November 2017 - java-sig-commits - Fedora Mailing-Lists

[Bug 1510332] CVE-2017-14941 jasperreports: Cleartext storage of passwords

by bugzilla＠redhat.com

6 years, 6 months

1
0
0 / 0

[Bug 1465573] CVE-2017-7536 hibernate-validator: Privilege escalation when running under the security manager

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1465573 --- Comment #16 from errata-xmlrpc <errata-xmlrpc(a)redhat.com> --- This issue has been addressed in the following products: RHEV 4.X RHEV-H and Agents for RHEL-7 Via RHSA-2017:3141 https://access.redhat.com/errata/RHSA-2017:3141 -- You are receiving this mail because: You are on the CC list for the bug.

6 years, 6 months

1
0
0 / 0

[Bug 1462702] CVE-2017-7525 jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1462702 --- Comment #38 from errata-xmlrpc <errata-xmlrpc(a)redhat.com> --- This issue has been addressed in the following products: RHEV 4.X RHEV-H and Agents for RHEL-7 Via RHSA-2017:3141 https://access.redhat.com/errata/RHSA-2017:3141 -- You are receiving this mail because: You are on the CC list for the bug.

6 years, 6 months

1
0
0 / 0

[Bug 1506612] CVE-2017-15095 jackson-databind: Unsafe deserialization due to incomplete black list ( incomplete fix for CVE-2017-7525)

by bugzilla＠redhat.com

6 years, 6 months

1
0
0 / 0

[Bug 1462702] CVE-2017-7525 jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1462702 --- Comment #37 from Raphael Sanchez Prudencio <rasanche(a)redhat.com> --- Why exactly this task has rhsa_sla flag if it's not Critical? -- You are receiving this mail because: You are on the CC list for the bug.

6 years, 6 months

1
0
0 / 0

[Bug 1506612] CVE-2017-15095 jackson-databind: Unsafe deserialization due to incomplete black list ( incomplete fix for CVE-2017-7525)

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1506612 Tomas Hoger <thoger(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1510363 Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1510363 [Bug 1510363] CVE-2017-15095 rh-eclipse47-jackson-databind: jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-7525) [devtools-2.1.z] -- You are receiving this mail because: You are on the CC list for the bug.

6 years, 6 months

1
0
0 / 0

[Bug 1510332] CVE-2017-14941 jasperreports: Cleartext storage of passwords

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1510332 Andrej Nemec <anemec(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1510334 -- You are receiving this mail because: You are on the CC list for the bug.

6 years, 6 months

1
0
0 / 0

[Bug 1410481] CVE-2017-2582 picketlink, keycloak: SAML request parser replaces special strings with system properties

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1410481 Bharti Kundal <bkundal(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1510311 -- You are receiving this mail because: You are on the CC list for the bug.

6 years, 6 months

1
0
0 / 0

[Bug 1490329] New: Please update to junit 5

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1490329 Bug ID: 1490329 Summary: Please update to junit 5 Product: Fedora Version: rawhide Component: junit4 Assignee: extras-orphan(a)fedoraproject.org Reporter: akurtako(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: dwalluck(a)redhat.com, extras-orphan(a)fedoraproject.org, java-sig-commits(a)lists.fedoraproject.org Please update to JUnit 5 or add it as new package. Eclipse upstream gained dependency on it and we will need it for future updates. -- You are receiving this mail because: You are on the CC list for the bug.

6 years, 6 months

1
11
0 / 0

[Bug 1506612] CVE-2017-15095 jackson-databind: Unsafe deserialization due to incomplete black list ( incomplete fix for CVE-2017-7525)

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1506612 --- Comment #13 from Doran Moppert <dmoppert(a)redhat.com> --- Mitigation: Mitigation to this problem is to not trigger polymorphic desrialization globally by using: objectMapper.enableDefaultTyping() and rather use @JsonTypeInfo on the class property to explicitly define the type information. For more information on this issue please refer to https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw... -- You are receiving this mail because: You are on the CC list for the bug.

6 years, 6 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

java-sig-commits November 2017