March 2016 - java-sig-commits - Fedora Mailing-Lists

[Bug 1166658] New: xbean: Enable xbean-blueprint module

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1166658 Bug ID: 1166658 Summary: xbean: Enable xbean-blueprint module Product: Fedora Version: rawhide Component: xbean Keywords: FutureFeature Assignee: mizdebsk(a)redhat.com Reporter: mizdebsk(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, krzysztof.daniel(a)gmail.com, mizdebsk(a)redhat.com, msimacek(a)redhat.com, msrb(a)redhat.com Depends On: 1166655 Description of problem: xbean-blueprint is currently disabled due to dependency on newer version of aries-blueprint (>= 1.0.0). Version-Release number of selected component (if applicable): 4.1-1 Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1166655 [Bug 1166655] aries-blueprint: Update to latest upstream version -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=ztgLsAFA0o&a=cc_unsubscribe

7 years, 9 months

1
6
0 / 0

[Bug 998251] New: activemq 5.8.0 is available

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=998251 Bug ID: 998251 Summary: activemq 5.8.0 is available Product: Fedora Version: rawhide Component: activemq Assignee: mspaulding06(a)gmail.com Reporter: puntogil(a)libero.it QA Contact: extras-qa(a)fedoraproject.org CC: agrimm(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, mspaulding06(a)gmail.com, tdawson(a)redhat.com Created attachment 787792 --> https://bugzilla.redhat.com/attachment.cgi?id=787792&action=edit update to 5.8.0 Upstream released activemq 5.8.0. Currently, we still have version 5.6.0 in Rawhide. Please consider updating, patch is attached. changes in spaec file - update to 5.8.0 - built with XMvn - adapt to current guideline - obsoletes activemq-core activemq-kahadb - built new modules: ° amq-store, broker, console, jdbc-store, ° log4j-appender, mqtt, openwire-generator, ° openwire-legacy, pool, ra, tooling (ra module is required by Apache OpenEJB/Tomee 4.5.1) - fix for CVE-2013-1879 (PATCH0) - fix for rhbz#991956 NOTE some features cannot be avalaible, cause: require com.thoughtworks.xstream:xstream:1.4.4 -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=AN1TJhSLSq&a=cc_unsubscribe

7 years, 9 months

1
42
0 / 0

[Bug 1146661] New: tika 1.6 is available

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1146661 Bug ID: 1146661 Summary: tika 1.6 is available Product: Fedora Version: rawhide Component: tika Assignee: puntogil(a)libero.it Reporter: puntogil(a)libero.it QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, puntogil(a)libero.it tika 1.6 is available consider upgrading -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=f0X60AI3xi&a=cc_unsubscribe

7 years, 9 months

1
32
0 / 0

[Bug 919544] New: maven-changes-plugin-2.9 is available

by Red Hat Bugzilla

Product: Fedora https://bugzilla.redhat.com/show_bug.cgi?id=919544 Bug ID: 919544 Summary: maven-changes-plugin-2.9 is available Product: Fedora Version: rawhide Component: maven-changes-plugin Keywords: FutureFeature, Triaged Severity: unspecified Priority: unspecified Reporter: upstream-release-monitoring(a)fedoraproject.org Latest upstream release: 2.9 Current version in Fedora Rawhide: 2.8 URL: http://repo2.maven.org/maven2/org/apache/maven/plugins/maven-changes-plugin/ Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=sDYMSa0kpl&a=cc_unsubscribe

7 years, 9 months

1
13
0 / 0

[Bug 1311950] New: CVE-2016-0792 jenkins: Remote code execution through remote API (SECURITY-247)

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1311950 Bug ID: 1311950 Summary: CVE-2016-0792 jenkins: Remote code execution through remote API (SECURITY-247) Product: Security Response Component: vulnerability Keywords: Security Severity: high Priority: high Assignee: security-response-team(a)redhat.com Reporter: anemec(a)redhat.com CC: abhgupta(a)redhat.com, bleanhar(a)redhat.com, ccoleman(a)redhat.com, dmcphers(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, jialiu(a)redhat.com, jkeck(a)redhat.com, joelsmith(a)redhat.com, jokerman(a)redhat.com, kseifried(a)redhat.com, lmeyer(a)redhat.com, mizdebsk(a)redhat.com, mmccomas(a)redhat.com, msrb(a)redhat.com, tiwillia(a)redhat.com The following flaw was found in Jenkins: Jenkins has several API endpoints that allow low-privilege users to POST XML files that then get deserialized by Jenkins. Maliciously crafted XML files sent to these API endpoints could result in arbitrary code execution. External References: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+20... -- You are receiving this mail because: You are on the CC list for the bug.

