[Bug 922147] New: CVE-2013-0248 jakarta-commons-fileupload, apache-commons-fileupload: /tmp directory used by default for uploaded files (possibility to overwrite arbitrary files) [fedora-all]
by Red Hat Bugzilla
Product: Fedora
https://bugzilla.redhat.com/show_bug.cgi?id=922147
Bug ID: 922147
Summary: CVE-2013-0248 jakarta-commons-fileupload,
apache-commons-fileupload: /tmp directory used by
default for uploaded files (possibility to overwrite
arbitrary files) [fedora-all]
Product: Fedora
Version: 18
Component: apache-commons-fileupload
Keywords: Security, SecurityTracking
Severity: low
Priority: low
Assignee: mizdebsk(a)redhat.com
Reporter: jlieskov(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
jerboaa(a)gmail.com, mizdebsk(a)redhat.com,
msrb(a)redhat.com, sochotni(a)redhat.com,
SpikeFedora(a)gmail.com, tradej(a)redhat.com
Blocks: 922146 (CVE-2013-0248)
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: this issue affects multiple supported versions of Fedora.
Only one tracking bug has been filed; please ensure that it is only closed
when all affected versions are fixed.
[bug automatically created by: add-tracking-bugs]
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=i2Ts9FpsI9&a=cc_unsubscribe
9 years, 5 months
[Bug 1059236] New: icu4j: OSGi BSN conflict
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1059236
Bug ID: 1059236
Summary: icu4j: OSGi BSN conflict
Product: Fedora
Version: rawhide
Component: icu4j
Assignee: fnasser(a)redhat.com
Reporter: mizdebsk(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: akurtako(a)redhat.com, dbhole(a)redhat.com,
fnasser(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
krzysztof.daniel(a)gmail.com, nsantos(a)redhat.com
Description of problem:
Packages icu4j and icu4j-eclipse (which both are built from the same source
package icu4j) install two different JARs with the same OSGi
Bundle-SymbolicName. This causes two different RPMs have the same osgi
provides and because of that it's unspecified which package will be installed
to satisfy dependency on osgi(com.ibm.icu)
Version-Release number of selected component (if applicable):
50.1.1-2
Additional info:
Bundle-SymbolicName: com.ibm.icu
The JARs are:
/usr/share/java/icu4j.jar
/usr/share/java/icu4j-eclipse/plugins/com.ibm.icu_50.1.1.v20130412.jar
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=seV7azHKzb&a=cc_unsubscribe
9 years, 5 months
[Bug 1065259] New: [abrt] zookeeper: free_completions(): cli_mt killed by SIGSEGV
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1065259
Bug ID: 1065259
Summary: [abrt] zookeeper: free_completions(): cli_mt killed by
SIGSEGV
Product: Fedora
Version: 20
Component: zookeeper
Assignee: tstclair(a)redhat.com
Reporter: cnangel(a)gmail.com
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
jeff(a)ocjtech.us, skottler(a)redhat.com,
tstclair(a)redhat.com
Description of problem:
it crashed when I was using zookeeper
> cli_mt 127.0.0.1:12181
> ls /
time = 0 msec
/: rc = 0
zookeeper
time = 0 msec
> quit
Quitting...
段错误(吐核)
Version-Release number of selected component:
zookeeper-3.4.5-12.fc20
Additional info:
reporter: libreport-2.1.12
.gdb_history:
backtrace_rating: 4
cmdline: cli_mt 127.0.0.1:12181
crash_function: free_completions
executable: /usr/bin/cli_mt
kernel: 3.12.10-300.fc20.x86_64
runlevel: N 5
type: CCpp
uid: 1000
Truncated backtrace:
Thread no. 1 (10 frames)
#0 free_completions at src/zookeeper.c:1153
#1 zookeeper_close at src/zookeeper.c:2490
#2 api_epilog at src/zookeeper.c:1779
#3 zookeeper_close at src/zookeeper.c:2496
#4 api_epilog at src/zookeeper.c:1779
#5 zookeeper_close at src/zookeeper.c:2496
#6 api_epilog at src/zookeeper.c:1779
#7 zookeeper_close at src/zookeeper.c:2496
#8 api_epilog at src/zookeeper.c:1779
#9 zookeeper_close at src/zookeeper.c:2496
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=7vK6qLRLKV&a=cc_unsubscribe
9 years, 6 months
[Bug 1011115] New: [RFE] request for epel package
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1011115
Bug ID: 1011115
Summary: [RFE] request for epel package
Product: Fedora
Version: rawhide
Component: maven
Severity: low
Assignee: sochotni(a)redhat.com
Reporter: jcpunk(a)gmail.com
QA Contact: extras-qa(a)fedoraproject.org
CC: akurtako(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, msrb(a)redhat.com,
sochotni(a)redhat.com
Description of problem: Can Maven be packaged for EPEL6? It would be useful to
have easy access to this software.
