September 2021 - java-sig-commits - Fedora Mailing-Lists

[Bug 1918544] New: fop-2.6 is available

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1918544 Bug ID: 1918544 Summary: fop-2.6 is available Product: Fedora Version: rawhide Status: NEW Component: fop Keywords: FutureFeature, Triaged Assignee: lemenkov(a)gmail.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, lemenkov(a)gmail.com, mizdebsk(a)redhat.com, rhbugs(a)n-dimensional.de, rlandman(a)redhat.com, tim(a)tim-landscheidt.de Target Milestone: --- Classification: Fedora Latest upstream release: 2.6 Current version/release in rawhide: 2.5-1.fc34 URL: https://xmlgraphics.apache.org/fop/ Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/829/ -- You are receiving this mail because: You are on the CC list for the bug.

2 years, 7 months

1
9
0 / 0

[Bug 1987576] New: icu4j: FTBFS in Fedora rawhide/f35

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1987576 Bug ID: 1987576 Summary: icu4j: FTBFS in Fedora rawhide/f35 Product: Fedora Version: rawhide Status: NEW Component: icu4j Assignee: akurtako(a)redhat.com Reporter: releng(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: akurtako(a)redhat.com, dbhole(a)redhat.com, fnasser(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, krzysztof.daniel(a)gmail.com, lef(a)fedoraproject.org, mizdebsk(a)redhat.com, nsantos(a)redhat.com Blocks: 1927309 (F35FTBFS,RAWHIDEFTBFS) Target Milestone: --- Classification: Fedora icu4j failed to build from source in Fedora rawhide/f35 https://koji.fedoraproject.org/koji/taskinfo?taskID=72381453 For details on the mass rebuild see: https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild Please fix icu4j at your earliest convenience and set the bug's status to ASSIGNED when you start fixing it. If the bug remains in NEW state for 8 weeks, icu4j will be orphaned. Before branching of Fedora 36, icu4j will be retired, if it still fails to build. For more details on the FTBFS policy, please visit: https://docs.fedoraproject.org/en-US/fesco/Fails_to_build_from_source_Fai... Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1927309 [Bug 1927309] Fedora 35 FTBFS Tracker -- You are receiving this mail because: You are on the CC list for the bug.

2 years, 7 months

1
8
0 / 0

[Bug 1997532] New: plexus-cipher-1.8 is available

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1997532 Bug ID: 1997532 Summary: plexus-cipher-1.8 is available Product: Fedora Version: rawhide Status: NEW Component: plexus-cipher Keywords: FutureFeature, Triaged Assignee: mizdebsk(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: huwang(a)redhat.com, jaromir.capik(a)email.cz, java-maint-sig(a)lists.fedoraproject.org, java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com Target Milestone: --- Classification: Fedora Latest upstream release: 1.8 Current version/release in rawhide: 1.7-24.fc35 URL: https://github.com/sonatype/plexus-cipher Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/3657/ -- You are receiving this mail because: You are on the CC list for the bug.

2 years, 7 months

1
3
0 / 0

[Bug 1785376] New: CVE-2017-18640 snakeyaml: the alias feature entity expansion during a load operation

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1785376 Bug ID: 1785376 Summary: CVE-2017-18640 snakeyaml: the alias feature entity expansion during a load operation Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: gsuckevi(a)redhat.com CC: decathorpe(a)gmail.com, hhorak(a)redhat.com, jaromir.capik(a)email.cz, java-maint(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, jorton(a)redhat.com, mizdebsk(a)redhat.com, mo(a)morsi.org, stewardship-sig(a)lists.fedoraproject.org Target Milestone: --- Classification: Other The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564. Reference: https://bitbucket.org/asomov/snakeyaml/issues/377/allow-configuration-for... -- You are receiving this mail because: You are on the CC list for the bug.

2 years, 7 months

1
33
0 / 0

[Bug 1578582] CVE-2018-1258 spring-security-core: Unauthorized Access with Spring Security Method Security

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1578582 Joshua Mulliken <jmullike(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |aboyko(a)redhat.com, | |chazlett(a)redhat.com, | |drieden(a)redhat.com, | |krathod(a)redhat.com, | |pdrozd(a)redhat.com, | |pjindal(a)redhat.com, | |sthorger(a)redhat.com -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=1578582

2 years, 7 months

1
0
0 / 0

[Bug 1464158] CVE-2017-9735 jetty: Timing channel attack in util/security/Password.java

