[Bug 1931311] New: snakeyaml-1.28 is available
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1931311
Bug ID: 1931311
Summary: snakeyaml-1.28 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: snakeyaml
Keywords: FutureFeature, Triaged
Assignee: java-maint-sig(a)lists.fedoraproject.org
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: decathorpe(a)gmail.com, jaromir.capik(a)email.cz,
java-maint-sig(a)lists.fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, mo(a)morsi.org
Target Milestone: ---
Classification: Fedora
Latest upstream release: 1.28
Current version/release in rawhide: 1.27-2.fc34
URL: https://bitbucket.org/asomov/snakeyaml/
Please consult the package updates policy before you issue an update to a
stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from anitya:
https://release-monitoring.org/project/4842/
--
You are receiving this mail because:
You are on the CC list for the bug.
1 year, 7 months
[Bug 1860184] New: xbean-4.17 is available
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1860184
Bug ID: 1860184
Summary: xbean-4.17 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: xbean
Keywords: FutureFeature, Triaged
Assignee: stewardship-sig(a)lists.fedoraproject.org
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: decathorpe(a)gmail.com,
java-sig-commits(a)lists.fedoraproject.org,
jjelen(a)redhat.com, krzysztof.daniel(a)gmail.com,
mizdebsk(a)redhat.com, sochotni(a)redhat.com,
stewardship-sig(a)lists.fedoraproject.org
Target Milestone: ---
Classification: Fedora
Latest upstream release: 4.17
Current version/release in rawhide: 4.15-2.fc32
URL: https://geronimo.apache.org/xbean/index.html
Please consult the package updates policy before you issue an update to a
stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from anitya:
https://release-monitoring.org/project/5162/
--
You are receiving this mail because:
You are on the CC list for the bug.
1 year, 7 months
[Bug 1950707] New: easymock-4.3 is available
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1950707
Bug ID: 1950707
Summary: easymock-4.3 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: easymock
Keywords: FutureFeature, Triaged
Assignee: java-maint-sig(a)lists.fedoraproject.org
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: dbhole(a)redhat.com, decathorpe(a)gmail.com,
fnasser(a)redhat.com,
java-maint-sig(a)lists.fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com
Target Milestone: ---
Classification: Fedora
Latest upstream release: 4.3
Current version/release in rawhide: 4.2-2.fc34
URL: http://www.easymock.org
Please consult the package updates policy before you issue an update to a
stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from anitya:
https://release-monitoring.org/project/649/
--
You are receiving this mail because:
You are on the CC list for the bug.
1 year, 7 months
[Bug 1745960] New: Request to build tomcat for EPEL 8
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1745960
Bug ID: 1745960
Summary: Request to build tomcat for EPEL 8
Product: Fedora EPEL
Version: el6
Status: NEW
Component: tomcat
Assignee: ivan.afonichev(a)gmail.com
Reporter: adam.winberg(a)smhi.se
QA Contact: extras-qa(a)fedoraproject.org
CC: alee(a)redhat.com, coolsvap(a)gmail.com,
csutherl(a)redhat.com, ivan.afonichev(a)gmail.com,
java-sig-commits(a)lists.fedoraproject.org,
krzysztof.daniel(a)gmail.com
Target Milestone: ---
Classification: Fedora
Tomcat is not available from official Red Hat repos in RHEL8, so no conflict
should exist?
--
You are receiving this mail because:
You are on the CC list for the bug.
