https://bugzilla.redhat.com/show_bug.cgi?id=1735117
Bug ID: 1735117
Summary: eclipse-color-theme: FTBFS in Fedora rawhide/f31
Product: Fedora
Version: rawhide
Status: NEW
Component: eclipse-color-theme
Assignee: mat.booth(a)redhat.com
Reporter: releng(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: eclipse-sig(a)lists.fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
mat.booth(a)redhat.com, mefoster(a)gmail.com
Blocks: 1732841
Target Milestone: ---
Classification: Fedora
eclipse-color-theme failed to build from source in Fedora rawhide/f31
https://koji.fedoraproject.org/koji/taskinfo?taskID=36632908
For details on the mass rebuild see:
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
Please fix eclipse-color-theme at your earliest convenience and set the bug's
status to
ASSIGNED when you start fixing it. If the bug remains in NEW state for 8 weeks,
eclipse-color-theme will be orphaned. Before branching of Fedora 32,
eclipse-color-theme will be retired, if it still fails to build.
For more details on the FTBFS policy, please visit:
https://fedoraproject.org/wiki/Fails_to_build_from_source
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1732841
[Bug 1732841] (F31FTBFS) - Fedora 31 FTBFS Tracker
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1764357
Bug ID: 1764357
Summary: CVE-2019-10401 jenkins: Stored XSS vulnerability in
expandable textbox form control
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: psampaio(a)redhat.com
CC: abenaiss(a)redhat.com, adam.kaplan(a)redhat.com,
aos-bugs(a)redhat.com, bmontgom(a)redhat.com,
eparis(a)redhat.com, extras-orphan(a)fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
jburrell(a)redhat.com, jokerman(a)redhat.com,
mizdebsk(a)redhat.com, msrb(a)redhat.com,
nstielau(a)redhat.com, sponnaga(a)redhat.com,
vbobade(a)redhat.com, wzheng(a)redhat.com
Target Milestone: ---
Classification: Other
Jenkins form controls include an expandable textbox that can transform from a
single-line text box to a multi-line text area. The implementation of this
transformation interpreted the text content of the form field as HTML. This
resulted in a cross-site scripting vulnerability exploitable by attackers able
to control the contents of such f:expandableTextbox form controls.
References:
https://jenkins.io/security/advisory/2019-09-25/
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1764370
Bug ID: 1764370
Summary: CVE-2019-10406 jenkins: XSS vulnerability in Jenkins
URL setting
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: psampaio(a)redhat.com
CC: abenaiss(a)redhat.com, adam.kaplan(a)redhat.com,
aos-bugs(a)redhat.com, bmontgom(a)redhat.com,
eparis(a)redhat.com, extras-orphan(a)fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
jburrell(a)redhat.com, jokerman(a)redhat.com,
mizdebsk(a)redhat.com, msrb(a)redhat.com,
nstielau(a)redhat.com, sponnaga(a)redhat.com,
vbobade(a)redhat.com, wzheng(a)redhat.com
Target Milestone: ---
Classification: Other
Jenkins did not validate or otherwise limit the possible values administrators
could specify as Jenkins root URL. This resulted in a cross-site scripting
vulnerability exploitable by users with Overall/Administer permission.
References:
https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1471
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1764369
Bug ID: 1764369
Summary: CVE-2019-10405 jenkins: Diagnostic web page exposed
Cookie HTTP header
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: psampaio(a)redhat.com
CC: abenaiss(a)redhat.com, adam.kaplan(a)redhat.com,
aos-bugs(a)redhat.com, bmontgom(a)redhat.com,
eparis(a)redhat.com, extras-orphan(a)fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
jburrell(a)redhat.com, jokerman(a)redhat.com,
mizdebsk(a)redhat.com, msrb(a)redhat.com,
nstielau(a)redhat.com, sponnaga(a)redhat.com,
vbobade(a)redhat.com, wzheng(a)redhat.com
Target Milestone: ---
Classification: Other
Jenkins shows various technical information about the current user on the
/whoAmI URL. The information shown includes HTTP request headers. This allowed
attackers able to exploit another cross-site scripting vulnerability to obtain
the Cookie header’s value even if the HttpOnly flag would prevent direct access
via JavaScript.