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1464158 Joshua Mulliken <jmullike(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |aboyko(a)redhat.com, | |chazlett(a)redhat.com, | |drieden(a)redhat.com, | |krathod(a)redhat.com, | |pdrozd(a)redhat.com, | |pjindal(a)redhat.com, | |sthorger(a)redhat.com -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=1464158

2 years, 7 months

1
0
0 / 0

[Bug 1595621] CVE-2017-7658 jetty: Incorrect header handling

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1595621 Joshua Mulliken <jmullike(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |aboyko(a)redhat.com, | |drieden(a)redhat.com, | |krathod(a)redhat.com, | |pdrozd(a)redhat.com, | |sthorger(a)redhat.com -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=1595621

2 years, 7 months

1
0
0 / 0

[Bug 1595620] CVE-2017-7657 jetty: HTTP request smuggling

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1595620 Joshua Mulliken <jmullike(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jmullike(a)redhat.com -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=1595620

2 years, 7 months

1
0
0 / 0

[Bug 1595620] CVE-2017-7657 jetty: HTTP request smuggling

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1595620 Joshua Mulliken <jmullike(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |aboyko(a)redhat.com, | |drieden(a)redhat.com, | |krathod(a)redhat.com, | |pdrozd(a)redhat.com, | |pjindal(a)redhat.com, | |sthorger(a)redhat.com --- Comment #8 from Joshua Mulliken <jmullike(a)redhat.com> --- Adding RHSSO. A vulnerable version of jetty-server was detected in a newly generated BOM: { "publisher": "Mort Bay Consulting", "group": "org.eclipse.jetty", "name": "jetty-server", "version": "8.1.17.v20150415", "description": "The core jetty server artifact.", "scope": "required", "hashes": [ { "alg": "MD5", "content": "ea71b707de824a8a3cb9c19b5cfa5678" }, { "alg": "SHA-1", "content": "9e955fc5f9799aef0d1730430c1d7e285b422b11" }, { "alg": "SHA-256", "content": "61b833bf4fb0c4936d53c0073580a76092f7679b3623797b676fa5ca5dd51bb7" }, { "alg": "SHA-384", "content": "a3d76e03aedfd042f2b8d7c61c60fdc87d17ae3d9f7a08b4d6847e108153d2de45de5fbe66816222aa10170313c10ce8" }, { "alg": "SHA-512", "content": "ea653074310d405dc64871b96d04d6fb412b6d305aee2912ff9c4c52bdf98041951d5f10493e858464b6f4efc323d35da1920456098ddc9d00b36f1e9e99ca4f" }, { "alg": "SHA3-256", "content": "320fd51b0ce2f1410304d00c30cebedd744807c47896c92fb82099699e2eb631" }, { "alg": "SHA3-384", "content": "48ad92065fa19508fb88f46cd8983f1c4c5fb527e8c232ed3466c9d931430abbc2b6f1e81d8d0d4634bb2ff736adb547" }, { "alg": "SHA3-512", "content": "0e99dd32d1d5dec3fa4e40f12bb972846b87dece01ef863772b02638de88f7544d2459202ae970e216c3c0c995f6963cb5d526b866cba53203f8da55885f75ea" } ], "licenses": [ { "license": { "id": "Apache-2.0" } }, { "license": { "id": "EPL-1.0" } } ], "purl": "pkg:maven/org.eclipse.jetty/jetty-server@8.1.17.v20150415?type=jar", "externalReferences": [ { "type": "vcs", "url": "http://git.eclipse.org/c/jetty/org.eclipse.jetty.project.git/tree" }, { "type": "website", "url": "http://www.mortbay.com" }, { "type": "distribution", "url": "http://oss.sonatype.org/service/local/staging/deploy/maven2/" }, { "type": "issue-tracker", "url": "https://bugs.eclipse.org/bugs/enter_bug.cgi?product=Jetty" }, { "type": "mailing-list", "url": "http://dev.eclipse.org/mhonarc/lists/jetty-dev/maillist.html" } ], "type": "library", "bom-ref": "pkg:maven/org.eclipse.jetty/jetty-server@8.1.17.v20150415?type=jar" } -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=1595620

2 years, 7 months

1
0
0 / 0

[Bug 1595639] CVE-2017-7656 jetty: HTTP request smuggling using the range header

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1595639 Joshua Mulliken <jmullike(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |aboyko(a)redhat.com, | |drieden(a)redhat.com, | |krathod(a)redhat.com, | |pdrozd(a)redhat.com, | |pjindal(a)redhat.com, | |sthorger(a)redhat.com -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=1595639

2 years, 7 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

java-sig-commits September 2021