java-sig-commits March 2023

java-sig-commits@lists.fedoraproject.org

1 participants
280 discussions

[Bug 2173753] New: CVE-2023-24998 apache-commons-fileupload: Apache Commons FileUpload: FileUpload DoS with excessive parts [fedora-all]
by bugzilla＠redhat.com 12 Jan '24

12 Jan '24

https://bugzilla.redhat.com/show_bug.cgi?id=2173753 Bug ID: 2173753 Summary: CVE-2023-24998 apache-commons-fileupload: Apache Commons FileUpload: FileUpload DoS with excessive parts [fedora-all] Product: Fedora Version: 37 Status: NEW Component: apache-commons-fileupload Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: jjelen(a)redhat.com Reporter: chazlett(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, jerboaa(a)gmail.com, jjelen(a)redhat.com, mizdebsk(a)redhat.com, SpikeFedora(a)gmail.com Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2172298 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2173753

1 5

[Bug 2137238] New: lucene-9.4.1 is available
by bugzilla＠redhat.com 11 Jan '24

11 Jan '24

https://bugzilla.redhat.com/show_bug.cgi?id=2137238 Bug ID: 2137238 Summary: lucene-9.4.1 is available Product: Fedora Version: rawhide Status: NEW Component: lucene Keywords: FutureFeature, Triaged Assignee: mkoncek(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: dbhole(a)redhat.com, dchen(a)redhat.com, eclipse-sig(a)lists.fedoraproject.org, java-sig-commits(a)lists.fedoraproject.org, jerboaa(a)gmail.com, krzysztof.daniel(a)gmail.com, mkoncek(a)redhat.com, rgrunber(a)redhat.com Target Milestone: --- Classification: Fedora Releases retrieved: 9.4.1 Upstream release that is considered latest: 9.4.1 Current version/release in rawhide: 9.4.0-1.fc38 URL: http://lucene.apache.org/ Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_M… Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/7178/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/lucene -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2137238

1 14

[Bug 1978762] New: slf4j-2.0.0-alpha2 is available
by bugzilla＠redhat.com 04 Jan '24

04 Jan '24

https://bugzilla.redhat.com/show_bug.cgi?id=1978762 Bug ID: 1978762 Summary: slf4j-2.0.0-alpha2 is available Product: Fedora Version: rawhide Status: NEW Component: slf4j Keywords: FutureFeature, Triaged Assignee: mizdebsk(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: alexander.m.scheel(a)gmail.com, java-sig-commits(a)lists.fedoraproject.org, jmagne(a)redhat.com, mizdebsk(a)redhat.com, mkdineshprasanth(a)gmail.com Target Milestone: --- Classification: Fedora Latest upstream release: 2.0.0-alpha2 Current version/release in rawhide: 1.7.30-9.fc35 URL: http://www.slf4j.org/download.html Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/4831/ -- You are receiving this mail because: You are on the CC list for the bug.

1 19

[Bug 1955315] New: mockito-3.9.10 is available
by bugzilla＠redhat.com 15 Dec '23

15 Dec '23

https://bugzilla.redhat.com/show_bug.cgi?id=1955315 Bug ID: 1955315 Summary: mockito-3.9.10 is available Product: Fedora Version: rawhide Status: NEW Component: mockito Keywords: FutureFeature, Triaged Assignee: stuart(a)gathman.org Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: akurtako(a)redhat.com, java-maint-sig(a)lists.fedoraproject.org, java-sig-commits(a)lists.fedoraproject.org, jerboaa(a)gmail.com, mat.booth(a)gmail.com, mizdebsk(a)redhat.com, projects.rg(a)smart.ms, roman(a)fenkhuber.at, stuart(a)gathman.org Target Milestone: --- Classification: Fedora Latest upstream release: 3.9.10 Current version/release in rawhide: 3.5.13-2.fc34 URL: http://mockito.org Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/7297/ -- You are receiving this mail because: You are on the CC list for the bug.

