[Bug 1945715] New: CVE-2021-28165 jetty: Resource exhaustion when receiving an invalid large TLS frame [fedora-all]
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1945715
Bug ID: 1945715
Summary: CVE-2021-28165 jetty: Resource exhaustion when
receiving an invalid large TLS frame [fedora-all]
Product: Fedora
Version: 33
Status: NEW
Component: jetty
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: mat.booth(a)gmail.com
Reporter: psampaio(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: eclipse-sig(a)lists.fedoraproject.org,
jjohnstn(a)redhat.com, krzysztof.daniel(a)gmail.com,
mat.booth(a)gmail.com, mizdebsk(a)redhat.com,
sochotni(a)redhat.com
Target Milestone: ---
Classification: Fedora
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
3 years
[Bug 1945713] New: CVE-2021-28164 jetty: Ambiguous paths can access WEB-INF [fedora-all]
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1945713
Bug ID: 1945713
Summary: CVE-2021-28164 jetty: Ambiguous paths can access
WEB-INF [fedora-all]
Product: Fedora
Version: 33
Status: NEW
Component: jetty
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: mat.booth(a)gmail.com
Reporter: psampaio(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: eclipse-sig(a)lists.fedoraproject.org,
jjohnstn(a)redhat.com, krzysztof.daniel(a)gmail.com,
mat.booth(a)gmail.com, mizdebsk(a)redhat.com,
sochotni(a)redhat.com
Target Milestone: ---
Classification: Fedora
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
3 years
[Bug 1945711] New: CVE-2021-28163 jetty: Symlink directory exposes webapp directory contents [fedora-all]
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1945711
Bug ID: 1945711
Summary: CVE-2021-28163 jetty: Symlink directory exposes webapp
directory contents [fedora-all]
Product: Fedora
Version: 33
Status: NEW
Component: jetty
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: mat.booth(a)gmail.com
Reporter: psampaio(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: eclipse-sig(a)lists.fedoraproject.org,
jjohnstn(a)redhat.com, krzysztof.daniel(a)gmail.com,
mat.booth(a)gmail.com, mizdebsk(a)redhat.com,
sochotni(a)redhat.com
Target Milestone: ---
Classification: Fedora
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
3 years
[Bug 1941336] New: Unable to push to repository from eclipse
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1941336
Bug ID: 1941336
Summary: Unable to push to repository from eclipse
Product: Fedora
Version: 33
Hardware: x86_64
OS: Linux
Status: NEW
Component: eclipse-jgit
Severity: urgent
Assignee: mat.booth(a)redhat.com
Reporter: danielsun3164(a)gmail.com
QA Contact: extras-qa(a)fedoraproject.org
CC: akurtako(a)redhat.com, andjrobins(a)gmail.com,
eclipse-sig(a)lists.fedoraproject.org,
jerboaa(a)gmail.com, mat.booth(a)redhat.com,
rgrunber(a)redhat.com
Target Milestone: ---
Classification: Fedora
Description of problem:
Unable to push to repository from eclipse
Version-Release number of selected component (if applicable):
$ rpm -q jgit eclipse-egit eclipse-jgit
jgit-5.11.0-1.fc33.noarch
eclipse-egit-5.11.0-1.fc33.noarch
eclipse-jgit-5.11.0-1.fc33.noarch
How reproducible:
Everytime
Steps to Reproduce:
1. Push to github repository from eclipse
2.
3.
Actual results:
Eclipse shows an error about "remote hung up unexpectedly".
