[Bug 958727] New: plexus-utils: XMLWriterUtil should guard against problematic comments
by Red Hat Bugzilla
Product: Fedora
https://bugzilla.redhat.com/show_bug.cgi?id=958727
Bug ID: 958727
Summary: plexus-utils: XMLWriterUtil should guard against
problematic comments
Product: Fedora
Version: rawhide
Component: plexus-utils
Severity: unspecified
Priority: unspecified
Assignee: fnasser(a)redhat.com
Reporter: fweimer(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: fnasser(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com
Blocks: 958220
Category: ---
org.codehaus.plexus.util.xml#writeComment(XMLWriter, String, int, int, int)
does not check if the comment includes a "-->" sequence. This means that text
contained in the command string could be interpreted as XML, possibly leading
to XML injection issues, depending on how this method is being called.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=N5myzkUcYQ&a=cc_unsubscribe
7 years, 11 months
[Bug 958221] New: plexus-utils: directory traversal in org.codehaus.plexus.util.Expand
by Red Hat Bugzilla
Product: Fedora
https://bugzilla.redhat.com/show_bug.cgi?id=958221
Bug ID: 958221
Summary: plexus-utils: directory traversal in
org.codehaus.plexus.util.Expand
Product: Fedora
Version: rawhide
Component: plexus-utils
Severity: unspecified
Priority: unspecified
Assignee: fnasser(a)redhat.com
Reporter: fweimer(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: fnasser(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com
Blocks: 958220
Category: ---
org.codehaus.plexus.util.Expand does not guard against directory traversal, but
such protection is generally expected from unarchiving tools.
I think the class should just be deprecated and removed because there do not
appear to be any users left (not even a test case).
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=hp1lhU9LQd&a=cc_unsubscribe
7 years, 11 months
[Bug 1004916] New: Package doesn't provide a sysvinit script or systemd service unit
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1004916
Bug ID: 1004916
Summary: Package doesn't provide a sysvinit script or systemd
service unit
Product: Fedora
Version: 19
Component: activemq
Severity: high
Assignee: mspaulding06(a)gmail.com
Reporter: skottler(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: agrimm(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
mspaulding06(a)gmail.com, tdawson(a)redhat.com
Description of problem:
activemq doesn't provide the necessary scripts/config files to start.
Version-Release number of selected component (if applicable):
0:5.6.0-5.fc19
How reproducible:
Always.
Steps to Reproduce:
1. yum install -y activemq activemq-core
2. try starting the service
3. note there is not a service unit
This seems like a fairly major thing to be missing in the packages. Is there
another package or metapackage that needs to be installed for it to work?
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=IC3tNZ0uDP&a=cc_unsubscribe
8 years, 2 months