[Bug 1013603] New: jspc: Maven metadata is installed incorrectly
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1013603
Bug ID: 1013603
Summary: jspc: Maven metadata is installed incorrectly
Product: Fedora
Version: rawhide
Component: jspc
Assignee: pmackinn(a)redhat.com
Reporter: mizdebsk(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
pmackinn(a)redhat.com
Description of problem:
jspc package installs the same Maven metadata in more than one package. This
results in incorrect package provides.
Version-Release number of selected component (if applicable):
2.0-0.7.alpha.3
Steps to Reproduce:
1. Look at package provides
Actual results:
mvn(org.codehaus.mojo.jspc:jspc):
jspc:
package version: 2.0
provided version: 2.0-alpha-3
jspc-compiler-tomcat6 (jspc):
package version: 2.0
provided version: 2.0-alpha-3
jspc-compilers (jspc):
package version: 2.0
provided version: 2.0-alpha-3
jspc-maven-plugin (jspc):
package version: 2.0
provided version: 2.0-alpha-3
mvn(org.codehaus.mojo.jspc:jspc-compiler-api):
jspc:
package version: 2.0
provided version: 2.0-alpha-3
jspc-compiler-tomcat6 (jspc):
package version: 2.0
provided version: 2.0-alpha-3
jspc-compilers (jspc):
package version: 2.0
provided version: 2.0-alpha-3
jspc-maven-plugin (jspc):
package version: 2.0
provided version: 2.0-alpha-3
mvn(org.codehaus.mojo.jspc:jspc-compiler-tomcat6):
jspc:
package version: 2.0
provided version: 2.0-alpha-3
jspc-compiler-tomcat6 (jspc):
package version: 2.0
provided version: 2.0-alpha-3
jspc-compilers (jspc):
package version: 2.0
provided version: 2.0-alpha-3
jspc-maven-plugin (jspc):
package version: 2.0
provided version: 2.0-alpha-3
mvn(org.codehaus.mojo.jspc:jspc-compilers):
jspc:
package version: 2.0
provided version: 2.0-alpha-3
jspc-compiler-tomcat6 (jspc):
package version: 2.0
provided version: 2.0-alpha-3
jspc-compilers (jspc):
package version: 2.0
provided version: 2.0-alpha-3
jspc-maven-plugin (jspc):
package version: 2.0
provided version: 2.0-alpha-3
mvn(org.codehaus.mojo.jspc:jspc-maven-plugin):
jspc:
package version: 2.0
provided version: 2.0-alpha-3
jspc-compiler-tomcat6 (jspc):
package version: 2.0
provided version: 2.0-alpha-3
jspc-compilers (jspc):
package version: 2.0
provided version: 2.0-alpha-3
jspc-maven-plugin (jspc):
package version: 2.0
provided version: 2.0-alpha-3
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=Oals1syJlT&a=cc_unsubscribe
7 years, 8 months
[Bug 958727] New: plexus-utils: XMLWriterUtil should guard against problematic comments
by Red Hat Bugzilla
Product: Fedora
https://bugzilla.redhat.com/show_bug.cgi?id=958727
Bug ID: 958727
Summary: plexus-utils: XMLWriterUtil should guard against
problematic comments
Product: Fedora
Version: rawhide
Component: plexus-utils
Severity: unspecified
Priority: unspecified
Assignee: fnasser(a)redhat.com
Reporter: fweimer(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: fnasser(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com
Blocks: 958220
Category: ---
org.codehaus.plexus.util.xml#writeComment(XMLWriter, String, int, int, int)
does not check if the comment includes a "-->" sequence. This means that text
contained in the command string could be interpreted as XML, possibly leading
to XML injection issues, depending on how this method is being called.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=N5myzkUcYQ&a=cc_unsubscribe
7 years, 10 months
[Bug 958221] New: plexus-utils: directory traversal in org.codehaus.plexus.util.Expand
by Red Hat Bugzilla
Product: Fedora
https://bugzilla.redhat.com/show_bug.cgi?id=958221
Bug ID: 958221
Summary: plexus-utils: directory traversal in
org.codehaus.plexus.util.Expand
Product: Fedora
Version: rawhide
Component: plexus-utils
Severity: unspecified
Priority: unspecified
Assignee: fnasser(a)redhat.com
Reporter: fweimer(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: fnasser(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com
Blocks: 958220
Category: ---
org.codehaus.plexus.util.Expand does not guard against directory traversal, but
such protection is generally expected from unarchiving tools.
I think the class should just be deprecated and removed because there do not
appear to be any users left (not even a test case).
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=hp1lhU9LQd&a=cc_unsubscribe
7 years, 10 months
[Bug 1193307] New: tomcat: do not provide javax.el:el-api
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1193307
Bug ID: 1193307
Summary: tomcat: do not provide javax.el:el-api
Product: Fedora
Version: 22
Component: tomcat
Assignee: ivan.afonichev(a)gmail.com
Reporter: msrb(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: ivan.afonichev(a)gmail.com,
java-sig-commits(a)lists.fedoraproject.org,
krzysztof.daniel(a)gmail.com
Description of problem:
tomcat currently provides, among others, mvn(javax.el:el-api). The problem is
that the glassfish-el-api provides it as well. This causes other packages fail
to build, if both tomcat and glassfish-el-api happen to be in the buildroot. I
think that glassfish-el-api should be the one providing javax.el:el-api, as it
is a reference implementation of EL.
Java packaging guidelines should be updated as well.
Version-Release number of selected component (if applicable):
tomcat-8.0.18-1.fc23
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=kgtemPVawE&a=cc_unsubscribe
7 years, 11 months
[Bug 1185148] New: CVE-2014-9634 Jenkins on Tomcat: failure to set secure flag on cookies
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1185148
Bug ID: 1185148
Summary: CVE-2014-9634 Jenkins on Tomcat: failure to set secure
flag on cookies
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: low
Priority: low
Assignee: security-response-team(a)redhat.com
Reporter: kseifried(a)redhat.com
CC: bleanhar(a)redhat.com, ccoleman(a)redhat.com,
dmcphers(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jdetiber(a)redhat.com, jialiu(a)redhat.com,
jkeck(a)redhat.com, joelsmith(a)redhat.com,
jokerman(a)redhat.com, kseifried(a)redhat.com,
lmeyer(a)redhat.com, mmccomas(a)redhat.com,
msrb(a)redhat.com
Yann Rouillard reports:
Jenkins on Tomcat fails to set the secure flag on cookies.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=gU5XTmvmU1&a=cc_unsubscribe
8 years, 1 month
[Bug 1185151] New: CVE-2014-9635 Jenkins on Tomcat: failure to set httponly flag on cookies
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1185151
Bug ID: 1185151
Summary: CVE-2014-9635 Jenkins on Tomcat: failure to set
httponly flag on cookies
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: low
Priority: low
Assignee: security-response-team(a)redhat.com
Reporter: kseifried(a)redhat.com
CC: bleanhar(a)redhat.com, ccoleman(a)redhat.com,
dmcphers(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jdetiber(a)redhat.com, jialiu(a)redhat.com,
jkeck(a)redhat.com, joelsmith(a)redhat.com,
jokerman(a)redhat.com, kseifried(a)redhat.com,
lmeyer(a)redhat.com, mmccomas(a)redhat.com,
msrb(a)redhat.com
Yann Rouillard reports:
Jenkins on Tomcat fails to set the httponly flag on cookies.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=6JvfkFVyd4&a=cc_unsubscribe
8 years, 1 month