February 2017 - java-sig-commits - Fedora Mailing-Lists

[Bug 1421525] New: maven-archetype-3.0.0 is available

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1421525 Bug ID: 1421525 Summary: maven-archetype-3.0.0 is available Product: Fedora Version: rawhide Component: maven-archetype Keywords: FutureFeature, Triaged Assignee: mizdebsk(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, msimacek(a)redhat.com Latest upstream release: 3.0.0 Current version/release in rawhide: 2.4-3.fc25 URL: http://repo.maven.apache.org/maven2/org/apache/maven/archetype/maven-arch... Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/1899/ -- You are receiving this mail because: You are on the CC list for the bug.

7 years, 1 month

1
1
0 / 0

[Bug 1338397] New: apache-commons-vfs-2.1 is available

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1338397 Bug ID: 1338397 Summary: apache-commons-vfs-2.1 is available Product: Fedora Version: rawhide Component: apache-commons-vfs Keywords: FutureFeature, Triaged Assignee: puntogil(a)libero.it Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, msrb(a)redhat.com, puntogil(a)libero.it Latest upstream release: 2.1 Current version/release in rawhide: 2.0-17.fc24 URL: http://archive.apache.org/dist/commons/vfs/source/ Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/85/ -- You are receiving this mail because: You are on the CC list for the bug.

7 years, 2 months

2
9
0 / 0

[Bug 1422297] New: slf4j-1.7.23 is available

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1422297 Bug ID: 1422297 Summary: slf4j-1.7.23 is available Product: Fedora Version: rawhide Component: slf4j Keywords: FutureFeature, Triaged Assignee: mizdebsk(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, msimacek(a)redhat.com Latest upstream release: 1.7.23 Current version/release in rawhide: 1.7.22-1.fc26 URL: http://www.slf4j.org/download.html Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/4831/ -- You are receiving this mail because: You are on the CC list for the bug.

7 years, 2 months

1
4
0 / 0

[Bug 1421885] New: felix-utils-1.9.0 is available

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1421885 Bug ID: 1421885 Summary: felix-utils-1.9.0 is available Product: Fedora Version: rawhide Component: felix-utils Keywords: FutureFeature, Triaged Assignee: msimacek(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: jaromir.capik(a)email.cz, java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, msimacek(a)redhat.com Latest upstream release: 1.9.0 Current version/release in rawhide: 1.8.6-1.fc26 URL: http://www.apache.org/dist/felix/ Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/799/ -- You are receiving this mail because: You are on the CC list for the bug.

7 years, 2 months

1
1
0 / 0

[Bug 1422284] New: apache-commons-net-3.6 is available

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1422284 Bug ID: 1422284 Summary: apache-commons-net-3.6 is available Product: Fedora Version: rawhide Component: apache-commons-net Keywords: FutureFeature, Triaged Assignee: mizdebsk(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, msimacek(a)redhat.com, SpikeFedora(a)gmail.com Latest upstream release: 3.6 Current version/release in rawhide: 3.5-2.fc26 URL: http://www.apache.org/dist/commons/net/source/ Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/81/ -- You are receiving this mail because: You are on the CC list for the bug.

7 years, 2 months

1
1
0 / 0

[Bug 1418707] New: CVE-2017-2601 jenkins: Persisted cross-site scripting vulnerability in parameter names and descriptions (SECURITY-353)

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1418707 Bug ID: 1418707 Summary: CVE-2017-2601 jenkins: Persisted cross-site scripting vulnerability in parameter names and descriptions (SECURITY-353) Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: anemec(a)redhat.com CC: abhgupta(a)redhat.com, bleanhar(a)redhat.com, ccoleman(a)redhat.com, dedgar(a)redhat.com, dmcphers(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, jgoulding(a)redhat.com, jkeck(a)redhat.com, joelsmith(a)redhat.com, kseifried(a)redhat.com, mizdebsk(a)redhat.com, msrb(a)redhat.com, tdawson(a)redhat.com, tiwillia(a)redhat.com The following flaw was found in Jenkins: Users with the permission to configure jobs were able to inject JavaScript into parameter names and descriptions. External References: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+20... Upstream patch: https://github.com/jenkinsci/jenkins/commit/fd2e081b947124c90bcd97bfc55e1... -- You are receiving this mail because: You are on the CC list for the bug.

