[Bug 1887779] New: CVE-2020-25649 jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE) [fedora-all]
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1887779
Bug ID: 1887779
Summary: CVE-2020-25649 jackson-databind: FasterXML
DOMDeserializer insecure entity expansion is
vulnerable to XML external entity (XXE) [fedora-all]
Product: Fedora
Version: 32
Status: NEW
Component: jackson-databind
Keywords: Security, SecurityTracking
Severity: high
Priority: high
Assignee: java-maint-sig(a)lists.fedoraproject.org
Reporter: mrehak(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: decathorpe(a)gmail.com,
java-maint-sig(a)lists.fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
lef(a)fedoraproject.org, puntogil(a)libero.it
Target Milestone: ---
Classification: Fedora
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
3 years, 3 months
[Bug 1892848] New: F34FailsToInstall: apache-log4j-extras
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1892848
Bug ID: 1892848
Summary: F34FailsToInstall: apache-log4j-extras
Product: Fedora
Version: rawhide
Status: NEW
Component: apache-log4j-extras
Assignee: moceap(a)hotmail.com
Reporter: mhroncok(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: coolsvap(a)gmail.com,
java-sig-commits(a)lists.fedoraproject.org,
moceap(a)hotmail.com, puntogil(a)libero.it,
rrati(a)redhat.com
Blocks: 1868279 (F34FailsToInstall)
Target Milestone: ---
Classification: Fedora
Hello,
Please note that this comment was generated automatically. If you feel that
this output has mistakes, please contact me via email (mhroncok(a)redhat.com).
Your package (apache-log4j-extras) Fails To Install in Fedora 34:
can't install apache-log4j-extras:
- nothing provides mvn(log4j:log4j:1.2.17) needed by
apache-log4j-extras-1.2.17.1-18.fc33.noarch
If you know about this problem and are planning on fixing it, please
acknowledge so by setting the bug status to ASSIGNED. If you don't have time to
maintain this package, consider orphaning it, so maintainers of dependent
packages realize the problem.
If you don't react accordingly to the policy for FTBFS/FTI bugs
(https://docs.fedoraproject.org/en-US/fesco/Fails_to_build_from_source_Fai...),
your package may be orphaned in 8+ weeks.
P.S. The data was generated solely from koji buildroot, so it might be newer
than the latest compose or the content on mirrors.
P.P.S. If this bug has been reported in the middle of upgrading multiple
dependent packages, please consider using side tags:
https://docs.fedoraproject.org/en-US/rawhide-gating/multi-builds/
Thanks!
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1868279
[Bug 1868279] (F34FailsToInstall) - Fedora 34 Fails To install Tracker
--
You are receiving this mail because:
You are on the CC list for the bug.
3 years, 3 months
[Bug 1902189] New: jctools-3.2.0 is available
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1902189
Bug ID: 1902189
Summary: jctools-3.2.0 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: jctools
Keywords: FutureFeature, Triaged
Assignee: java-maint-sig(a)lists.fedoraproject.org
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: decathorpe(a)gmail.com,
java-maint-sig(a)lists.fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
puntogil(a)libero.it, roman(a)fenkhuber.at
Target Milestone: ---
Classification: Fedora
Latest upstream release: 3.2.0
Current version/release in rawhide: 3.1.0-1.fc34
URL: https://github.com/JCTools/JCTools
Please consult the package updates policy before you issue an update to a
stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from anitya:
https://release-monitoring.org/project/89333/
--
You are receiving this mail because:
You are on the CC list for the bug.
3 years, 3 months
[Bug 1902426] New: maven-wagon-3.4.2 is available
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1902426
Bug ID: 1902426
Summary: maven-wagon-3.4.2 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: maven-wagon
Keywords: FutureFeature, Triaged
Assignee: java-maint-sig(a)lists.fedoraproject.org
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: dbhole(a)redhat.com, decathorpe(a)gmail.com,
fnasser(a)redhat.com, jaromir.capik(a)email.cz,
java-maint-sig(a)lists.fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, yyang(a)redhat.com
Target Milestone: ---
Classification: Fedora
Latest upstream release: 3.4.2
Current version/release in rawhide: 3.4.1-3.fc33
URL: http://maven.apache.org/wagon
Please consult the package updates policy before you issue an update to a
stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from anitya:
https://release-monitoring.org/project/1947/
--
You are receiving this mail because:
You are on the CC list for the bug.
3 years, 3 months
[Bug 1902202] New: felix-utils-1.11.6 is available
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1902202
Bug ID: 1902202
Summary: felix-utils-1.11.6 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: felix-utils
Keywords: FutureFeature, Triaged
Assignee: java-maint-sig(a)lists.fedoraproject.org
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: decathorpe(a)gmail.com, jaromir.capik(a)email.cz,
java-maint-sig(a)lists.fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com
Target Milestone: ---
Classification: Fedora
Latest upstream release: 1.11.6
Current version/release in rawhide: 1.11.4-3.fc33
URL: http://www.apache.org/dist/felix/
Please consult the package updates policy before you issue an update to a
stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from anitya:
https://release-monitoring.org/project/799/
--
You are receiving this mail because:
You are on the CC list for the bug.