References:
https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1505
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1764367
Bug ID: 1764367
Summary: CVE-2019-10404 jenkins: Stored XSS vulnerability in
queue item tooltip
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: psampaio(a)redhat.com
CC: abenaiss(a)redhat.com, adam.kaplan(a)redhat.com,
aos-bugs(a)redhat.com, bmontgom(a)redhat.com,
eparis(a)redhat.com, extras-orphan(a)fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
jburrell(a)redhat.com, jokerman(a)redhat.com,
mizdebsk(a)redhat.com, msrb(a)redhat.com,
nstielau(a)redhat.com, sponnaga(a)redhat.com,
vbobade(a)redhat.com, wzheng(a)redhat.com
Target Milestone: ---
Classification: Other
Jenkins did not escape the reason a queue item is blocked in tooltips. This
resulted in a cross-site scripting vulnerability exploitable by attackers able
to control the reason a queue item is blocked, for example a label expression
that does not match idle executors.
References:
https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1537%20(2)
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1764366
Bug ID: 1764366
Summary: CVE-2019-10403 jenkins: Stored XSS vulnerability in
SCM tag action tooltip
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: psampaio(a)redhat.com
CC: abenaiss(a)redhat.com, adam.kaplan(a)redhat.com,
aos-bugs(a)redhat.com, bmontgom(a)redhat.com,
eparis(a)redhat.com, extras-orphan(a)fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
jburrell(a)redhat.com, jokerman(a)redhat.com,
mizdebsk(a)redhat.com, msrb(a)redhat.com,
nstielau(a)redhat.com, sponnaga(a)redhat.com,
vbobade(a)redhat.com, wzheng(a)redhat.com
Target Milestone: ---
Classification: Other
Jenkins did not escape the tag name on the tooltip for tag actions shown in the
build history. This resulted in a cross-site scripting vulnerability
exploitable by attackers able to control the SCM tag name for these actions.
References:
https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1537%20(1)
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1764363
Bug ID: 1764363
Summary: CVE-2019-10402 jenkins: XSS vulnerability in combobox
form control
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: psampaio(a)redhat.com
CC: abenaiss(a)redhat.com, adam.kaplan(a)redhat.com,
aos-bugs(a)redhat.com, bmontgom(a)redhat.com,
eparis(a)redhat.com, extras-orphan(a)fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
jburrell(a)redhat.com, jokerman(a)redhat.com,
mizdebsk(a)redhat.com, msrb(a)redhat.com,
nstielau(a)redhat.com, sponnaga(a)redhat.com,
vbobade(a)redhat.com, wzheng(a)redhat.com
Target Milestone: ---
Classification: Other
Jenkins interpreted items added to f:combobox form controls as HTML. This
resulted in a cross-site scripting vulnerability exploitable by attackers able
to control the contents of f:combobox form controls.
References:
https://jenkins.io/security/advisory/2019-09-25/#SECURITY-1525
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1742075
Bug ID: 1742075
Summary: glassfish-fastinfoset-1.2.16 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: glassfish-fastinfoset
Keywords: FutureFeature, Triaged
Assignee: ascheel(a)redhat.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: ascheel(a)redhat.com, decathorpe(a)gmail.com,
dmoluguw(a)redhat.com, edewata(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
puntogil(a)libero.it,
stewardship-sig(a)lists.fedoraproject.org
Target Milestone: ---
Classification: Fedora
Latest upstream release: 1.2.16
Current version/release in rawhide: 1.2.13-12.fc31
URL: https://github.com/eclipse-ee4j/jaxb-fi
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from anitya:
https://release-monitoring.org/project/21051/
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1769162
Bug ID: 1769162
Summary: batik-1.12 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: batik
Keywords: FutureFeature, Triaged
Assignee: stewardship-sig(a)lists.fedoraproject.org
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: akurtako(a)redhat.com, c.david86(a)gmail.com,
decathorpe(a)gmail.com, extras-orphan(a)fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
jvanek(a)redhat.com, mizdebsk(a)redhat.com,
stewardship-sig(a)lists.fedoraproject.org
Target Milestone: ---
Classification: Fedora
Latest upstream release: 1.12
Current version/release in rawhide: 1.11-2.fc31
URL: https://xmlgraphics.apache.org/batik/
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from anitya:
https://release-monitoring.org/project/168/
--
You are receiving this mail because:
You are on the CC list for the bug.