java-sig-commits June 2020

java-sig-commits@lists.fedoraproject.org

1 participants
390 discussions

[Bug 1847885] Failed to build rpms for tomcat 8.5.56 source code.
by bugzilla＠redhat.com 20 Jun '20

20 Jun '20

https://bugzilla.redhat.com/show_bug.cgi?id=1847885 hemanth <hemanthdasari453(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(hemanthdasari453@ | |gmail.com) | --- Comment #5 from hemanth <hemanthdasari453(a)gmail.com> --- Thank you !!! As per your comment, the dependencies required by 8.X,9.X or latest versions of tomcat is not provided by RHEL7 or centos. I have tried to build the 8.x latest tomcat rpms on the Fedora32 distribution which is providing all latest dependencies like javapackages-local,maven-local,pyhton3 ..etc utililty packages. It's working now. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1848967] New: CVE-2020-14061 jackson-databind: serialization in weblogic/oracle-aqjms [fedora-all]
by bugzilla＠redhat.com 19 Jun '20

19 Jun '20

https://bugzilla.redhat.com/show_bug.cgi?id=1848967 Bug ID: 1848967 Summary: CVE-2020-14061 jackson-databind: serialization in weblogic/oracle-aqjms [fedora-all] Product: Fedora Version: 32 Status: NEW Component: jackson-databind Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: decathorpe(a)gmail.com Reporter: darunesh(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: decathorpe(a)gmail.com, java-sig-commits(a)lists.fedoraproject.org, lef(a)fedoraproject.org, puntogil(a)libero.it, stewardship-sig(a)lists.fedoraproject.org Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug.

1 3

[Bug 1848963] New: CVE-2020-14062 jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool [fedora-all]
by bugzilla＠redhat.com 19 Jun '20

19 Jun '20

https://bugzilla.redhat.com/show_bug.cgi?id=1848963 Bug ID: 1848963 Summary: CVE-2020-14062 jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnecti onPool [fedora-all] Product: Fedora Version: 32 Status: NEW Component: jackson-databind Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: decathorpe(a)gmail.com Reporter: darunesh(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: decathorpe(a)gmail.com, java-sig-commits(a)lists.fedoraproject.org, lef(a)fedoraproject.org, puntogil(a)libero.it, stewardship-sig(a)lists.fedoraproject.org Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug.

1 3

[Bug 1848968] New: CVE-2020-14060 jackson-databind: serialization in oadd.org.apache.xalan.lib.sql.JNDIConnectionPool [fedora-all]
by bugzilla＠redhat.com 19 Jun '20

19 Jun '20

https://bugzilla.redhat.com/show_bug.cgi?id=1848968 Bug ID: 1848968 Summary: CVE-2020-14060 jackson-databind: serialization in oadd.org.apache.xalan.lib.sql.JNDIConnectionPool [fedora-all] Product: Fedora Version: 32 Status: NEW Component: jackson-databind Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: decathorpe(a)gmail.com Reporter: darunesh(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: decathorpe(a)gmail.com, java-sig-commits(a)lists.fedoraproject.org, lef(a)fedoraproject.org, puntogil(a)libero.it, stewardship-sig(a)lists.fedoraproject.org Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug.

1 3

[Bug 1848961] New: CVE-2020-14060 jackson-databind: serialization gadgets in oadd.org.apache.xalan.lib.sql.JNDIConnectionPool [fedora-all]
by bugzilla＠redhat.com 19 Jun '20

19 Jun '20

https://bugzilla.redhat.com/show_bug.cgi?id=1848961 Bug ID: 1848961 Summary: CVE-2020-14060 jackson-databind: serialization gadgets in oadd.org.apache.xalan.lib.sql.JNDIConnectionPool [fedora-all] Product: Fedora Version: 32 Status: NEW Component: jackson-databind Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: decathorpe(a)gmail.com Reporter: darunesh(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: decathorpe(a)gmail.com, java-sig-commits(a)lists.fedoraproject.org, lef(a)fedoraproject.org, puntogil(a)libero.it, stewardship-sig(a)lists.fedoraproject.org Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug.