3 years, 3 months
[Bug 1910676] New: mojo-parent-60 is available
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1910676
Bug ID: 1910676
Summary: mojo-parent-60 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: mojo-parent
Keywords: FutureFeature, Triaged
Assignee: java-maint-sig(a)lists.fedoraproject.org
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: decathorpe(a)gmail.com,
java-maint-sig(a)lists.fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, sochotni(a)redhat.com
Target Milestone: ---
Classification: Fedora
Latest upstream release: 60
Current version/release in rawhide: 50-3.fc33
URL: http://www.mojohaus.org/mojo-parent/
Please consult the package updates policy before you issue an update to a
stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from anitya:
https://release-monitoring.org/project/2005/
--
You are receiving this mail because:
You are on the CC list for the bug.
3 years, 3 months
[Bug 1910186] New: plexus-pom-7 is available
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1910186
Bug ID: 1910186
Summary: plexus-pom-7 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: plexus-pom
Keywords: FutureFeature, Triaged
Assignee: java-maint-sig(a)lists.fedoraproject.org
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: decathorpe(a)gmail.com,
java-maint-sig(a)lists.fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, puntogil(a)libero.it
Target Milestone: ---
Classification: Fedora
Latest upstream release: 7
Current version/release in rawhide: 6.5-1.fc34
URL: https://github.com/codehaus-plexus/plexus-pom
Please consult the package updates policy before you issue an update to a
stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from anitya:
https://release-monitoring.org/project/20412/
--
You are receiving this mail because:
You are on the CC list for the bug.
3 years, 3 months
[Bug 1857976] New: jblas fails to build with java-11-openjdk
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1857976
Bug ID: 1857976
Summary: jblas fails to build with java-11-openjdk
Product: Fedora
Version: rawhide
Hardware: All
OS: All
Status: NEW
Component: jblas
Severity: high
Assignee: zbyszek(a)in.waw.pl
Reporter: jvanek(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: decathorpe(a)gmail.com,
java-maint-sig(a)lists.fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
jvanek(a)redhat.com, sgehwolf(a)redhat.com,
zbyszek(a)in.waw.pl
Blocks: 1825969 (Java11)
Target Milestone: ---
Classification: Fedora
jblas fails to build with java-11-openjdk as sytem JDK. See
https://fedoraproject.org/wiki/Changes/Java11 .
See especially part about known failures:
https://fedoraproject.org/wiki/Changes/Java11#common_issues_packagers_can...
For the build logs, see:
https://koji.fedoraproject.org/koji/taskinfo?taskID=47153609
We run the rebuild longer then 10days ago. Log may be gone. Also your package
may be passing in regular rawhide.
To reproduce, simply: fedpkg clone jblas; cd jblas; fedpkg build --target
f33-java11; #The target is crucial.
We run two reruns your package failed both.
We had tried 650 packages, and 500 had passed, so the java-11-openjdk will be
system JDK in f33, and you should fix your package if you want to keep it
alive. Usually the fix is simple, and best is to update the package to latest
upstream version.
There will be usual mass rebuild once f33 branches. You may got another FTBFS
bug.
Let us know here if you have any questions, here in bug, or at
java-devel(a)lists.fedoraproject.org .
We'd appreciate help from the people who know this package best, but if you
don't want to work on this now, let us know so we can try to work around it on
our side if needed.
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1825969
[Bug 1825969] java-11-openjdk as system JDK in F33
--
You are receiving this mail because:
You are on the CC list for the bug.
3 years, 4 months
[Bug 1690417] New: Newer version of plantuml available 1.2019.3
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1690417
Bug ID: 1690417
Summary: Newer version of plantuml available 1.2019.3
Product: Fedora
Version: rawhide
Hardware: All
OS: All
Status: NEW
Component: plantuml
Severity: medium
Assignee: jsafrane(a)redhat.com
Reporter: elavarde(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
jsafrane(a)redhat.com, puntogil(a)libero.it
Target Milestone: ---
Classification: Fedora
Description of problem:
The current packaged version of plantuml is 8033 and roughly 2 years old. Since
then there is a newer version 1.2019.3 and it would be nice to get it packaged.
Version-Release number of selected component (if applicable):
plantuml-8033-8.fc29.noarch
Additional info:
While you're packaging, two things to consider:
- the package must depend on graphviz to work (else it fails on missing `dot`)
- the Language Reference Guide should be packaged as well
--
You are receiving this mail because:
You are on the CC list for the bug.
3 years, 4 months
[Bug 1911503] New: CVE-2020-35728 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool [fedora-all]
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1911503
Bug ID: 1911503
Summary: CVE-2020-35728 jackson-databind: mishandles the
interaction between serialization gadgets and typing,
related to
com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDICon
nectionPool [fedora-all]
Product: Fedora
Version: 33
Status: NEW
Component: jackson-databind
Keywords: Security, SecurityTracking
Severity: high
Priority: high
Assignee: java-maint-sig(a)lists.fedoraproject.org
Reporter: gsuckevi(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: decathorpe(a)gmail.com,
java-maint-sig(a)lists.fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
lef(a)fedoraproject.org, puntogil(a)libero.it
Target Milestone: ---
Classification: Fedora
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
3 years, 4 months