java-sig-commits April 2018

java-sig-commits@lists.fedoraproject.org

1 participants
426 discussions

[Bug 1570497] New: CVE-2018-10254 nasm: Stack-based buffer over-read in disasm/disasm.c:disasm() can allow attackers to cause a denial of service [fedora-all]
by bugzilla＠redhat.com 27 Nov '18

27 Nov '18

https://bugzilla.redhat.com/show_bug.cgi?id=1570497 Bug ID: 1570497 Summary: CVE-2018-10254 nasm: Stack-based buffer over-read in disasm/disasm.c:disasm() can allow attackers to cause a denial of service [fedora-all] Product: Fedora Version: 27 Component: nasm Keywords: Security, SecurityTracking Severity: low Priority: low Assignee: mizdebsk(a)redhat.com Reporter: sfowler(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, msimacek(a)redhat.com This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug.

1 4

[Bug 1508131] New: CVE-2016-5004 xmlrpc: XSS in Content-Encoding HTTP header of xmlrpc [fedora-all]
by bugzilla＠redhat.com 27 Nov '18

27 Nov '18

https://bugzilla.redhat.com/show_bug.cgi?id=1508131 Bug ID: 1508131 Summary: CVE-2016-5004 xmlrpc: XSS in Content-Encoding HTTP header of xmlrpc [fedora-all] Product: Fedora Version: 26 Component: xmlrpc Keywords: Security, SecurityTracking Severity: low Priority: low Assignee: mizdebsk(a)redhat.com Reporter: psampaio(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: dbhole(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, krzysztof.daniel(a)gmail.com, mizdebsk(a)redhat.com, msimacek(a)redhat.com, puntogil(a)libero.it, sochotni(a)redhat.com This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug.

1 9

[Bug 1434343] New: CVE-2017-2651 jenkins-mailer-plugin: Emails were sent to addresses not associated with actual users of Jenkins by Mailer Plugin [fedora-all]
by bugzilla＠redhat.com 27 Nov '18

27 Nov '18

https://bugzilla.redhat.com/show_bug.cgi?id=1434343 Bug ID: 1434343 Summary: CVE-2017-2651 jenkins-mailer-plugin: Emails were sent to addresses not associated with actual users of Jenkins by Mailer Plugin [fedora-all] Product: Fedora Version: 25 Component: jenkins-mailer-plugin Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: msrb(a)redhat.com Reporter: amaris(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, msimacek(a)redhat.com, msrb(a)redhat.com This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug.

1 7

[Bug 1517477] New: Jenkins dependency is missing on Fedora 27
by bugzilla＠redhat.com 27 Nov '18

27 Nov '18

https://bugzilla.redhat.com/show_bug.cgi?id=1517477 Bug ID: 1517477 Summary: Jenkins dependency is missing on Fedora 27 Product: Fedora Version: 27 Component: jenkins Assignee: msrb(a)redhat.com Reporter: psppsn96(a)gmail.com QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, msrb(a)redhat.com Created attachment 1359038 --> https://bugzilla.redhat.com/attachment.cgi?id=1359038&action=edit jenkins.log Description of problem: Upon an upgrade from Fedora 25 to 27 (using dnf-plugin-system-upgrade), Jenkins no longer returns anything on its web interface. Version-Release number of selected component (if applicable): jenkins-1.651.3-6.fc27.noarch Additional info: Lines of the log that grab my attention INFO: NO JSP Support for , did not find org.apache.jasper.servlet.JspServlet and Caused by: java.lang.NoSuchMethodError: org.dom4j.io.HTMLWriter.setEnabled(Z)V -- You are receiving this mail because: You are on the CC list for the bug.

