https://bugzilla.redhat.com/show_bug.cgi?id=2057622
Bug ID: 2057622
Summary: Please provide jakarta-servlet for EPEL-8
Product: Fedora EPEL
Version: epel8
Status: NEW
Component: jctools
Assignee: paul.wouters(a)aiven.io
Reporter: fedoraproject.org(a)bluhm-de.com
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
paul.wouters(a)aiven.io, puntogil(a)libero.it,
roman(a)fenkhuber.at
Target Milestone: ---
Classification: Fedora
Can you please provide jakarta-servlet for EPEL-8?
If you like, I can take this on. Just add me as contributor (FAS: sbluhm)
EPEL-8 already builds with rawhide code:
https://koji.fedoraproject.org/koji/taskinfo?taskID=83235125
Thank you.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2057622
https://bugzilla.redhat.com/show_bug.cgi?id=2030932
José Enrique <josgutie(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Flags|needinfo?(josgutie(a)redhat.c |
|om) |
--- Comment #124 from José Enrique <josgutie(a)redhat.com> ---
Hi team,
We have a customer asking if it is possible to remove the log4j dependencies,
as comment #122 suggested.
They has updated to the last 4.4.10 version and removed log4j package, but they
want to remove all eap7-logj packages.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2030932
https://bugzilla.redhat.com/show_bug.cgi?id=2056563
Bug ID: 2056563
Summary: Please provide apache-commons-fileupload for EPEL-9
Product: Fedora EPEL
Version: epel9
Status: NEW
Component: apache-commons-fileupload
Assignee: jjelen(a)redhat.com
Reporter: fedoraproject.org(a)bluhm-de.com
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
jerboaa(a)gmail.com, jjelen(a)redhat.com,
mizdebsk(a)redhat.com, SpikeFedora(a)gmail.com
Target Milestone: ---
Classification: Fedora
Can you please provide apache-commons-fileupload for EPEL-9?
Thank you very much!
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2056563
https://bugzilla.redhat.com/show_bug.cgi?id=1997801
Bug ID: 1997801
Summary: CVE-2021-39154 xstream: vulnerable to an arbitrary
code execution attack
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: high
Priority: high
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: abenaiss(a)redhat.com, aileenc(a)redhat.com,
akoufoud(a)redhat.com, alazarot(a)redhat.com,
almorale(a)redhat.com, anstephe(a)redhat.com,
aos-bugs(a)redhat.com, ataylor(a)redhat.com,
bibryam(a)redhat.com, bmontgom(a)redhat.com,
chazlett(a)redhat.com, drieden(a)redhat.com,
eparis(a)redhat.com, etirelli(a)redhat.com,
extras-orphan(a)fedoraproject.org,
fedoraproject.org(a)bluhm-de.com, ggaughan(a)redhat.com,
gmalinko(a)redhat.com, gvarsami(a)redhat.com,
hbraun(a)redhat.com, ibek(a)redhat.com,
janstey(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jburrell(a)redhat.com, jcoleman(a)redhat.com,
jnethert(a)redhat.com, jochrist(a)redhat.com,
jokerman(a)redhat.com, jolee(a)redhat.com,
jrokos(a)redhat.com, jross(a)redhat.com,
jschatte(a)redhat.com, jstastny(a)redhat.com,
jwon(a)redhat.com, kconner(a)redhat.com,
krathod(a)redhat.com, kverlaen(a)redhat.com,
ldimaggi(a)redhat.com, lkundrak(a)v3.sk,
mizdebsk(a)redhat.com, mnovotny(a)redhat.com,
nstielau(a)redhat.com, nwallace(a)redhat.com,
pantinor(a)redhat.com, pbhattac(a)redhat.com,
pdelbell(a)redhat.com, pjindal(a)redhat.com,
rrajasek(a)redhat.com, rwagner(a)redhat.com,
sponnaga(a)redhat.com, tcunning(a)redhat.com,
tkirby(a)redhat.com, tzimanyi(a)redhat.com
Target Milestone: ---
Classification: Other
XStream is a simple library to serialize objects to XML and back again. In
affected versions this vulnerability may allow a remote attacker to load and
execute arbitrary code from a remote host only by manipulating the processed
input stream. No user is affected, who followed the recommendation to setup
XStream's security framework with a whitelist limited to the minimal required
types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be
secured for general purpose.