1 2

[Bug 1848959] New: CVE-2020-14195 jackson-databind: mishandling of interaction between serialization gadgets and typing [fedora-all]
by bugzilla＠redhat.com 19 Jun '20

19 Jun '20

https://bugzilla.redhat.com/show_bug.cgi?id=1848959 Bug ID: 1848959 Summary: CVE-2020-14195 jackson-databind: mishandling of interaction between serialization gadgets and typing [fedora-all] Product: Fedora Version: 32 Status: NEW Component: jackson-databind Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: decathorpe(a)gmail.com Reporter: darunesh(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: decathorpe(a)gmail.com, java-sig-commits(a)lists.fedoraproject.org, lef(a)fedoraproject.org, puntogil(a)libero.it, stewardship-sig(a)lists.fedoraproject.org Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug.

1 3

[Bug 1847885] Failed to build rpms for tomcat 8.5.56 source code.
by bugzilla＠redhat.com 17 Jun '20

17 Jun '20

1 0

[Bug 1577416] aqute-bnd-5.1.1 is available
by bugzilla＠redhat.com 17 Jun '20

17 Jun '20

https://bugzilla.redhat.com/show_bug.cgi?id=1577416 Upstream Release Monitoring <upstream-release-monitoring(a)fedoraproject.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|aqute-bnd-5.1.0 is |aqute-bnd-5.1.1 is |available |available --- Comment #7 from Upstream Release Monitoring <upstream-release-monitoring(a)fedoraproject.org> --- Latest upstream release: 5.1.1 Current version/release in rawhide: 3.5.0-8.fc32 URL: http://bnd.bndtools.org/ Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/98/ -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1595621] CVE-2017-7658 jetty: Incorrect header handling
by bugzilla＠redhat.com 16 Jun '20

16 Jun '20

https://bugzilla.redhat.com/show_bug.cgi?id=1595621 --- Comment #8 from Chess Hazlett <chazlett(a)redhat.com> --- Statement: This issue affects the versions of jetty embedded in the nutch package as shipped with Red Hat Satellite 5. The nutch service is not exposed, as such exploitation is difficult, Red Hat Product Security has rated this issue as having security impact of Low. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/. This issue affects the version of jetty in Red Hat Data Grid 7's agent-bond utility, which is deprecated and only available for backward compatibility. Customers should use Prometheus JMX instead. This flaw does not affect Red Hat Data Grid 8. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1831446] New: FTI: netty: netty
by bugzilla＠redhat.com 16 Jun '20

16 Jun '20

https://bugzilla.redhat.com/show_bug.cgi?id=1831446 Bug ID: 1831446 Summary: FTI: netty: netty Product: Fedora Version: rawhide Status: NEW Component: netty Assignee: mat.booth(a)redhat.com Reporter: i.gnatenko.brain(a)gmail.com QA Contact: extras-qa(a)fedoraproject.org CC: decathorpe(a)gmail.com, java-sig-commits(a)lists.fedoraproject.org, jerboaa(a)gmail.com, mat.booth(a)redhat.com, sochotni(a)redhat.com Blocks: 1803235 (F33FailsToInstall) Target Milestone: --- Classification: Fedora Hello, Your package (netty) Fails To Install in Fedora 33: --- can't install netty-4.1.13-15.fc33.x86_64: - nothing provides mvn(com.fasterxml:aalto-xml) needed by netty-4.1.13-15.fc33.x86_64 --- According to a policy for FTBFS/FTI bugs (https://docs.fedoraproject.org/en-US/fesco/Fails_to_build_from_source_Fails…), your package may be orphaned in 8+ weeks if you won't reply to this bug. Thanks! Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1803235 [Bug 1803235] (F33FailsToInstall) - Fedora 33 Fails To install Tracker -- You are receiving this mail because: You are on the CC list for the bug.

1 8

← Newer
1
...
29
30
31
32
33
34
35
...
39
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

java-sig-commits June 2020