com, asantos(a)redhat.com,
bbaranow(a)redhat.com, bdawidow(a)redhat.com,
bmaxwell(a)redhat.com, brms-jira(a)redhat.com,
ccoleman(a)redhat.com, cdewolf(a)redhat.com,
chazlett(a)redhat.com, csutherl(a)redhat.com,
dandread(a)redhat.com, darran.lofthouse(a)redhat.com,
dknox(a)redhat.com, dmcphers(a)redhat.com,
epp-bugs(a)redhat.com, etirelli(a)redhat.com,
fnasser(a)redhat.com, gvarsami(a)redhat.com,
hfnukal(a)redhat.com, huwang(a)redhat.com,
ivan.afonichev(a)gmail.com, jason.greene(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jawilson(a)redhat.com, jboss-set(a)redhat.com,
jclere(a)redhat.com, jcoleman(a)redhat.com,
jdg-bugs(a)redhat.com, jdoyle(a)redhat.com,
jialiu(a)redhat.com, joelsmith(a)redhat.com,
jokerman(a)redhat.com, jpallich(a)redhat.com,
jshepherd(a)redhat.com, kconner(a)redhat.com,
krzysztof.daniel(a)gmail.com, kseifried(a)redhat.com,
ldimaggi(a)redhat.com, lgao(a)redhat.com,
lmeyer(a)redhat.com, lpetrovi(a)redhat.com,
mbabacek(a)redhat.com, mbaluch(a)redhat.com,
me(a)coolsvap.net, miburman(a)redhat.com,
mmccomas(a)redhat.com, mweiler(a)redhat.com,
mwinkler(a)redhat.com, myarboro(a)redhat.com,
nwallace(a)redhat.com, pavelp(a)redhat.com,
pcheung(a)redhat.com, pgier(a)redhat.com,
psakar(a)redhat.com, pslavice(a)redhat.com,
rnetuka(a)redhat.com, rrajasek(a)redhat.com,
rsvoboda(a)redhat.com, rwagner(a)redhat.com,
rzhang(a)redhat.com,
soa-p-jira(a)post-office.corp.redhat.com,
spinder(a)redhat.com, tcunning(a)redhat.com,
theute(a)redhat.com, tkirby(a)redhat.com,
ttarrant(a)redhat.com, twalsh(a)redhat.com,
vtunka(a)redhat.com, weli(a)redhat.com
ResourceLinkFactory.setGlobalContext() is a public method and was
accessible by web applications running under a security manager
without any checks. This allowed a malicious web application to inject
a malicious global context that could in turn be used to disrupt other
web applications and/or read and write data owned by other web
applications.
External references:
http://seclists.org/bugtraq/2016/Feb/147
--
You are receiving this mail because:
You are on the CC list for the bug.