7 years, 9 months

1
12
0 / 0

[Bug 1311949] New: CVE-2016-0791 jenkins: Non-constant time comparison of CSRF crumbs (SECURITY-245)

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1311949 Bug ID: 1311949 Summary: CVE-2016-0791 jenkins: Non-constant time comparison of CSRF crumbs (SECURITY-245) Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: anemec(a)redhat.com CC: abhgupta(a)redhat.com, bleanhar(a)redhat.com, ccoleman(a)redhat.com, dmcphers(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, jialiu(a)redhat.com, jkeck(a)redhat.com, joelsmith(a)redhat.com, jokerman(a)redhat.com, kseifried(a)redhat.com, lmeyer(a)redhat.com, mizdebsk(a)redhat.com, mmccomas(a)redhat.com, msrb(a)redhat.com, tiwillia(a)redhat.com The following flaw was found in Jenkins: The verification of user-provided CSRF crumbs with the expected value did not use a constant-time comparison algorithm, potentially allowing attackers to use statistical methods to determine valid CSRF crumbs using brute-force methods. External References: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+20... -- You are receiving this mail because: You are on the CC list for the bug.

7 years, 9 months

1
10
0 / 0

[Bug 1311948] New: CVE-2016-0790 jenkins: Non-constant time comparison of API token (SECURITY-241)

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1311948 Bug ID: 1311948 Summary: CVE-2016-0790 jenkins: Non-constant time comparison of API token (SECURITY-241) Product: Security Response Component: vulnerability Keywords: Security Severity: high Priority: high Assignee: security-response-team(a)redhat.com Reporter: anemec(a)redhat.com CC: abhgupta(a)redhat.com, bleanhar(a)redhat.com, ccoleman(a)redhat.com, dmcphers(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, jialiu(a)redhat.com, jkeck(a)redhat.com, joelsmith(a)redhat.com, jokerman(a)redhat.com, kseifried(a)redhat.com, lmeyer(a)redhat.com, mizdebsk(a)redhat.com, mmccomas(a)redhat.com, msrb(a)redhat.com, tiwillia(a)redhat.com The following flaw was found in Jenkins: The verification of user-provided API tokens with the expected value did not use a constant-time comparison algorithm, potentially allowing attackers to use statistical methods to determine valid API tokens using brute-force methods. External References: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+20... -- You are receiving this mail because: You are on the CC list for the bug.

7 years, 9 months

1
10
0 / 0

[Bug 1311947] New: CVE-2016-0789 jenkins: HTTP response splitting vulnerability (SECURITY-238)

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1311947 Bug ID: 1311947 Summary: CVE-2016-0789 jenkins: HTTP response splitting vulnerability (SECURITY-238) Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: anemec(a)redhat.com CC: abhgupta(a)redhat.com, bleanhar(a)redhat.com, ccoleman(a)redhat.com, dmcphers(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, jialiu(a)redhat.com, jkeck(a)redhat.com, joelsmith(a)redhat.com, jokerman(a)redhat.com, kseifried(a)redhat.com, lmeyer(a)redhat.com, mizdebsk(a)redhat.com, mmccomas(a)redhat.com, msrb(a)redhat.com, tiwillia(a)redhat.com The following flaw was found in Jenkins: An HTTP response splitting vulnerability in the CLI command documentation allowed attackers to craft Jenkins URLs that serve malicious content. External References: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+20... -- You are receiving this mail because: You are on the CC list for the bug.

7 years, 9 months

1
10
0 / 0

[Bug 1311946] New: CVE-2016-0788 jenkins: Remote code execution vulnerability in remoting module (SECURITY-232)

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1311946 Bug ID: 1311946 Summary: CVE-2016-0788 jenkins: Remote code execution vulnerability in remoting module (SECURITY-232) Product: Security Response Component: vulnerability Keywords: Security Severity: high Priority: high Assignee: security-response-team(a)redhat.com Reporter: anemec(a)redhat.com CC: abhgupta(a)redhat.com, bleanhar(a)redhat.com, ccoleman(a)redhat.com, dmcphers(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, jialiu(a)redhat.com, jkeck(a)redhat.com, joelsmith(a)redhat.com, jokerman(a)redhat.com, kseifried(a)redhat.com, lmeyer(a)redhat.com, mizdebsk(a)redhat.com, mmccomas(a)redhat.com, msrb(a)redhat.com, tiwillia(a)redhat.com The following flaw was found in Jenkins: A vulnerability in the Jenkins remoting module allowed unauthenticated remote attackers to open a JRMP listener on the server hosting the Jenkins master process, which allowed arbitrary code execution. External References: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+20... -- You are receiving this mail because: You are on the CC list for the bug.

7 years, 9 months

1
10
0 / 0

[Bug 1267936] New: tomcat-8.0.27 is available

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1267936 Bug ID: 1267936 Summary: tomcat-8.0.27 is available Product: Fedora Version: rawhide Component: tomcat Keywords: FutureFeature, Triaged Assignee: ivan.afonichev(a)gmail.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: alee(a)redhat.com, ivan.afonichev(a)gmail.com, java-sig-commits(a)lists.fedoraproject.org, krzysztof.daniel(a)gmail.com, me(a)coolsvap.net Latest upstream release: 8.0.27 Current version/release in rawhide: 8.0.26-1.fc24 URL: http://tomcat.apache.org/ Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=2yFPFm39iH&a=cc_unsubscribe

7 years, 9 months

1
22
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

java-sig-commits March 2016