java-sig-commits February 2022

java-sig-commits@lists.fedoraproject.org

1 participants
218 discussions

[Bug 2047344] New: CVE-2022-21363 mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors [fedora-all]
by bugzilla＠redhat.com 12 Feb '22

12 Feb '22

https://bugzilla.redhat.com/show_bug.cgi?id=2047344 Bug ID: 2047344 Summary: CVE-2022-21363 mysql-connector-java: Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors [fedora-all] Product: Fedora Version: 35 Status: NEW Component: mysql-connector-java Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: zmiklank(a)redhat.com Reporter: gsuckevi(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: hhorak(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, jjanco(a)redhat.com, ljavorsk(a)redhat.com, mkulik(a)redhat.com, mschorm(a)redhat.com, odubaj(a)redhat.com, puntogil(a)libero.it, steve.traylen(a)cern.ch, xjakub(a)fi.muni.cz, zmiklank(a)redhat.com Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2047344

1 6

[Bug 2020584] New: CVE-2021-2471 mysql-connector-java: unauthorized access to critical [fedora-all]
by bugzilla＠redhat.com 12 Feb '22

12 Feb '22

https://bugzilla.redhat.com/show_bug.cgi?id=2020584 Bug ID: 2020584 Summary: CVE-2021-2471 mysql-connector-java: unauthorized access to critical [fedora-all] Product: Fedora Version: 35 Status: NEW Component: mysql-connector-java Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: zmiklank(a)redhat.com Reporter: mrehak(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: hhorak(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, jjanco(a)redhat.com, ljavorsk(a)redhat.com, mkulik(a)redhat.com, mschorm(a)redhat.com, odubaj(a)redhat.com, puntogil(a)libero.it, steve.traylen(a)cern.ch, xjakub(a)fi.muni.cz, zmiklank(a)redhat.com Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2020584

1 8

[Bug 2048135] New: xstream-1.4.19 is available
by bugzilla＠redhat.com 12 Feb '22

12 Feb '22

https://bugzilla.redhat.com/show_bug.cgi?id=2048135 Bug ID: 2048135 Summary: xstream-1.4.19 is available Product: Fedora Version: rawhide Status: NEW Component: xstream Keywords: FutureFeature, Triaged Assignee: didiksupriadi41(a)gmail.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: didiksupriadi41(a)gmail.com, fedoraproject.org(a)bluhm-de.com, java-sig-commits(a)lists.fedoraproject.org, lkundrak(a)v3.sk, mizdebsk(a)redhat.com Target Milestone: --- Classification: Fedora Latest upstream release: 1.4.19 Current version/release in rawhide: 1.4.18-3.fc36 URL: http://x-stream.github.io/ Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/5270/ -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2048135

1 8

[Bug 1831139] New: CVE-2020-9488 log4j: improper validation of certificate with host mismatch SMTP appender
by bugzilla＠redhat.com 11 Feb '22

11 Feb '22

https://bugzilla.redhat.com/show_bug.cgi?id=1831139 Bug ID: 1831139 Summary: CVE-2020-9488 log4j: improper validation of certificate with host mismatch SMTP appender Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team(a)redhat.com Reporter: gsuckevi(a)redhat.com CC: aboyko(a)redhat.com, aileenc(a)redhat.com, akoufoud(a)redhat.com, alazarot(a)redhat.com, almorale(a)redhat.com, anstephe(a)redhat.com, asoldano(a)redhat.com, atangrin(a)redhat.com, ataylor(a)redhat.com, avibelli(a)redhat.com, bbaranow(a)redhat.com, bbuckingham(a)redhat.com, bcourt(a)redhat.com, bdettelb(a)redhat.com, bgeorges(a)redhat.com, bkearney(a)redhat.com, bmaxwell(a)redhat.com, bmontgom(a)redhat.com, brian.stansberry(a)redhat.com, btotty(a)redhat.com, cbyrne(a)redhat.com, cdewolf(a)redhat.com, chazlett(a)redhat.com, cmacedo(a)redhat.com, csutherl(a)redhat.com, darran.lofthouse(a)redhat.com, dbhole(a)redhat.com, decathorpe(a)gmail.com, devrim(a)gunduz.org, dffrench(a)redhat.com, dkreling(a)redhat.com, dosoudil(a)redhat.com, drieden(a)redhat.com, drusso(a)redhat.com, dwalluck(a)redhat.com, eparis(a)redhat.com, etirelli(a)redhat.com, ganandan(a)redhat.com, ggaughan(a)redhat.com, gmalinko(a)redhat.com, gvarsami(a)redhat.com, gzaronik(a)redhat.com, hhorak(a)redhat.com, hhudgeon(a)redhat.com, ibek(a)redhat.com, iweiss(a)redhat.com, janstey(a)redhat.com, java-maint(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, jawilson(a)redhat.com, jbalunas(a)redhat.com, jburrell(a)redhat.com, jclere(a)redhat.com, jcoleman(a)redhat.com, jmadigan(a)redhat.com, jochrist(a)redhat.com, jokerman(a)redhat.com, jorton(a)redhat.com, jpallich(a)redhat.com, jperkins(a)redhat.com, jschorr(a)redhat.com, jshepherd(a)redhat.com, jstastny(a)redhat.com, jwon(a)redhat.com, kconner(a)redhat.com, krathod(a)redhat.com, kverlaen(a)redhat.com, kwills(a)redhat.com, ldimaggi(a)redhat.com, lef(a)fedoraproject.org, lgao(a)redhat.com, loleary(a)redhat.com, lthon(a)redhat.com, lzap(a)redhat.com, mbabacek(a)redhat.com, mizdebsk(a)redhat.com, mmccune(a)redhat.com, mnovotny(a)redhat.com, msochure(a)redhat.com, msvehla(a)redhat.com, mszynkie(a)redhat.com, myarboro(a)redhat.com, ngough(a)redhat.com, nmoumoul(a)redhat.com, nstielau(a)redhat.com, nwallace(a)redhat.com, paradhya(a)redhat.com, pdrozd(a)redhat.com, pgallagh(a)redhat.com, pjindal(a)redhat.com, pmackay(a)redhat.com, psotirop(a)redhat.com, puntogil(a)libero.it, pwright(a)redhat.com, rchan(a)redhat.com, rguimara(a)redhat.com, rjerrido(a)redhat.com, rrajasek(a)redhat.com, rruss(a)redhat.com, rstancel(a)redhat.com, rsvoboda(a)redhat.com, rsynek(a)redhat.com, rwagner(a)redhat.com, sdaley(a)redhat.com, smaestri(a)redhat.com, sochotni(a)redhat.com, sokeeffe(a)redhat.com, spinder(a)redhat.com, sponnaga(a)redhat.com, stewardship-sig(a)lists.fedoraproject.org, sthorger(a)redhat.com, tbrisker(a)redhat.com, tcunning(a)redhat.com, theute(a)redhat.com, tkirby(a)redhat.com, tlestach(a)redhat.com, tomckay(a)redhat.com, tom.jenkinson(a)redhat.com, trepel(a)redhat.com, weli(a)redhat.com Target Milestone: --- Classification: Other Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Reference: https://issues.apache.org/jira/browse/LOG4J2-2819 -- You are receiving this mail because: You are on the CC list for the bug.

