https://bugzilla.redhat.com/show_bug.cgi?id=2173753
Bug ID: 2173753
Summary: CVE-2023-24998 apache-commons-fileupload: Apache
Commons FileUpload: FileUpload DoS with excessive
parts [fedora-all]
Product: Fedora
Version: 37
Status: NEW
Component: apache-commons-fileupload
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: jjelen(a)redhat.com
Reporter: chazlett(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
jerboaa(a)gmail.com, jjelen(a)redhat.com,
mizdebsk(a)redhat.com, SpikeFedora(a)gmail.com
Target Milestone: ---
Classification: Fedora
More information about this security flaw is available in the following bug:
http://bugzilla.redhat.com/show_bug.cgi?id=2172298
Disclaimer: Community trackers are created by Red Hat Product Security team on
a best effort basis. Package maintainers are required to ascertain if the flaw
indeed affects their package, before starting the update process.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2173753
https://bugzilla.redhat.com/show_bug.cgi?id=2137238
Bug ID: 2137238
Summary: lucene-9.4.1 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: lucene
Keywords: FutureFeature, Triaged
Assignee: mkoncek(a)redhat.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: dbhole(a)redhat.com, dchen(a)redhat.com,
eclipse-sig(a)lists.fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
jerboaa(a)gmail.com, krzysztof.daniel(a)gmail.com,
mkoncek(a)redhat.com, rgrunber(a)redhat.com
Target Milestone: ---
Classification: Fedora
Releases retrieved: 9.4.1
Upstream release that is considered latest: 9.4.1
Current version/release in rawhide: 9.4.0-1.fc38
URL: http://lucene.apache.org/
Please consult the package updates policy before you issue an update to a
stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/
More information about the service that created this bug can be found at:
https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_M…
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from Anitya:
https://release-monitoring.org/project/7178/
To change the monitoring settings for the project, please visit:
https://src.fedoraproject.org/rpms/lucene
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2137238
https://bugzilla.redhat.com/show_bug.cgi?id=1978762
Bug ID: 1978762
Summary: slf4j-2.0.0-alpha2 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: slf4j
Keywords: FutureFeature, Triaged
Assignee: mizdebsk(a)redhat.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: alexander.m.scheel(a)gmail.com,
java-sig-commits(a)lists.fedoraproject.org,
jmagne(a)redhat.com, mizdebsk(a)redhat.com,
mkdineshprasanth(a)gmail.com
Target Milestone: ---
Classification: Fedora
Latest upstream release: 2.0.0-alpha2
Current version/release in rawhide: 1.7.30-9.fc35
URL: http://www.slf4j.org/download.html
Please consult the package updates policy before you issue an update to a
stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from anitya:
https://release-monitoring.org/project/4831/
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1955315
Bug ID: 1955315
Summary: mockito-3.9.10 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: mockito
Keywords: FutureFeature, Triaged
Assignee: stuart(a)gathman.org
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: akurtako(a)redhat.com,
java-maint-sig(a)lists.fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
jerboaa(a)gmail.com, mat.booth(a)gmail.com,
mizdebsk(a)redhat.com, projects.rg(a)smart.ms,
roman(a)fenkhuber.at, stuart(a)gathman.org
Target Milestone: ---
Classification: Fedora
Latest upstream release: 3.9.10
Current version/release in rawhide: 3.5.13-2.fc34
URL: http://mockito.org
Please consult the package updates policy before you issue an update to a
stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from anitya:
https://release-monitoring.org/project/7297/
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2094142
Bug ID: 2094142
Summary: maven-surefire-3.0.0-M7 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: maven-surefire
Keywords: FutureFeature, Triaged
Assignee: mizdebsk(a)redhat.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: dbhole(a)redhat.com, jaromir.capik(a)email.cz,
java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com
Target Milestone: ---
Classification: Fedora
Releases retrieved: 3.0.0-M7
Upstream release that is considered latest: 3.0.0-M7
Current version/release in rawhide: 3.0.0~M6-2.fc37
URL: http://maven.apache.org/surefire/
Please consult the package updates policy before you issue an update to a
stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from Anitya:
https://release-monitoring.org/project/1944/
To change the monitoring settings for the project, please visit:
https://src.fedoraproject.org/rpms/maven-surefire