Expected results:
Eclipse should be able to push to github repository
Additional info:
The following log was in .metadata/.log
org.eclipse.jgit.errors.TransportException:
git@github.com:username/project.git: remote hung up unexpectedly
at
org.eclipse.jgit.transport.TransportGitSsh$SshPushConnection.<init>(TransportGitSsh.java:383)
at
org.eclipse.jgit.transport.TransportGitSsh.openPush(TransportGitSsh.java:159)
at org.eclipse.jgit.transport.PushProcess.execute(PushProcess.java:127)
at org.eclipse.jgit.transport.Transport.push(Transport.java:1384)
at org.eclipse.egit.core.op.PushOperation.run(PushOperation.java:191)
at
org.eclipse.egit.ui.internal.push.ConfirmationPage$2.run(ConfirmationPage.java:210)
at
org.eclipse.jface.operation.ModalContext$ModalContextThread.run(ModalContext.java:122)
Caused by: java.lang.NoClassDefFoundError: Could not initialize class
org.eclipse.jgit.internal.transport.sshd.CachingKeyPairProvider
at
org.eclipse.jgit.transport.sshd.SshdSessionFactory.lambda$getDefaultKeys$5(SshdSessionFactory.java:489)
at
java.base/java.util.concurrent.ConcurrentHashMap.computeIfAbsent(ConcurrentHashMap.java:1705)
at
org.eclipse.jgit.transport.sshd.SshdSessionFactory.getDefaultKeys(SshdSessionFactory.java:487)
at
org.eclipse.jgit.transport.sshd.SshdSessionFactory.lambda$getSession$1(SshdSessionFactory.java:202)
at
org.eclipse.jgit.transport.sshd.SshdSession.<init>(SshdSession.java:91)
at
org.eclipse.jgit.transport.sshd.SshdSessionFactory.getSession(SshdSessionFactory.java:186)
at
org.eclipse.jgit.transport.sshd.SshdSessionFactory.getSession(SshdSessionFactory.java:73)
at
org.eclipse.jgit.transport.SshTransport.getSession(SshTransport.java:107)
at
org.eclipse.jgit.transport.TransportGitSsh$SshPushConnection.<init>(TransportGitSsh.java:358)
... 6 more
--
You are receiving this mail because:
You are on the CC list for the bug.
3 years
[Bug 1937445] New: CVE-2020-13959 velocity: XSS in the default error page for VelocityView
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1937445
Bug ID: 1937445
Summary: CVE-2020-13959 velocity: XSS in the default error page
for VelocityView
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: aboyko(a)redhat.com, aileenc(a)redhat.com,
akoufoud(a)redhat.com, akurtako(a)redhat.com,
alazarot(a)redhat.com, almorale(a)redhat.com,
andjrobins(a)gmail.com, anstephe(a)redhat.com,
aos-bugs(a)redhat.com, asoldano(a)redhat.com,
atangrin(a)redhat.com, ataylor(a)redhat.com,
bbaranow(a)redhat.com, bibryam(a)redhat.com,
bmaxwell(a)redhat.com, bmontgom(a)redhat.com,
brian.stansberry(a)redhat.com, cdewolf(a)redhat.com,
chazlett(a)redhat.com, darran.lofthouse(a)redhat.com,
dbhole(a)redhat.com, decathorpe(a)gmail.com,
devrim(a)gunduz.org, dkreling(a)redhat.com,
dosoudil(a)redhat.com, drieden(a)redhat.com,
ebaron(a)redhat.com,
eclipse-sig(a)lists.fedoraproject.org,
eleandro(a)redhat.com, eparis(a)redhat.com,
etirelli(a)redhat.com, fjuma(a)redhat.com,
ganandan(a)redhat.com, ggaughan(a)redhat.com,
gmalinko(a)redhat.com, gvarsami(a)redhat.com,
hbraun(a)redhat.com, ibek(a)redhat.com, iweiss(a)redhat.com,
janstey(a)redhat.com, java-maint(a)redhat.com,
java-maint-sig(a)lists.fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
jburrell(a)redhat.com, jcantril(a)redhat.com,
jcoleman(a)redhat.com, jerboaa(a)gmail.com,
jjohnstn(a)redhat.com, jochrist(a)redhat.com,
jokerman(a)redhat.com, jolee(a)redhat.com,
jperkins(a)redhat.com, jross(a)redhat.com,
jschatte(a)redhat.com, jstastny(a)redhat.com,
