java-sig-commits January 2020

java-sig-commits@lists.fedoraproject.org

1 participants
440 discussions

[Bug 1738673] CVE-2019-10219 hibernate-validator: safeHTML validator allows XSS
by bugzilla＠redhat.com 21 Jan '20

21 Jan '20

https://bugzilla.redhat.com/show_bug.cgi?id=1738673 --- Comment #24 from errata-xmlrpc <errata-xmlrpc(a)redhat.com> --- This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6 Via RHSA-2020:0159 https://access.redhat.com/errata/RHSA-2020:0159 -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1738673] CVE-2019-10219 hibernate-validator: safeHTML validator allows XSS
by bugzilla＠redhat.com 21 Jan '20

21 Jan '20

https://bugzilla.redhat.com/show_bug.cgi?id=1738673 errata-xmlrpc <errata-xmlrpc(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Link ID| |Red Hat Product Errata | |RHSA-2020:0164 -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1738673] CVE-2019-10219 hibernate-validator: safeHTML validator allows XSS
by bugzilla＠redhat.com 21 Jan '20

21 Jan '20

https://bugzilla.redhat.com/show_bug.cgi?id=1738673 --- Comment #23 from errata-xmlrpc <errata-xmlrpc(a)redhat.com> --- This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform Via RHSA-2020:0164 https://access.redhat.com/errata/RHSA-2020:0164 -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1238245] maven-ear-plugin-3.0.2 is available
by bugzilla＠redhat.com 19 Jan '20

19 Jan '20

https://bugzilla.redhat.com/show_bug.cgi?id=1238245 Miro Hrončok <mhroncok(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |WONTFIX Last Closed| |2020-01-19 22:44:03 --- Comment #7 from Miro Hrončok <mhroncok(a)redhat.com> --- Automation has figured out the package is retired in rawhide. If you like it to be unretired, please open a ticket at https://pagure.io/releng/new_issue?template=package_unretirement -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1792097] New: stringtemplate4-4.3 is available
by bugzilla＠redhat.com 17 Jan '20

17 Jan '20

https://bugzilla.redhat.com/show_bug.cgi?id=1792097 Bug ID: 1792097 Summary: stringtemplate4-4.3 is available Product: Fedora Version: rawhide Status: NEW Component: stringtemplate4 Keywords: FutureFeature, Triaged Assignee: loganjerry(a)gmail.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, lef(a)fedoraproject.org, loganjerry(a)gmail.com, mizdebsk(a)redhat.com, sochotni(a)redhat.com, xjakub(a)fi.muni.cz Target Milestone: --- Classification: Fedora Latest upstream release: 4.3 Current version/release in rawhide: 4.2-1.fc32 URL: http://www.stringtemplate.org/ Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/41953/ -- You are receiving this mail because: You are on the CC list for the bug.

1 1

[Bug 1596974] antlr4-4.8 is available
by bugzilla＠redhat.com 17 Jan '20

17 Jan '20

https://bugzilla.redhat.com/show_bug.cgi?id=1596974 Upstream Release Monitoring <upstream-release-monitoring(a)fedoraproject.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|antlr4-4.7.1 is available |antlr4-4.8 is available --- Comment #1 from Upstream Release Monitoring <upstream-release-monitoring(a)fedoraproject.org> --- Latest upstream release: 4.8 Current version/release in rawhide: 4.5.2-8.fc31 URL: http://www.antlr.org/index.html Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/14373/ -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1768663] New: jetty, jetty-spring and jetty-cdi cannot be installed
by bugzilla＠redhat.com 17 Jan '20

