https://bugzilla.redhat.com/show_bug.cgi?id=2211812
Bug ID: 2211812
Summary: resteasy-6.2.4.Final is available
Product: Fedora
Version: rawhide
Status: NEW
Component: resteasy
Keywords: FutureFeature, Triaged
Assignee: edewata(a)redhat.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: alee(a)redhat.com, alexander.m.scheel(a)gmail.com,
cfu(a)redhat.com, ckelley(a)redhat.com, dchen(a)redhat.com,
edewata(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jmagne(a)redhat.com, mfargett(a)redhat.com,
mharmsen(a)redhat.com, puntogil(a)libero.it
Target Milestone: ---
Classification: Fedora
Releases retrieved: 3.15.7.Final
Upstream release that is considered latest: 6.2.4.Final
Current version/release in rawhide: 3.0.26-25.fc39
URL: https://resteasy.dev/
Please consult the package updates policy before you issue an update to a
stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/
More information about the service that created this bug can be found at:
https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_M…
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from Anitya:
https://release-monitoring.org/project/11453/
To change the monitoring settings for the project, please visit:
https://src.fedoraproject.org/rpms/resteasy
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2211812
https://bugzilla.redhat.com/show_bug.cgi?id=2210322
Bug ID: 2210322
Summary: CVE-2023-28709 tomcat: Fix for CVE-2023-24998 was
incomplete [fedora-all]
Product: Fedora
Version: 38
Status: NEW
Component: tomcat
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: csutherl(a)redhat.com
Reporter: pdelbell(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: alee(a)redhat.com, csutherl(a)redhat.com,
gzaronikas(a)gmail.com, huwang(a)redhat.com,
ivan.afonichev(a)gmail.com,
java-sig-commits(a)lists.fedoraproject.org
Target Milestone: ---
Classification: Fedora
More information about this security flaw is available in the following bug:
http://bugzilla.redhat.com/show_bug.cgi?id=2210321
Disclaimer: Community trackers are created by Red Hat Product Security team on
a best effort basis. Package maintainers are required to ascertain if the flaw
indeed affects their package, before starting the update process.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2210322
https://bugzilla.redhat.com/show_bug.cgi?id=2210214
Bug ID: 2210214
Summary: CVE-2023-31722 nasm: heap buffer overflow in
expand_mmacro() asm/preproc.c [fedora-all]
Product: Fedora
Version: 38
Status: NEW
Component: nasm
Keywords: Security, SecurityTracking
Severity: low
Priority: low
Assignee: dominik(a)greysector.net
Reporter: trathi(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: dominik(a)greysector.net,
java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, pbonzini(a)redhat.com
Target Milestone: ---
Classification: Fedora
More information about this security flaw is available in the following bug:
http://bugzilla.redhat.com/show_bug.cgi?id=2210211
Disclaimer: Community trackers are created by Red Hat Product Security team on
a best effort basis. Package maintainers are required to ascertain if the flaw
indeed affects their package, before starting the update process.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2210214
https://bugzilla.redhat.com/show_bug.cgi?id=2209388
Bug ID: 2209388
Summary: CVE-2023-20883 log4j: spring-boot: Spring Boot Welcome
Page DoS Vulnerability [fedora-all]
Product: Fedora
Version: 38
Status: NEW
Component: log4j
Keywords: Security, SecurityTracking
Severity: high
Priority: high
Assignee: paul.wouters(a)aiven.io
Reporter: pdelbell(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: devrim(a)gunduz.org, italo.garcia+fedora(a)aiven.io,
java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, paul.wouters(a)aiven.io,
rj.layco(a)gmail.com, rominf(a)aiven.io
Target Milestone: ---
Classification: Fedora
More information about this security flaw is available in the following bug:
http://bugzilla.redhat.com/show_bug.cgi?id=2209342
Disclaimer: Community trackers are created by Red Hat Product Security team on
a best effort basis. Package maintainers are required to ascertain if the flaw
indeed affects their package, before starting the update process.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2209388
https://bugzilla.redhat.com/show_bug.cgi?id=2196674
Bug ID: 2196674
Summary: CVE-2023-21971 mysql-connector-java: Connector/J
unspecified vulnerability (CPU April 2023)
[fedora-all]
Product: Fedora
Version: 38
Status: NEW
Component: mysql-connector-java
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: zmiklank(a)redhat.com
Reporter: mcascell(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: hhorak(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
ljavorsk(a)redhat.com, mkulik(a)redhat.com,
mschorm(a)redhat.com, puntogil(a)libero.it,
steve.traylen(a)cern.ch, zmiklank(a)redhat.com
Target Milestone: ---
Classification: Fedora
More information about this security flaw is available in the following bug:
http://bugzilla.redhat.com/show_bug.cgi?id=2196673
Disclaimer: Community trackers are created by Red Hat Product Security team on
a best effort basis. Package maintainers are required to ascertain if the flaw
indeed affects their package, before starting the update process.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2196674
https://bugzilla.redhat.com/show_bug.cgi?id=2064698
Bug ID: 2064698
Summary: CVE-2020-36518 jackson-databind: denial of service via
a large depth of nested objects