jwon(a)redhat.com, kconner(a)redhat.com,
krathod(a)redhat.com, kverlaen(a)redhat.com,
kwills(a)redhat.com, ldimaggi(a)redhat.com,
lef(a)fedoraproject.org, lgao(a)redhat.com,
loleary(a)redhat.com, mat.booth(a)redhat.com,
mizdebsk(a)redhat.com, mnovotny(a)redhat.com,
msochure(a)redhat.com, msvehla(a)redhat.com,
nstielau(a)redhat.com, nwallace(a)redhat.com,
pantinor(a)redhat.com, pjindal(a)redhat.com,
pmackay(a)redhat.com, rgrunber(a)redhat.com,
rguimara(a)redhat.com, rhcs-maint(a)redhat.com,
rrajasek(a)redhat.com, rstancel(a)redhat.com,
rsvoboda(a)redhat.com, rsynek(a)redhat.com,
rwagner(a)redhat.com, sdaley(a)redhat.com,
sd-operator-metering(a)redhat.com, smaestri(a)redhat.com,
sochotni(a)redhat.com, spinder(a)redhat.com,
sponnaga(a)redhat.com, tcunning(a)redhat.com,
tflannag(a)redhat.com, theute(a)redhat.com,
tkirby(a)redhat.com, tom.jenkinson(a)redhat.com,
yborgess(a)redhat.com
Target Milestone: ---
Classification: Other
The default error page for VelocityView in Apache Velocity Tools prior to 3.1
reflects back the vm file that was entered as part of the URL. An attacker can
set an XSS payload file as this vm file in the URL which results in this
payload being executed. XSS vulnerabilities allow attackers to execute
arbitrary JavaScript in the context of the attacked website and the attacked
user. This can be abused to steal session cookies, perform requests in the name
of the victim or for phishing attacks.
References:
https://lists.apache.org/thread.html/r6802a38c3041059e763a1aadd7b37fe95de...
http://www.openwall.com/lists/oss-security/2021/03/10/2
--
You are receiving this mail because:
You are on the CC list for the bug.
3 years
[Bug 1683547] New: lucene-7.7.1 is available
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1683547
Bug ID: 1683547
Summary: lucene-7.7.1 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: lucene
Keywords: FutureFeature, Triaged
Assignee: akurtako(a)redhat.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: akurtako(a)redhat.com, dbhole(a)redhat.com,
dingyichen(a)gmail.com,
eclipse-sig(a)lists.fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
jerboaa(a)gmail.com, krzysztof.daniel(a)gmail.com,
lef(a)fedoraproject.org, rgrunber(a)redhat.com
Target Milestone: ---
Classification: Fedora
Latest upstream release: 7.7.1
Current version/release in rawhide: 7.7.0-1.fc30
URL: http://lucene.apache.org/
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from anitya:
https://release-monitoring.org/project/7178/
--
You are receiving this mail because:
You are on the CC list for the bug.
3 years
[Bug 1937950] New: Eclipse Plugin Development Environment is not correct, org.eclipse.ui unresolved
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1937950
Bug ID: 1937950
Summary: Eclipse Plugin Development Environment is not correct,
org.eclipse.ui unresolved
Product: Fedora
Version: 34
Hardware: x86_64
OS: Linux
Status: NEW
Component: eclipse
Severity: high
Assignee: mat.booth(a)redhat.com
Reporter: p1mail2015(a)mail.com
QA Contact: extras-qa(a)fedoraproject.org
CC: akurtako(a)redhat.com, andjrobins(a)gmail.com,
dbhole(a)redhat.com, ebaron(a)redhat.com,
eclipse-sig(a)lists.fedoraproject.org,
jerboaa(a)gmail.com, jjohnstn(a)redhat.com,
lef(a)fedoraproject.org, mat.booth(a)redhat.com,
rgrunber(a)redhat.com
Target Milestone: ---
Classification: Fedora
How reproducible:
Always.
Steps to Reproduce:
Install Fedora 34 beta
https://dl.fedoraproject.org/pub/alt/stage/34_Beta-1.1/Spins/x86_64/iso/F...
Or use Fedora 33.
