[Bug 1720601] New: javapackages-tools-5.3.1 is available
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1720601
Bug ID: 1720601
Summary: javapackages-tools-5.3.1 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: javapackages-tools
Keywords: FutureFeature, Triaged
Assignee: mizdebsk(a)redhat.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
mat.booth(a)redhat.com, mizdebsk(a)redhat.com,
msrb(a)redhat.com, sochotni(a)redhat.com
Target Milestone: ---
Classification: Fedora
Latest upstream release: 5.3.1
Current version/release in rawhide: 5.3.0-4.fc30
URL: https://github.com/fedora-java/javapackages
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from anitya:
https://release-monitoring.org/project/15556/
--
You are receiving this mail because:
You are on the CC list for the bug.
8 months
[Bug 1688070] New: takari-incrementalbuild-0.20.9 is available
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1688070
Bug ID: 1688070
Summary: takari-incrementalbuild-0.20.9 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: takari-incrementalbuild
Keywords: FutureFeature, Triaged
Assignee: extras-orphan(a)fedoraproject.org
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: dingyichen(a)gmail.com, extras-orphan(a)fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com
Target Milestone: ---
Classification: Fedora
Latest upstream release: 0.20.9
Current version/release in rawhide: 0.20.7-3.fc30
URL: http://takari.io
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from anitya:
https://release-monitoring.org/project/9579/
--
You are receiving this mail because:
You are on the CC list for the bug.
8 months
[Bug 2049783] New: CVE-2021-43859 xstream: Injecting highly recursive collections or maps can cause a DoS
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2049783
Bug ID: 2049783
Summary: CVE-2021-43859 xstream: Injecting highly recursive
collections or maps can cause a DoS
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: abenaiss(a)redhat.com, aileenc(a)redhat.com,
alazarot(a)redhat.com, anstephe(a)redhat.com,
aos-bugs(a)redhat.com, ataylor(a)redhat.com,
bibryam(a)redhat.com, bmontgom(a)redhat.com,
chazlett(a)redhat.com, didiksupriadi41(a)gmail.com,
drieden(a)redhat.com, emingora(a)redhat.com,
eparis(a)redhat.com, etirelli(a)redhat.com,
fedoraproject.org(a)bluhm-de.com, ggaughan(a)redhat.com,
gmalinko(a)redhat.com, hbraun(a)redhat.com,
ibek(a)redhat.com, janstey(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jburrell(a)redhat.com, jnethert(a)redhat.com,
jochrist(a)redhat.com, jokerman(a)redhat.com,
jolee(a)redhat.com, jrokos(a)redhat.com, jross(a)redhat.com,
jschatte(a)redhat.com, jstastny(a)redhat.com,
jwon(a)redhat.com, krathod(a)redhat.com,
kverlaen(a)redhat.com, lkundrak(a)v3.sk,
mizdebsk(a)redhat.com, mnovotny(a)redhat.com,
nstielau(a)redhat.com, pantinor(a)redhat.com,
pbhattac(a)redhat.com, pdelbell(a)redhat.com,
pjindal(a)redhat.com, rguimara(a)redhat.com,
rrajasek(a)redhat.com, spandura(a)redhat.com,
sponnaga(a)redhat.com, tzimanyi(a)redhat.com
Target Milestone: ---
Classification: Other
XStream is an open source java library to serialize objects to XML and back
again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100%
CPU time on the target system depending on CPU type or parallel execution of
such a payload resulting in a denial of service only by manipulating the
processed input stream. XStream 1.4.19 monitors and accumulates the time it
takes to add elements to collections and throws an exception if a set threshold
is exceeded. Users are advised to upgrade as soon as possible. Users unable to
upgrade may set the NO_REFERENCE mode to prevent recursion. See
GHSA-rmr5-cpv2-vgjf for further details on a workaround if an upgrade is not
possible.
References:
https://github.com/x-stream/xstream/security/advisories/GHSA-rmr5-cpv2-vgjf
https://x-stream.github.io/CVE-2021-43859.html
Upstream patch:
https://github.com/x-stream/xstream/commit/e8e88621ba1c85ac3b8620337dd672...
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2049783
9 months, 1 week
[Bug 2063869] New: Please provide google-gson for EPEL-9
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2063869
Bug ID: 2063869
Summary: Please provide google-gson for EPEL-9
Product: Fedora EPEL
Version: epel9
Status: NEW
Component: google-gson
Assignee: mat.booth(a)gmail.com
Reporter: fedoraproject.org(a)bluhm-de.com
QA Contact: extras-qa(a)fedoraproject.org
CC: dchen(a)redhat.com, jaromir.capik(a)email.cz,
java-sig-commits(a)lists.fedoraproject.org,
jerboaa(a)gmail.com, krzysztof.daniel(a)gmail.com,
mat.booth(a)gmail.com, mizdebsk(a)redhat.com,
sergio(a)serjux.com
Target Milestone: ---
Classification: Fedora
Can you please provide google-gson for EPEL-9?
There is the missing dependency 'bnd-maven-plugin' provided by package
aqute-bnd which fails a scratch build.
Thank you very much!
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2063869
9 months, 2 weeks