1 year, 7 months
[Bug 1934116] New: CVE-2020-27223 jetty: request containing multiple Accept headers with a large number of "quality" parameters may lead to DoS
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1934116
Bug ID: 1934116
Summary: CVE-2020-27223 jetty: request containing multiple
Accept headers with a large number of "quality"
parameters may lead to DoS
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: abenaiss(a)redhat.com, aboyko(a)redhat.com,
aileenc(a)redhat.com, akoufoud(a)redhat.com,
alazarot(a)redhat.com, almorale(a)redhat.com,
anstephe(a)redhat.com, aos-bugs(a)redhat.com,
ataylor(a)redhat.com, bibryam(a)redhat.com,
bmontgom(a)redhat.com, chazlett(a)redhat.com,
drieden(a)redhat.com,
eclipse-sig(a)lists.fedoraproject.org,
eparis(a)redhat.com, etirelli(a)redhat.com,
ganandan(a)redhat.com, ggaughan(a)redhat.com,
gmalinko(a)redhat.com, gvarsami(a)redhat.com,
hbraun(a)redhat.com, ibek(a)redhat.com,
janstey(a)redhat.com, java-maint(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jburrell(a)redhat.com, jcoleman(a)redhat.com,
jjohnstn(a)redhat.com, jochrist(a)redhat.com,
jokerman(a)redhat.com, jstastny(a)redhat.com,
jwon(a)redhat.com, kconner(a)redhat.com,
krathod(a)redhat.com, krzysztof.daniel(a)gmail.com,
kverlaen(a)redhat.com, ldimaggi(a)redhat.com,
mat.booth(a)redhat.com, mcermak(a)redhat.com,
mizdebsk(a)redhat.com, mnovotny(a)redhat.com,
mprchlik(a)redhat.com, nstielau(a)redhat.com,
nwallace(a)redhat.com, pantinor(a)redhat.com,
patrickm(a)redhat.com, pbhattac(a)redhat.com,
pdrozd(a)redhat.com, pjindal(a)redhat.com,
rrajasek(a)redhat.com, rsynek(a)redhat.com,
rwagner(a)redhat.com, sdaley(a)redhat.com,
sd-operator-metering(a)redhat.com, sochotni(a)redhat.com,
sponnaga(a)redhat.com, sthorger(a)redhat.com,
tcunning(a)redhat.com, tflannag(a)redhat.com,
tkirby(a)redhat.com, vbobade(a)redhat.com,
vkadlcik(a)redhat.com
Target Milestone: ---
Classification: Other
In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and
11.0.0 when Jetty handles a request containing multiple Accept headers with a
large number of “quality” (i.e. q) parameters, the server may enter a denial of
service (DoS) state due to high CPU usage processing those quality values,
resulting in minutes of CPU time exhausted processing those quality values.
References:
https://bugs.eclipse.org/bugs/show_bug.cgi?id=571128
https://github.com/eclipse/jetty.project/security/advisories/GHSA-m394-8r...
--
You are receiving this mail because:
You are on the CC list for the bug.
1 year, 7 months
[Bug 1934401] New: beust-jcommander-1.81 is available
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1934401
Bug ID: 1934401
Summary: beust-jcommander-1.81 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: beust-jcommander
Keywords: FutureFeature, Triaged
Assignee: java-maint-sig(a)lists.fedoraproject.org
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: decathorpe(a)gmail.com, jaromir.capik(a)email.cz,
java-maint-sig(a)lists.fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
jvanek(a)redhat.com, mizdebsk(a)redhat.com
Target Milestone: ---
Classification: Fedora
Latest upstream release: 1.81
Current version/release in rawhide: 1.78-5.fc34
URL: https://github.com/cbeust/jcommander
Please consult the package updates policy before you issue an update to a
stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from anitya:
https://release-monitoring.org/project/179/
--
You are receiving this mail because:
You are on the CC list for the bug.