1. Start Eclipse
2. Open a new empty Workspace.
3. Create a project: Plug-in Development/Plug-in Project, Next,
<Test_name>, Next, Next
4. Create a plug-in using a template: Hello, World Command, Finish.
5. Open Perspective.
Actual results:
In MANIFEST.MF/Dependencies 'org.eclipse.ui' unresolved (red x)
Errors (17 items)
Description Resource Path Location Type
AbstractHandler cannot be resolved to a type SampleHandler.java
/Test/src/test/handlers line 10 Java Problem
Bundle 'org.eclipse.ui' cannot be resolved MANIFEST.MF /Test/META-INF line
6 Plug-in Problem
ExecutionEvent cannot be resolved to a type SampleHandler.java
/Test/src/test/handlers line 13 Java Problem
ExecutionException cannot be resolved to a type SampleHandler.java
/Test/src/test/handlers line 13 Java Problem
HandlerUtil cannot be resolved SampleHandler.java /Test/src/test/handlers
line 14 Java Problem
IWorkbenchWindow cannot be resolved to a type SampleHandler.java
/Test/src/test/handlers line 14 Java Problem
MessageDialog cannot be resolved SampleHandler.java /Test/src/test/handlers
line 15 Java Problem
The import org.eclipse cannot be resolved SampleHandler.java
/Test/src/test/handlers line 3 Java Problem
The import org.eclipse cannot be resolved SampleHandler.java
/Test/src/test/handlers line 4 Java Problem
The import org.eclipse cannot be resolved SampleHandler.java
/Test/src/test/handlers line 5 Java Problem
The import org.eclipse cannot be resolved SampleHandler.java
/Test/src/test/handlers line 6 Java Problem
The import org.eclipse cannot be resolved SampleHandler.java
/Test/src/test/handlers line 7 Java Problem
The import org.eclipse cannot be resolved SampleHandler.java
/Test/src/test/handlers line 8 Java Problem
Unknown extension point: 'org.eclipse.ui.bindings' plugin.xml /Test line 25
Plug-in Problem
Unknown extension point: 'org.eclipse.ui.commands' plugin.xml /Test line 6
Plug-in Problem
Unknown extension point: 'org.eclipse.ui.handlers' plugin.xml /Test line 18
Plug-in Problem
Unknown extension point: 'org.eclipse.ui.menus' plugin.xml /Test line 34
Plug-in Problem
Expected results:
Additional info:
This works in my old F30 system.
What differ between Eclipse 2020-12 (4.18 w. openjdk 11.0.10, F33) and
Eclipse 2019-06 (4.12 w. openjdk 1.8.0, F30) is the number of plugins in the
Target platform.
Going into Windows/Preferences/Plug-in Development/Target Platform/Running
Platform/Edit:
I have 5501 plugins in my F30 system but only 574 in my new F33 system.
And in tab Content: Bundle 'org.eclipse.ui' is missing in F33!
This is working in following release downloaded from from 'eclipse.org'.
Version: 2020-12 (4.18.0) Build id: 20201210-1552.
Install: ./eclipse-inst select 'Eclipse IDE for Eclipse Committe'
(/usr/lib/jvm/jre-15-openjdk)
F34:
eclipse-platform-4.18-3.fc34.x86_64
eclipse-pde-4.18-3.fc34.x86_64
Noticeable here is that the version is more or less same between F34
(4.18.3) and Eclipse (4.18.0) so I guess it must be a packaging issue...
--
You are receiving this mail because:
You are on the CC list for the bug.
3 years
[Bug 1925966] New: Eclipse IDE not working in Fedora 33 - fails with BundleException - could not resolve module org.eclipse.compare
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1925966
Bug ID: 1925966
Summary: Eclipse IDE not working in Fedora 33 - fails with
BundleException - could not resolve module
org.eclipse.compare
Product: Fedora
Version: 33
Hardware: x86_64
OS: Linux
Status: NEW
Component: eclipse
Severity: low
Assignee: mat.booth(a)redhat.com
Reporter: paul.brian.coleman(a)gmail.com
QA Contact: extras-qa(a)fedoraproject.org
CC: akurtako(a)redhat.com, andjrobins(a)gmail.com,
dbhole(a)redhat.com, ebaron(a)redhat.com,
eclipse-sig(a)lists.fedoraproject.org,
jerboaa(a)gmail.com, jjohnstn(a)redhat.com,
lef(a)fedoraproject.org, mat.booth(a)redhat.com,
rgrunber(a)redhat.com
Target Milestone: ---
Classification: Fedora
Created attachment 1755529
--> https://bugzilla.redhat.com/attachment.cgi?id=1755529&action=edit
eclipse log file
Installation of Eclipse package from Fedora 33 repo finishes without error, but
Eclipse does not start when run.