1 40

[Bug 2094142] New: maven-surefire-3.0.0-M7 is available
by bugzilla＠redhat.com 15 Dec '23

15 Dec '23

https://bugzilla.redhat.com/show_bug.cgi?id=2094142 Bug ID: 2094142 Summary: maven-surefire-3.0.0-M7 is available Product: Fedora Version: rawhide Status: NEW Component: maven-surefire Keywords: FutureFeature, Triaged Assignee: mizdebsk(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: dbhole(a)redhat.com, jaromir.capik(a)email.cz, java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com Target Milestone: --- Classification: Fedora Releases retrieved: 3.0.0-M7 Upstream release that is considered latest: 3.0.0-M7 Current version/release in rawhide: 3.0.0~M6-2.fc37 URL: http://maven.apache.org/surefire/ Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/1944/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/maven-surefire -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2094142

1 11

[Bug 2138977] New: apache-commons-compress-1.22 is available
by bugzilla＠redhat.com 08 Dec '23

08 Dec '23

https://bugzilla.redhat.com/show_bug.cgi?id=2138977 Bug ID: 2138977 Summary: apache-commons-compress-1.22 is available Product: Fedora Version: rawhide Status: NEW Component: apache-commons-compress Keywords: FutureFeature, Triaged Assignee: mizdebsk(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, mkoncek(a)redhat.com, SpikeFedora(a)gmail.com Target Milestone: --- Classification: Fedora Releases retrieved: 1.22 Upstream release that is considered latest: 1.22 Current version/release in rawhide: 1.21-4.fc38 URL: http://commons.apache.org/proper/commons-compress/ Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_M… Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/62/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/apache-commons-compress -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2138977

1 4

[Bug 2160817] New: CVE-2022-46457 nasm: segmentation fault in ieee_write_file() in output/outieee.c [fedora-all]
by bugzilla＠redhat.com 07 Dec '23

07 Dec '23

https://bugzilla.redhat.com/show_bug.cgi?id=2160817 Bug ID: 2160817 Summary: CVE-2022-46457 nasm: segmentation fault in ieee_write_file() in output/outieee.c [fedora-all] Product: Fedora Version: 37 Status: NEW Component: nasm Keywords: Security, SecurityTracking Severity: low Priority: low Assignee: dominik(a)greysector.net Reporter: gsuckevi(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: dominik(a)greysector.net, java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, pbonzini(a)redhat.com Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2160811 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2160817

1 4

[Bug 2157643] New: CVE-2022-4245 maven-source-plugin: codehaus-plexus: XML External Entity (XXE) Injection [fedora-37]
by bugzilla＠redhat.com 06 Dec '23

06 Dec '23

https://bugzilla.redhat.com/show_bug.cgi?id=2157643 Bug ID: 2157643 Summary: CVE-2022-4245 maven-source-plugin: codehaus-plexus: XML External Entity (XXE) Injection [fedora-37] Product: Fedora Version: 37 Status: NEW Component: maven-source-plugin Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: mizdebsk(a)redhat.com Reporter: pdelbell(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: akurtako(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2149843 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2157643

1 4

[Bug 2157642] New: CVE-2022-4245 maven-plugin-bundle: codehaus-plexus: XML External Entity (XXE) Injection [fedora-37]
by bugzilla＠redhat.com 06 Dec '23

06 Dec '23

https://bugzilla.redhat.com/show_bug.cgi?id=2157642 Bug ID: 2157642 Summary: CVE-2022-4245 maven-plugin-bundle: codehaus-plexus: XML External Entity (XXE) Injection [fedora-37] Product: Fedora Version: 37 Status: NEW Component: maven-plugin-bundle Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: mizdebsk(a)redhat.com Reporter: pdelbell(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2149843 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2157642

1 4

[Bug 2157641] New: CVE-2022-4245 maven-compiler-plugin: codehaus-plexus: XML External Entity (XXE) Injection [fedora-37]
by bugzilla＠redhat.com 06 Dec '23

06 Dec '23

https://bugzilla.redhat.com/show_bug.cgi?id=2157641 Bug ID: 2157641 Summary: CVE-2022-4245 maven-compiler-plugin: codehaus-plexus: XML External Entity (XXE) Injection [fedora-37] Product: Fedora Version: 37 Status: NEW Component: maven-compiler-plugin Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: mizdebsk(a)redhat.com Reporter: pdelbell(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2149843 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2157641

1 4

← Newer
1
2
3
4
5
6
7
8
...
28
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

java-sig-commits March 2023