1 year, 7 months
[Bug 1982336] New: CVE-2021-36373 ant: excessive memory allocation when reading a specially crafted TAR archive
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1982336
Bug ID: 1982336
Summary: CVE-2021-36373 ant: excessive memory allocation when
reading a specially crafted TAR archive
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: abenaiss(a)redhat.com, aileenc(a)redhat.com,
akoufoud(a)redhat.com, alazarot(a)redhat.com,
almorale(a)redhat.com, anstephe(a)redhat.com,
aos-bugs(a)redhat.com, asoldano(a)redhat.com,
atangrin(a)redhat.com, bbaranow(a)redhat.com,
bibryam(a)redhat.com, bmaxwell(a)redhat.com,
bmontgom(a)redhat.com, brian.stansberry(a)redhat.com,
cdewolf(a)redhat.com, chazlett(a)redhat.com,
darran.lofthouse(a)redhat.com, dkreling(a)redhat.com,
dosoudil(a)redhat.com, drieden(a)redhat.com,
eleandro(a)redhat.com, eparis(a)redhat.com,
etirelli(a)redhat.com, fjuma(a)redhat.com,
ggaughan(a)redhat.com, gmalinko(a)redhat.com,
gvarsami(a)redhat.com, hbraun(a)redhat.com,
ibek(a)redhat.com, iweiss(a)redhat.com,
janstey(a)redhat.com, jaromir.capik(a)email.cz,
java-maint-sig(a)lists.fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
jburrell(a)redhat.com, jcoleman(a)redhat.com,
jochrist(a)redhat.com, jokerman(a)redhat.com,
jolee(a)redhat.com, jpallich(a)redhat.com,
jperkins(a)redhat.com, jrokos(a)redhat.com,
jschatte(a)redhat.com, jstastny(a)redhat.com,
jwon(a)redhat.com, kconner(a)redhat.com,
krathod(a)redhat.com, kverlaen(a)redhat.com,
kwills(a)redhat.com, ldimaggi(a)redhat.com,
lgao(a)redhat.com, loleary(a)redhat.com,
mizdebsk(a)redhat.com, mnovotny(a)redhat.com,
msochure(a)redhat.com, msrb(a)redhat.com,
msvehla(a)redhat.com, nstielau(a)redhat.com,
nwallace(a)redhat.com, pantinor(a)redhat.com,
pbhattac(a)redhat.com, pjindal(a)redhat.com,
pmackay(a)redhat.com, rguimara(a)redhat.com,
rrajasek(a)redhat.com, rstancel(a)redhat.com,
rsvoboda(a)redhat.com, rwagner(a)redhat.com,
sd-operator-metering(a)redhat.com, smaestri(a)redhat.com,
spinder(a)redhat.com, sponnaga(a)redhat.com,
tcunning(a)redhat.com, tflannag(a)redhat.com,
theute(a)redhat.com, tkirby(a)redhat.com,
tom.jenkinson(a)redhat.com, tzimanyi(a)redhat.com,
vbobade(a)redhat.com, yborgess(a)redhat.com
Target Milestone: ---
Classification: Other
When reading a specially crafted TAR archive an Apache Ant build can be made to
allocate large amounts of memory that finally leads to an out of memory error,
even for small inputs. This can be used to disrupt builds using Apache Ant.
Apache Ant prior to 1.9.16 and 1.10.11 were affected.
Reference:
https://lists.apache.org/thread.html/r54afdab05e01de970649c2d91a993f68a6b...
--
You are receiving this mail because:
You are on the CC list for the bug.
1 year, 8 months
[Bug 1981903] New: CVE-2021-35517 apache-commons-compress: excessive memory allocation when reading a specially crafted TAR archive
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1981903
Bug ID: 1981903
Summary: CVE-2021-35517 apache-commons-compress: excessive
memory allocation when reading a specially crafted TAR
archive
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: dblechte(a)redhat.com, dfediuck(a)redhat.com,
eedri(a)redhat.com, hhorak(a)redhat.com,
java-maint-sig(a)lists.fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
jorton(a)redhat.com, mgoldboi(a)redhat.com,
michal.skrivanek(a)redhat.com, mizdebsk(a)redhat.com,
mkoncek(a)redhat.com, sbonazzo(a)redhat.com,
sherold(a)redhat.com, SpikeFedora(a)gmail.com,
yturgema(a)redhat.com
Target Milestone: ---
Classification: Other
When reading a specially crafted TAR archive, Compress can be made to allocate
large amounts of memory that finally leads to an out of memory error even for
very small inputs. This could be used to mount a denial of service attack
against services that use Compress' tar package.
References:
https://commons.apache.org/proper/commons-compress/security-reports.html
https://lists.apache.org/thread.html/r605d906b710b95f1bbe0036a53ac6968f66...
http://www.openwall.com/lists/oss-security/2021/07/13/3
--
You are receiving this mail because:
You are on the CC list for the bug.
1 year, 8 months