Version-Release number of selected component (if applicable):
Fedora:33, 64bit
Java: OpenJDK 18.0.10+9, mixed mode sharing
Eclipse-platform 4.18 1.fc33
How reproducible:
Steps to Reproduce:
1. sudo dnf remove eclipse eclipse-equinox-osgi eclipse-emf-core eclipse-swt
eclipse-ecf-core
2. rpm -qa | grep eclipse # verified no eclipse packages present
3. sudo dnf install eclipse #installed eclipse-jdt, apiguardian,
eclipse-ecf-core, eclipse-emf-core, eclipse-equinox-osgi, eclipse-platform,
eclipse-swt
4. open terminal
5. enter "eclipse"
Actual results:
- get splash screen for fractional second and then a GTK dialog box to check
the log file for errors
- eclipse does not start
- disappointment
Expected results:
- eclipse to start
Additional info:
up-to-date Fedora 33 machine
Eclipse was installed previously (possibly under Fedora 32)
--
You are receiving this mail because:
You are on the CC list for the bug.
3 years
[Bug 1887176] New: Ecliple wont start after install.
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1887176
Bug ID: 1887176
Summary: Ecliple wont start after install.
Product: Fedora
Version: 32
Hardware: x86_64
OS: Linux
Status: NEW
Component: eclipse
Assignee: mat.booth(a)redhat.com
Reporter: pwrzonca(a)gmail.com
QA Contact: extras-qa(a)fedoraproject.org
CC: akurtako(a)redhat.com, andjrobins(a)gmail.com,
dbhole(a)redhat.com, ebaron(a)redhat.com,
eclipse-sig(a)lists.fedoraproject.org,
jerboaa(a)gmail.com, jjohnstn(a)redhat.com,
lef(a)fedoraproject.org, mat.booth(a)redhat.com,
rgrunber(a)redhat.com
Target Milestone: ---
Classification: Fedora
Created attachment 1720675
--> https://bugzilla.redhat.com/attachment.cgi?id=1720675&action=edit
logfile
Description of problem:
Ecliple wont start after install.
Version-Release number of selected component (if applicable):
fedora 32, eclipse 2020-06
How reproducible:
Steps to Reproduce:
1. Install eclipse
2. Try to start it
3.
Actual results:
Error massage that direct me to read log which doesn't say too much for me.
Expected results:
Additional info:
--
You are receiving this mail because:
You are on the CC list for the bug.
3 years
[Bug 1895529] New: Eclipse do not start
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1895529
Bug ID: 1895529
Summary: Eclipse do not start
Product: Fedora
Version: 33
Status: NEW
Component: eclipse
Assignee: mat.booth(a)redhat.com
Reporter: pwrzonca(a)gmail.com
QA Contact: extras-qa(a)fedoraproject.org
CC: akurtako(a)redhat.com, andjrobins(a)gmail.com,
dbhole(a)redhat.com, ebaron(a)redhat.com,
eclipse-sig(a)lists.fedoraproject.org,
jerboaa(a)gmail.com, jjohnstn(a)redhat.com,
lef(a)fedoraproject.org, mat.booth(a)redhat.com,
rgrunber(a)redhat.com
Target Milestone: ---
Classification: Fedora
Created attachment 1727294
--> https://bugzilla.redhat.com/attachment.cgi?id=1727294&action=edit
Log file
Description of problem:
Fresh install of eclipse. It does not start and an error message pops up with
location of log file (enclosing).
Version-Release number of selected component (if applicable):
1:4.16-13
How reproducible:
Steps to Reproduce:
1. sudo dnf install eclipse
2. run eclipse
3.
Actual results:
Error message.
Expected results:
Working Eclipse.
Additional info:
--
You are receiving this mail because:
You are on the CC list for the bug.
3 years