java-sig-commits April 2020

java-sig-commits@lists.fedoraproject.org

1 participants
402 discussions

[Bug 1806398] CVE-2020-1938 tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability
by bugzilla＠redhat.com 21 Apr '20

21 Apr '20

https://bugzilla.redhat.com/show_bug.cgi?id=1806398 --- Comment #125 from errata-xmlrpc <errata-xmlrpc(a)redhat.com> --- This issue has been addressed in the following products: Red Hat JBoss Web Server 5.3 on RHEL 7 Red Hat JBoss Web Server 5.3 on RHEL 6 Red Hat JBoss Web Server 5.3 on RHEL 8 Via RHSA-2020:1520 https://access.redhat.com/errata/RHSA-2020:1520 -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1806398] CVE-2020-1938 tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability
by bugzilla＠redhat.com 21 Apr '20

21 Apr '20

https://bugzilla.redhat.com/show_bug.cgi?id=1806398 errata-xmlrpc <errata-xmlrpc(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Link ID| |Red Hat Product Errata | |RHSA-2020:1521 -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1806398] CVE-2020-1938 tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability
by bugzilla＠redhat.com 21 Apr '20

21 Apr '20

https://bugzilla.redhat.com/show_bug.cgi?id=1806398 --- Comment #124 from errata-xmlrpc <errata-xmlrpc(a)redhat.com> --- This issue has been addressed in the following products: Red Hat JBoss Web Server Via RHSA-2020:1521 https://access.redhat.com/errata/RHSA-2020:1521 -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1618573] CVE-2018-11771 apache-commons-compress: ZipArchiveInputStream.read() fails to identify correct EOF allowing for DoS via crafted zip
by bugzilla＠redhat.com 21 Apr '20

21 Apr '20

https://bugzilla.redhat.com/show_bug.cgi?id=1618573 Yadnyawalk Tale <ytale(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |btotty(a)redhat.com, | |hhudgeon(a)redhat.com, | |lzap(a)redhat.com, | |nmoumoul(a)redhat.com, | |sokeeffe(a)redhat.com, | |tbrisker(a)redhat.com --- Comment #14 from Yadnyawalk Tale <ytale(a)redhat.com> --- Satellite 6.0 was shipping lucene4-contrib which has commons-compress embedded. It is EOL on February 21, 2018. ~~~ [ytale@cordelia manifests]$ cat manifest-eol.txt | grep satellite | grep commons-compres manifest-eol.txt:14677:rhn_satellite:6.0/lucene4-contrib-4.6.1-1.el6sat.noarch.rpm/Commons Compress/1.4.1/commons-compress-1.4.1.jar ~~~ Ref - https://access.redhat.com/support/policy/updates/satellite/ -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1595639] CVE-2017-7656 jetty: HTTP request smuggling using the range header
by bugzilla＠redhat.com 16 Apr '20

16 Apr '20

https://bugzilla.redhat.com/show_bug.cgi?id=1595639 --- Comment #6 from Cedric Buissart 🐶 <cbuissar(a)redhat.com> --- Statement: This issue affects the versions of jetty embedded in the nutch package as shipped with Red Hat Satellite 5. The nutch service is not exposed, as such exploitation is difficult, Red Hat Product Security has rated this issue as having security impact of Low. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1595621] CVE-2017-7658 jetty: Incorrect header handling
by bugzilla＠redhat.com 16 Apr '20

16 Apr '20

https://bugzilla.redhat.com/show_bug.cgi?id=1595621 --- Comment #6 from Cedric Buissart 🐶 <cbuissar(a)redhat.com> --- Statement: This issue affects the versions of jetty embedded in the nutch package as shipped with Red Hat Satellite 5. The nutch service is not exposed, as such exploitation is difficult, Red Hat Product Security has rated this issue as having security impact of Low. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1595620] CVE-2017-7657 jetty: HTTP request smuggling
by bugzilla＠redhat.com 16 Apr '20

16 Apr '20

https://bugzilla.redhat.com/show_bug.cgi?id=1595620 --- Comment #7 from Cedric Buissart 🐶 <cbuissar(a)redhat.com> --- Statement: This issue affects the versions of jetty embedded in the nutch package as shipped with Red Hat Satellite 5. The nutch service is not exposed, as such exploitation is difficult, Red Hat Product Security has rated this issue as having security impact of Low. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1784219] New: mvel-2.4.5.Final is available
by bugzilla＠redhat.com 16 Apr '20

16 Apr '20

https://bugzilla.redhat.com/show_bug.cgi?id=1784219 Bug ID: 1784219 Summary: mvel-2.4.5.Final is available Product: Fedora Version: rawhide Status: NEW Component: mvel Keywords: FutureFeature, Triaged Assignee: decathorpe(a)gmail.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: decathorpe(a)gmail.com, java-sig-commits(a)lists.fedoraproject.org, puntogil(a)libero.it, stewardship-sig(a)lists.fedoraproject.org Target Milestone: --- Classification: Fedora Latest upstream release: 2.4.5.Final Current version/release in rawhide: 2.2.8-8.fc31 URL: https://github.com/mvel Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/9404/ -- You are receiving this mail because: You are on the CC list for the bug.

1 7

[Bug 1806398] CVE-2020-1938 tomcat: Apache Tomcat AJP File Read/Inclusion Vulnerability
by bugzilla＠redhat.com 16 Apr '20

16 Apr '20

https://bugzilla.redhat.com/show_bug.cgi?id=1806398 errata-xmlrpc <errata-xmlrpc(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Link ID| |Red Hat Product Errata | |RHBA-2020:1492 -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1595621] CVE-2017-7658 jetty: Incorrect header handling
by bugzilla＠redhat.com 15 Apr '20

15 Apr '20

https://bugzilla.redhat.com/show_bug.cgi?id=1595621 Chess Hazlett <chazlett(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|medium |high Severity|medium |high -- You are receiving this mail because: You are on the CC list for the bug.

1 0

← Newer
1
...
32
33
34
35
36
37
38
...
41
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

java-sig-commits April 2020