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: mrehak(a)redhat.com
CC: aboyko(a)redhat.com, aileenc(a)redhat.com,
alazarot(a)redhat.com, anstephe(a)redhat.com,
asoldano(a)redhat.com, ataylor(a)redhat.com,
bbaranow(a)redhat.com, bibryam(a)redhat.com,
bmaxwell(a)redhat.com, bmontgom(a)redhat.com,
boliveir(a)redhat.com, brian.stansberry(a)redhat.com,
cdewolf(a)redhat.com, cdorney(a)redhat.com,
cfu(a)redhat.com, chazlett(a)redhat.com,
ckelley(a)redhat.com, darran.lofthouse(a)redhat.com,
dkreling(a)redhat.com, dosoudil(a)redhat.com,
drieden(a)redhat.com, edewata(a)redhat.com,
emingora(a)redhat.com, eparis(a)redhat.com,
eric.wittmann(a)redhat.com, etirelli(a)redhat.com,
fjuma(a)redhat.com, ggaughan(a)redhat.com,
gmalinko(a)redhat.com, hbraun(a)redhat.com,
ibek(a)redhat.com, iweiss(a)redhat.com,
janstey(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jburrell(a)redhat.com, jmagne(a)redhat.com,
jochrist(a)redhat.com, jokerman(a)redhat.com,
jrokos(a)redhat.com, jross(a)redhat.com,
jstastny(a)redhat.com, jwon(a)redhat.com,
krathod(a)redhat.com, kverlaen(a)redhat.com,
lgao(a)redhat.com, mharmsen(a)redhat.com,
mnovotny(a)redhat.com, mosmerov(a)redhat.com,
msochure(a)redhat.com, msvehla(a)redhat.com,
nstielau(a)redhat.com, nwallace(a)redhat.com,
pantinor(a)redhat.com, pdelbell(a)redhat.com,
pdrozd(a)redhat.com, pjindal(a)redhat.com,
pmackay(a)redhat.com, puntogil(a)libero.it,
rguimara(a)redhat.com, rhcs-maint(a)redhat.com,
rrajasek(a)redhat.com, rstancel(a)redhat.com,
rsvoboda(a)redhat.com, smaestri(a)redhat.com,
sponnaga(a)redhat.com, sthorger(a)redhat.com,
swoodman(a)redhat.com, tom.jenkinson(a)redhat.com,
tzimanyi(a)redhat.com
Target Milestone: ---
Classification: Other
A Java StackOverflow exception and denial of service via a large depth of
nested objects.
Reference:
https://github.com/FasterXML/jackson-databind/issues/2816
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2064698
https://bugzilla.redhat.com/show_bug.cgi?id=2193303
Bug ID: 2193303
Summary: CVE-2022-44368 nasm: null pointer dereference in
obj_directive in output/outobj.c [fedora-38]
Product: Fedora
Version: 38
Status: NEW
Component: nasm
Keywords: Security, SecurityTracking
Severity: low
Priority: low
Assignee: dominik(a)greysector.net
Reporter: trathi(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: dominik(a)greysector.net,
java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, pbonzini(a)redhat.com
Target Milestone: ---
Classification: Fedora
More information about this security flaw is available in the following bug:
http://bugzilla.redhat.com/show_bug.cgi?id=2193050
Disclaimer: Community trackers are created by Red Hat Product Security team on
a best effort basis. Package maintainers are required to ascertain if the flaw
indeed affects their package, before starting the update process.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2193303
https://bugzilla.redhat.com/show_bug.cgi?id=2193302
Bug ID: 2193302
Summary: CVE-2022-44369 nasm: null pointer dereference in
aout_add_gotoff_reloc() in output/outaout.c
[fedora-38]
Product: Fedora
Version: 38
Status: NEW
Component: nasm
Keywords: Security, SecurityTracking
Severity: low
Priority: low
Assignee: dominik(a)greysector.net
Reporter: trathi(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: dominik(a)greysector.net,
java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, pbonzini(a)redhat.com
Target Milestone: ---
Classification: Fedora
More information about this security flaw is available in the following bug:
http://bugzilla.redhat.com/show_bug.cgi?id=2193051
Disclaimer: Community trackers are created by Red Hat Product Security team on
a best effort basis. Package maintainers are required to ascertain if the flaw
indeed affects their package, before starting the update process.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2193302
https://bugzilla.redhat.com/show_bug.cgi?id=2160814
Bug ID: 2160814
Summary: CVE-2022-46456 nasm: buffer overflow in
dbgdbg_typevalue() in output/outdbg.c [fedora-all]
Product: Fedora
Version: 37
Status: NEW
Component: nasm
Keywords: Security, SecurityTracking
Severity: low
Priority: low
Assignee: dominik(a)greysector.net
Reporter: gsuckevi(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: dominik(a)greysector.net,
java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, pbonzini(a)redhat.com
Target Milestone: ---
Classification: Fedora
More information about this security flaw is available in the following bug:
http://bugzilla.redhat.com/show_bug.cgi?id=2160807
Disclaimer: Community trackers are created by Red Hat Product Security team on
a best effort basis. Package maintainers are required to ascertain if the flaw
indeed affects their package, before starting the update process.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2160814
https://bugzilla.redhat.com/show_bug.cgi?id=2133075
Bug ID: 2133075
Summary: CVE-2022-41420 nasm: stack-based buffer overflow in
the ndisasm component
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: low
Priority: low
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: dominik(a)greysector.net,
java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, nickc(a)redhat.com,
pbonzini(a)redhat.com, sipoyare(a)redhat.com
Target Milestone: ---
Classification: Other
nasm v2.16 was discovered to contain a stack overflow in the Ndisasm component.
Reference:
https://bugzilla.nasm.us/show_bug.cgi?id=3392810
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2133075