1 37

[Bug 2052726] New: maven-reporting-impl-3.1.0 is available
by bugzilla＠redhat.com 10 Feb '22

10 Feb '22

https://bugzilla.redhat.com/show_bug.cgi?id=2052726 Bug ID: 2052726 Summary: maven-reporting-impl-3.1.0 is available Product: Fedora Version: rawhide Status: NEW Component: maven-reporting-impl Keywords: FutureFeature, Triaged Assignee: loganjerry(a)gmail.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, loganjerry(a)gmail.com, mizdebsk(a)redhat.com Target Milestone: --- Classification: Fedora Latest upstream release: 3.1.0 Current version/release in rawhide: 3.0.0-14.fc36 URL: http://maven.apache.org/shared/maven-reporting-impl/ Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/1932/ -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2052726

1 1

[Bug 2035951] CVE-2021-44832 log4j-core: remote code execution via JDBC Appender
by bugzilla＠redhat.com 08 Feb '22

08 Feb '22

https://bugzilla.redhat.com/show_bug.cgi?id=2035951 errata-xmlrpc <errata-xmlrpc(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Link ID| |Red Hat Product Errata | |RHSA-2022:0467 -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2035951

1 0

[Bug 2035951] CVE-2021-44832 log4j-core: remote code execution via JDBC Appender
by bugzilla＠redhat.com 08 Feb '22

08 Feb '22

https://bugzilla.redhat.com/show_bug.cgi?id=2035951 --- Comment #35 from errata-xmlrpc <errata-xmlrpc(a)redhat.com> --- This issue has been addressed in the following products: Red Hat AMQ Streams 1.6.7 Via RHSA-2022:0467 https://access.redhat.com/errata/RHSA-2022:0467 -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2035951

1 0

[Bug 1594635] CVE-2018-10862 wildfly-common: wildfly-core: Path traversal can allow the extraction of .war archives to write arbitrary files (Zip Slip) [epel-7]
by bugzilla＠redhat.com 08 Feb '22

08 Feb '22

https://bugzilla.redhat.com/show_bug.cgi?id=1594635 Fedora Admin user for bugzilla script actions <fedora-admin-xmlrpc(a)fedoraproject.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|lef(a)fedoraproject.org |extras-orphan@fedoraproject | |.org --- Comment #2 from Fedora Admin user for bugzilla script actions <fedora-admin-xmlrpc(a)fedoraproject.org> --- This package has changed maintainer in Fedora. Reassigning to the new maintainer of this component. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=1594635

1 0

[Bug 1801382] New: CVE-2020-7226 cryptacular: excessive memory allocation during a decode operation [epel-7]
by bugzilla＠redhat.com 08 Feb '22

08 Feb '22

https://bugzilla.redhat.com/show_bug.cgi?id=1801382 Bug ID: 1801382 Summary: CVE-2020-7226 cryptacular: excessive memory allocation during a decode operation [epel-7] Product: Fedora EPEL Version: epel7 Status: NEW Component: cryptacular Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: lef(a)fedoraproject.org Reporter: gsuckevi(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: extras-orphan(a)fedoraproject.org, java-sig-commits(a)lists.fedoraproject.org, lef(a)fedoraproject.org, puntogil(a)libero.it Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of epel-7. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. -- You are receiving this mail because: You are on the CC list for the bug.

1 3

[Bug 1504563] CVE-2017-12628 apache-james-project: Java deserialization in the JMX server [epel-7]
by bugzilla＠redhat.com 08 Feb '22

08 Feb '22

https://bugzilla.redhat.com/show_bug.cgi?id=1504563 Fedora Admin user for bugzilla script actions <fedora-admin-xmlrpc(a)fedoraproject.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|lef(a)fedoraproject.org |extras-orphan@fedoraproject | |.org --- Comment #4 from Fedora Admin user for bugzilla script actions <fedora-admin-xmlrpc(a)fedoraproject.org> --- This package has changed maintainer in Fedora. Reassigning to the new maintainer of this component. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=1504563

1 0

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

java-sig-commits February 2022