1 16

[Bug 1539175] New: CVE-2018-1051 resteasy: Unsafe unmarshalling in YamlProvider allows code execution [fedora-all]
by bugzilla＠redhat.com 27 Nov '18

27 Nov '18

https://bugzilla.redhat.com/show_bug.cgi?id=1539175 Bug ID: 1539175 Summary: CVE-2018-1051 resteasy: Unsafe unmarshalling in YamlProvider allows code execution [fedora-all] Product: Fedora Version: 27 Component: resteasy Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: alee(a)redhat.com Reporter: kseifried(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: alee(a)redhat.com, dchen(a)redhat.com, edewata(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, mgoldman(a)redhat.com, puntogil(a)libero.it, weli(a)redhat.com This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug.

1 3

[Bug 1564409] New: CVE-2018-1270 CVE-2018-1272 springframework: various flaws [fedora-all]
by bugzilla＠redhat.com 27 Nov '18

27 Nov '18

https://bugzilla.redhat.com/show_bug.cgi?id=1564409 Bug ID: 1564409 Summary: CVE-2018-1270 CVE-2018-1272 springframework: various flaws [fedora-all] Product: Fedora Version: 27 Component: springframework Keywords: Security, SecurityTracking Severity: urgent Priority: urgent Assignee: puntogil(a)libero.it Reporter: anemec(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: dchen(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, lef(a)fedoraproject.org, puntogil(a)libero.it This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug.

1 4

[Bug 1563661] New: google-guice-4.2.0 is available
by bugzilla＠redhat.com 27 Nov '18

27 Nov '18

https://bugzilla.redhat.com/show_bug.cgi?id=1563661 Bug ID: 1563661 Summary: google-guice-4.2.0 is available Product: Fedora Version: rawhide Component: google-guice Keywords: FutureFeature, Triaged Assignee: mizdebsk(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, msimacek(a)redhat.com, sochotni(a)redhat.com Latest upstream release: 4.2.0 Current version/release in rawhide: 4.1-10.fc28 URL: http://repo2.maven.org/maven2/org/sonatype/sisu/sisu-guice/ Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/1231/ -- You are receiving this mail because: You are on the CC list for the bug.

1 2

[Bug 1476630] New: maven-enforcer-3.0.0-M1 is available
by bugzilla＠redhat.com 27 Nov '18

27 Nov '18

https://bugzilla.redhat.com/show_bug.cgi?id=1476630 Bug ID: 1476630 Summary: maven-enforcer-3.0.0-M1 is available Product: Fedora Version: rawhide Component: maven-enforcer Keywords: FutureFeature, Triaged Assignee: msimacek(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: jaromir.capik(a)email.cz, java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, msimacek(a)redhat.com Latest upstream release: 3.0.0-M1 Current version/release in rawhide: 1.4.1-5.fc26 URL: http://repo1.maven.org/maven2/org/apache/maven/enforcer/enforcer/ Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/1909/ -- You are receiving this mail because: You are on the CC list for the bug.

1 5

[Bug 1417565] New: maven-invoker-3.0.0 is available
by Red Hat Bugzilla 27 Nov '18

27 Nov '18

https://bugzilla.redhat.com/show_bug.cgi?id=1417565 Bug ID: 1417565 Summary: maven-invoker-3.0.0 is available Product: Fedora Version: rawhide Component: maven-invoker Keywords: FutureFeature, Triaged Assignee: mizdebsk(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com Latest upstream release: 3.0.0 Current version/release in rawhide: 2.2-4.fc25 URL: http://maven.apache.org/shared/maven-invoker/ Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/12952/ -- You are receiving this mail because: You are on the CC list for the bug.

2 8

[Bug 1509193] New: CVE-2017-12625 hive: Information disclosure vulnerability for column masking [fedora-all]
by bugzilla＠redhat.com 26 Nov '18

26 Nov '18

https://bugzilla.redhat.com/show_bug.cgi?id=1509193 Bug ID: 1509193 Summary: CVE-2017-12625 hive: Information disclosure vulnerability for column masking [fedora-all] Product: Fedora Version: 26 Component: hive Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: pmackinn(a)redhat.com Reporter: anemec(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, me(a)coolsvap.net, moceap(a)hotmail.com, pmackinn(a)redhat.com This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug.

1 6

← Newer
1
...
5
6
7
8
9
10
11
...
43
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

java-sig-commits April 2018