17 Jan '20

https://bugzilla.redhat.com/show_bug.cgi?id=1768663 Bug ID: 1768663 Summary: jetty, jetty-spring and jetty-cdi cannot be installed Product: Fedora Version: 31 Status: NEW Component: jetty Assignee: mat.booth(a)redhat.com Reporter: phil(a)fifi.org QA Contact: extras-qa(a)fedoraproject.org CC: eclipse-sig(a)lists.fedoraproject.org, java-sig-commits(a)lists.fedoraproject.org, jjohnstn(a)redhat.com, krzysztof.daniel(a)gmail.com, mat.booth(a)redhat.com, mizdebsk(a)redhat.com, sochotni(a)redhat.com Target Milestone: --- Classification: Fedora Description of problem: None of jetty, jetty-spring and jetty-cdi can be installed on Fedora 31. Version-Release number of selected component (if applicable): jetty-9.4.19-2.v20190610.fc31.noarch jetty-cdi-9.4.19-2.v20190610.fc31.noarch jetty-spring-9.4.19-2.v20190610.fc31.noarch How reproducible: Always Steps to Reproduce: 1. dnf install jetty-9.4.19-2.v20190610.fc31.noarch jetty-cdi-9.4.19-2.v20190610.fc31.noarch jetty-spring-9.4.19-2.v20190610.fc31.noarch Actual results: Error: Problem 1: conflicting requests - nothing provides mvn(org.springframework:spring-beans) needed by jetty-spring-9.4.19-2.v20190610.fc31.noarch Problem 2: conflicting requests - nothing provides mvn(org.jboss.weld.servlet:weld-servlet-core) needed by jetty-cdi-9.4.19-2.v20190610.fc31.noarch Problem 3: conflicting requests - package jetty-9.4.19-2.v20190610.fc31.noarch requires jetty-spring = 9.4.19-2.v20190610.fc31, but none of the providers can be installed - nothing provides mvn(org.springframework:spring-beans) needed by jetty-spring-9.4.19-2.v20190610.fc31.noarch Expected results: Packages should be installed. Additional info: -- You are receiving this mail because: You are on the CC list for the bug.

1 4

[Bug 1781215] New: CVE-2019-17632 jetty: generation of default unhandled error response content does not escape exception messages in stacktraces included in error output [fedora-all]
by bugzilla＠redhat.com 17 Jan '20

17 Jan '20

https://bugzilla.redhat.com/show_bug.cgi?id=1781215 Bug ID: 1781215 Summary: CVE-2019-17632 jetty: generation of default unhandled error response content does not escape exception messages in stacktraces included in error output [fedora-all] Product: Fedora Version: 31 Status: NEW Component: jetty Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: mat.booth(a)redhat.com Reporter: gsuckevi(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: eclipse-sig(a)lists.fedoraproject.org, java-sig-commits(a)lists.fedoraproject.org, jjohnstn(a)redhat.com, krzysztof.daniel(a)gmail.com, mat.booth(a)redhat.com, mizdebsk(a)redhat.com, sochotni(a)redhat.com Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug.

1 5

[Bug 977249] htmlcleaner-2.23 is available
by bugzilla＠redhat.com 17 Jan '20

17 Jan '20

https://bugzilla.redhat.com/show_bug.cgi?id=977249 Fedora Admin XMLRPC Client <fedora-admin-xmlrpc(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|Marcin.Dulak(a)gmail.com |extras-orphan@fedoraproject | |.org --- Comment #53 from Fedora Admin XMLRPC Client <fedora-admin-xmlrpc(a)redhat.com> --- This package has changed maintainer in the Fedora. Reassigning to the new maintainer of this component. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1261538] CVE-2015-5262 jakarta-commons-httpclient, httpcomponents-core: missing HTTPS connection timeout
by bugzilla＠redhat.com 16 Jan '20

16 Jan '20

https://bugzilla.redhat.com/show_bug.cgi?id=1261538 Bug 1261538 depends on bug 1692289, which changed state. Bug 1692289 Summary: Fix for CVE-2015-5262 not backported to 4.2.x https://bugzilla.redhat.com/show_bug.cgi?id=1692289 What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |INSUFFICIENT_DATA -- You are receiving this mail because: You are on the CC list for the bug.

1 0

← Newer
1
...
35
36
37
38
39
40
41
...
44
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

java-sig-commits January 2020