Version-Release number of selected component (if applicable):3.0.4
How reproducible: 100%
Steps to Reproduce:
1.
2.
3.
Actual results:
Expected results:
Additional info:
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=SmFVuK8SXc&a=cc_unsubscribe
9 years, 6 months
[Bug 1026741] New: tomcat should create and own %{_localstatedir}/lib/tomcats
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1026741
Bug ID: 1026741
Summary: tomcat should create and own
%{_localstatedir}/lib/tomcats
Product: Fedora
Version: rawhide
Component: tomcat
Assignee: ivan.afonichev(a)gmail.com
Reporter: sgehwolf(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: akurtako(a)redhat.com, ivan.afonichev(a)gmail.com,
java-sig-commits(a)lists.fedoraproject.org,
kdaniel(a)redhat.com
Description of problem:
/usr/lib/systemd/system/tomcat@.service describes how to use tomcat with custom
CATALINA_BASE in /var/lib/tomcats/name. However, directory /var/lib/tomcats
does not exist.
Version-Release number of selected component (if applicable):
$ rpm -q tomcat
tomcat-7.0.47-1.fc21.noarch
How reproducible:
Always.
Steps to Reproduce:
1. yum install tomcat
2. ls /var/lib/tomcats
Actual results:
No such file or directory
Expected results:
Empty directory exists.
Additional info:
If custom tomcats start to own this directory chaos will occur if more than one
of those is installed. Getting file conflicts. Such custom tomcats should only
own /var/lib/tomcats/<name> NOT /var/lib/tomcats itself.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=76v64CH8Na&a=cc_unsubscribe
9 years, 7 months
[Bug 1069925] New: CVE-2013-4322 tomcat: incomplete fix for CVE-2012-3544 [fedora-all]
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1069925
Bug ID: 1069925
Summary: CVE-2013-4322 tomcat: incomplete fix for CVE-2012-3544
[fedora-all]
Product: Fedora
Version: 20
Component: tomcat
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: ivan.afonichev(a)gmail.com
Reporter: vdanen(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: ivan.afonichev(a)gmail.com,
java-sig-commits(a)lists.fedoraproject.org,
krzysztof.daniel(a)gmail.com
Blocks: 1069905 (CVE-2013-4322)
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: this issue affects multiple supported versions of Fedora.
Only one tracking bug has been filed; please ensure that it is only closed
when all affected versions are fixed.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1069905
[Bug 1069905] CVE-2013-4322 tomcat: incomplete fix for CVE-2012-3544
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=TbLxcDol7X&a=cc_unsubscribe
9 years, 7 months
[Bug 1064673] New: CVE-2014-0050 tomcat: apache-commons-fileupload: denial of service due to too-small buffer size used bt MultipartStream [fedora-all]
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1064673
Bug ID: 1064673
Summary: CVE-2014-0050 tomcat: apache-commons-fileupload:
denial of service due to too-small buffer size used bt
MultipartStream [fedora-all]
Product: Fedora
Version: 20
Component: tomcat
Keywords: Security, SecurityTracking
Severity: high
Priority: high
Assignee: ivan.afonichev(a)gmail.com
Reporter: aneelica(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: ivan.afonichev(a)gmail.com,
java-sig-commits(a)lists.fedoraproject.org,
krzysztof.daniel(a)gmail.com
Blocks: 1062337 (CVE-2014-0050)
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: this issue affects multiple supported versions of Fedora.
Only one tracking bug has been filed; please ensure that it is only closed
when all affected versions are fixed.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1062337
[Bug 1062337] CVE-2014-0050 apache-commons-fileupload: denial of service
due to too-small buffer size used bt MultipartStream
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=DQuvl77ILU&a=cc_unsubscribe
9 years, 7 months