References:
https://github.com/x-stream/xstream/security/advisories/GHSA-6w62-hx7r-mw68https://x-stream.github.io/CVE-2021-39154.html
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1997793
Bug ID: 1997793
Summary: CVE-2021-39152 xstream: SSRF can be activated
unmarshalling with XStream to access data streams from
an arbitrary URL referencing a resource in an intranet
or the local host
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: high
Priority: high
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: abenaiss(a)redhat.com, aileenc(a)redhat.com,
akoufoud(a)redhat.com, alazarot(a)redhat.com,
almorale(a)redhat.com, anstephe(a)redhat.com,
aos-bugs(a)redhat.com, ataylor(a)redhat.com,
bibryam(a)redhat.com, bmontgom(a)redhat.com,
chazlett(a)redhat.com, drieden(a)redhat.com,
eparis(a)redhat.com, etirelli(a)redhat.com,
extras-orphan(a)fedoraproject.org,
fedoraproject.org(a)bluhm-de.com, ggaughan(a)redhat.com,
gmalinko(a)redhat.com, gvarsami(a)redhat.com,
hbraun(a)redhat.com, ibek(a)redhat.com,
janstey(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jburrell(a)redhat.com, jcoleman(a)redhat.com,
jnethert(a)redhat.com, jochrist(a)redhat.com,
jokerman(a)redhat.com, jolee(a)redhat.com,
jrokos(a)redhat.com, jross(a)redhat.com,
jschatte(a)redhat.com, jstastny(a)redhat.com,
jwon(a)redhat.com, kconner(a)redhat.com,
krathod(a)redhat.com, kverlaen(a)redhat.com,
ldimaggi(a)redhat.com, lkundrak(a)v3.sk,
mizdebsk(a)redhat.com, mnovotny(a)redhat.com,
nstielau(a)redhat.com, nwallace(a)redhat.com,
pantinor(a)redhat.com, pbhattac(a)redhat.com,
pdelbell(a)redhat.com, pjindal(a)redhat.com,
rrajasek(a)redhat.com, rwagner(a)redhat.com,
sponnaga(a)redhat.com, tcunning(a)redhat.com,
tkirby(a)redhat.com, tzimanyi(a)redhat.com
Target Milestone: ---
Classification: Other
XStream is a simple library to serialize objects to XML and back again. In
affected versions this vulnerability may allow a remote attacker to request
data from internal resources that are not publicly available only by
manipulating the processed input stream with a Java runtime version 14 to 8. No
user is affected, who followed the recommendation to setup XStream's security
framework with a whitelist limited to the minimal required types. If you rely
on XStream's default blacklist of the [Security
Framework](https://x-stream.github.io/security.html#framework), you will have
to use at least version 1.4.18.
References:
https://github.com/x-stream/xstream/security/advisories/GHSA-xw4p-crpj-vjx2https://x-stream.github.io/CVE-2021-39152.html
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1997795
Bug ID: 1997795
Summary: CVE-2021-39153 xstream: vulnerable to an arbitrary
code execution attack
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: high
Priority: high
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: abenaiss(a)redhat.com, aileenc(a)redhat.com,
akoufoud(a)redhat.com, alazarot(a)redhat.com,
almorale(a)redhat.com, anstephe(a)redhat.com,
aos-bugs(a)redhat.com, ataylor(a)redhat.com,
bibryam(a)redhat.com, bmontgom(a)redhat.com,
chazlett(a)redhat.com, drieden(a)redhat.com,
eparis(a)redhat.com, etirelli(a)redhat.com,
extras-orphan(a)fedoraproject.org,
fedoraproject.org(a)bluhm-de.com, ggaughan(a)redhat.com,
gmalinko(a)redhat.com, gvarsami(a)redhat.com,
hbraun(a)redhat.com, ibek(a)redhat.com,
janstey(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jburrell(a)redhat.com, jcoleman(a)redhat.com,
jnethert(a)redhat.com, jochrist(a)redhat.com,
jokerman(a)redhat.com, jolee(a)redhat.com,
jrokos(a)redhat.com, jross(a)redhat.com,
jschatte(a)redhat.com, jstastny(a)redhat.com,
jwon(a)redhat.com, kconner(a)redhat.com,
krathod(a)redhat.com, kverlaen(a)redhat.com,
ldimaggi(a)redhat.com, lkundrak(a)v3.sk,
mizdebsk(a)redhat.com, mnovotny(a)redhat.com,
nstielau(a)redhat.com, nwallace(a)redhat.com,
pantinor(a)redhat.com, pbhattac(a)redhat.com,
pdelbell(a)redhat.com, pjindal(a)redhat.com,
rrajasek(a)redhat.com, rwagner(a)redhat.com,
sponnaga(a)redhat.com, tcunning(a)redhat.com,
tkirby(a)redhat.com, tzimanyi(a)redhat.com
Target Milestone: ---
Classification: Other
XStream is a simple library to serialize objects to XML and back again. In
affected versions this vulnerability may allow a remote attacker to load and
execute arbitrary code from a remote host only by manipulating the processed
input stream, if using the version out of the box with Java runtime version 14
to 8 or with JavaFX installed. No user is affected, who followed the
recommendation to setup XStream's security framework with a whitelist limited
to the minimal required types. XStream 1.4.18 uses no longer a blacklist by
default, since it cannot be secured for general purpose.
References:
https://github.com/x-stream/xstream/security/advisories/GHSA-2q8x-2p7f-574vhttps://x-stream.github.io/CVE-2021-39153.html
--
You are receiving this mail because:
You are on the CC list for the bug.