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2094142
https://bugzilla.redhat.com/show_bug.cgi?id=2138977
Bug ID: 2138977
Summary: apache-commons-compress-1.22 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: apache-commons-compress
Keywords: FutureFeature, Triaged
Assignee: mizdebsk(a)redhat.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, mkoncek(a)redhat.com,
SpikeFedora(a)gmail.com
Target Milestone: ---
Classification: Fedora
Releases retrieved: 1.22
Upstream release that is considered latest: 1.22
Current version/release in rawhide: 1.21-4.fc38
URL: http://commons.apache.org/proper/commons-compress/
Please consult the package updates policy before you issue an update to a
stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/
More information about the service that created this bug can be found at:
https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_M…
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from Anitya:
https://release-monitoring.org/project/62/
To change the monitoring settings for the project, please visit:
https://src.fedoraproject.org/rpms/apache-commons-compress
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2138977
https://bugzilla.redhat.com/show_bug.cgi?id=2160817
Bug ID: 2160817
Summary: CVE-2022-46457 nasm: segmentation fault in
ieee_write_file() in output/outieee.c [fedora-all]
Product: Fedora
Version: 37
Status: NEW
Component: nasm
Keywords: Security, SecurityTracking
Severity: low
Priority: low
Assignee: dominik(a)greysector.net
Reporter: gsuckevi(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: dominik(a)greysector.net,
java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, pbonzini(a)redhat.com
Target Milestone: ---
Classification: Fedora
More information about this security flaw is available in the following bug:
http://bugzilla.redhat.com/show_bug.cgi?id=2160811
Disclaimer: Community trackers are created by Red Hat Product Security team on
a best effort basis. Package maintainers are required to ascertain if the flaw
indeed affects their package, before starting the update process.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2160817
https://bugzilla.redhat.com/show_bug.cgi?id=2157643
Bug ID: 2157643
Summary: CVE-2022-4245 maven-source-plugin: codehaus-plexus:
XML External Entity (XXE) Injection [fedora-37]
Product: Fedora
Version: 37
Status: NEW
Component: maven-source-plugin
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: mizdebsk(a)redhat.com
Reporter: pdelbell(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: akurtako(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com
Target Milestone: ---
Classification: Fedora
More information about this security flaw is available in the following bug:
http://bugzilla.redhat.com/show_bug.cgi?id=2149843
Disclaimer: Community trackers are created by Red Hat Product Security team on
a best effort basis. Package maintainers are required to ascertain if the flaw
indeed affects their package, before starting the update process.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2157643
https://bugzilla.redhat.com/show_bug.cgi?id=2157642
Bug ID: 2157642
Summary: CVE-2022-4245 maven-plugin-bundle: codehaus-plexus:
XML External Entity (XXE) Injection [fedora-37]
Product: Fedora
Version: 37
Status: NEW
Component: maven-plugin-bundle
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: mizdebsk(a)redhat.com
Reporter: pdelbell(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com
Target Milestone: ---
Classification: Fedora
More information about this security flaw is available in the following bug:
http://bugzilla.redhat.com/show_bug.cgi?id=2149843
Disclaimer: Community trackers are created by Red Hat Product Security team on
a best effort basis. Package maintainers are required to ascertain if the flaw
indeed affects their package, before starting the update process.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2157642
https://bugzilla.redhat.com/show_bug.cgi?id=2157641
Bug ID: 2157641
Summary: CVE-2022-4245 maven-compiler-plugin: codehaus-plexus:
XML External Entity (XXE) Injection [fedora-37]
Product: Fedora
Version: 37
Status: NEW
Component: maven-compiler-plugin
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: mizdebsk(a)redhat.com
Reporter: pdelbell(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com
Target Milestone: ---
Classification: Fedora
More information about this security flaw is available in the following bug:
http://bugzilla.redhat.com/show_bug.cgi?id=2149843
Disclaimer: Community trackers are created by Red Hat Product Security team on
a best effort basis. Package maintainers are required to ascertain if the flaw
indeed affects their package, before starting the update process.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2157641