7 years, 2 months

1
4
0 / 0

[Bug 1418703] New: CVE-2017-2600 jenkins: Node monitor data could be viewed by low privilege users (SECURITY-343)

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1418703 Bug ID: 1418703 Summary: CVE-2017-2600 jenkins: Node monitor data could be viewed by low privilege users (SECURITY-343) Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: anemec(a)redhat.com CC: abhgupta(a)redhat.com, bleanhar(a)redhat.com, ccoleman(a)redhat.com, dedgar(a)redhat.com, dmcphers(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, jgoulding(a)redhat.com, jkeck(a)redhat.com, joelsmith(a)redhat.com, kseifried(a)redhat.com, mizdebsk(a)redhat.com, msrb(a)redhat.com, tdawson(a)redhat.com, tiwillia(a)redhat.com The following flaw was found in Jenkins: Overall/Read permission was sufficient to access node monitor data via the remote API. These included system configuration and runtime information of these nodes. External References: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+20... Upstream patch: https://github.com/jenkinsci/jenkins/commit/0f92cd08a19207de2cceb6a2f4e3e... -- You are receiving this mail because: You are on the CC list for the bug.

7 years, 2 months

1
4
0 / 0

[Bug 1418698] New: CVE-2017-2599 jenkins: Items could be created with same name as existing item (SECURITY-321)

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1418698 Bug ID: 1418698 Summary: CVE-2017-2599 jenkins: Items could be created with same name as existing item (SECURITY-321) Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: anemec(a)redhat.com CC: abhgupta(a)redhat.com, bleanhar(a)redhat.com, ccoleman(a)redhat.com, dedgar(a)redhat.com, dmcphers(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, jgoulding(a)redhat.com, jkeck(a)redhat.com, joelsmith(a)redhat.com, kseifried(a)redhat.com, mizdebsk(a)redhat.com, msrb(a)redhat.com, tdawson(a)redhat.com, tiwillia(a)redhat.com The following flaw was found in Jenkins: An insufficient permission check allowed users with the permission to create new items (e.g. jobs) to overwrite existing items they don't have access to. After a Jenkins restart, children of the original item, such as builds, were then accessible in some circumstances. External References: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+20... Upstream patch: https://github.com/jenkinsci/jenkins/commit/4ed5c850b6855ab064a66d02fb338... -- You are receiving this mail because: You are on the CC list for the bug.

7 years, 2 months

1
4
0 / 0

[Bug 1418730] New: CVE-2017-2612 jenkins: Low privilege users were able to override JDK download credentials ( SECURITY-392)

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1418730 Bug ID: 1418730 Summary: CVE-2017-2612 jenkins: Low privilege users were able to override JDK download credentials (SECURITY-392) Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: anemec(a)redhat.com CC: abhgupta(a)redhat.com, bleanhar(a)redhat.com, ccoleman(a)redhat.com, dedgar(a)redhat.com, dmcphers(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, jgoulding(a)redhat.com, jkeck(a)redhat.com, joelsmith(a)redhat.com, kseifried(a)redhat.com, mizdebsk(a)redhat.com, msrb(a)redhat.com, tdawson(a)redhat.com, tiwillia(a)redhat.com The following flaw was found in Jenkins: Jenkins allows administrators to enter their username and password to the Oracle download site which provides JDKs for download. Users with read access to Jenkins were able to override these credentials, resulting in future builds possibly failing to download a JDK. A permission check has been added. External References: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+20... Upstream patch: https://github.com/jenkinsci/jenkins/commit/b0ed9669bc00dbccf1be6896bb527... -- You are receiving this mail because: You are on the CC list for the bug.

7 years, 2 months

1
4
0 / 0

[Bug 1418729] New: CVE-2017-2611 jenkins: Insufficient permission check for periodic processes (SECURITY-389)

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1418729 Bug ID: 1418729 Summary: CVE-2017-2611 jenkins: Insufficient permission check for periodic processes (SECURITY-389) Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: anemec(a)redhat.com CC: abhgupta(a)redhat.com, bleanhar(a)redhat.com, ccoleman(a)redhat.com, dedgar(a)redhat.com, dmcphers(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, jgoulding(a)redhat.com, jkeck(a)redhat.com, joelsmith(a)redhat.com, kseifried(a)redhat.com, mizdebsk(a)redhat.com, msrb(a)redhat.com, tdawson(a)redhat.com, tiwillia(a)redhat.com The following flaw was found in Jenkins: The URLs /workspaceCleanup and /fingerprintCleanup did not perform permission checks, allowing users with read access to Jenkins to trigger these background processes (that are otherwise performed daily), possibly causing additional load on Jenkins master and agents. External References: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+20... Upstream patch: https://github.com/jenkinsci/jenkins/commit/97a61a9fe55f4c16168c123f98301... -- You are receiving this mail because: You are on the CC list for the bug.

7 years, 2 months

1
4
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

java-sig-commits February 2017