[Bug 1508795] New: okio-1.13.0 is available
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1508795
Bug ID: 1508795
Summary: okio-1.13.0 is available
Product: Fedora
Version: rawhide
Component: okio
Assignee: mizdebsk(a)redhat.com
Reporter: mgansser(a)online.de
QA Contact: extras-qa(a)fedoraproject.org
CC: gerard(a)ryan.lt,
java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, msimacek(a)redhat.com
I got it compiled with this two lines in the prep section:
# remove missing additional dependencies for the compiler plugin
%pom_xpath_remove
'pom:plugin[pom:artifactId="maven-compiler-plugin"]//pom:compilerId'
%pom_xpath_remove
'pom:plugin[pom:artifactId="maven-compiler-plugin"]//pom:dependencies'
--
You are receiving this mail because:
You are on the CC list for the bug.
6 years, 5 months
[Bug 1508110] CVE-2016-5002 xmlrpc: XML external entity vulnerability SSRF via a crafted DTD
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1508110
Andrej Nemec <anemec(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC|abhgupta(a)redhat.com, |sisharma(a)redhat.com,
|kseifried(a)redhat.com, |smohan(a)redhat.com,
|tiwillia(a)redhat.com |ssaha(a)redhat.com,
| |vbellur(a)redhat.com
Whiteboard|impact=moderate,public=2016 |impact=moderate,public=2016
|0524,reported=20160524,sour |0524,reported=20160524,sour
|ce=cve,cvss3=6.4/CVSS:3.0/A |ce=cve,cvss3=6.4/CVSS:3.0/A
|V:N/AC:L/PR:L/UI:N/S:C/C:L/ |V:N/AC:L/PR:L/UI:N/S:C/C:L/
|I:L/A:N,cwe=CWE-352,fedora- |I:L/A:N,cwe=CWE-352,fedora-
|all/xmlrpc=affected,rhel-5/ |all/xmlrpc=affected,rhel-5/
|xmlrpc=new,rhel-6/xmlrpc3=n |xmlrpc=new,rhel-6/xmlrpc3=n
|ew,rhel-7/xmlrpc=new,rhev-m |ew,rhel-7/xmlrpc=new,rhev-m
|-4/xmlrpc=new,rhev-m-4/xmlr |-4/xmlrpc=new,rhev-m-4/xmlr
|pc-common=new,rhev-m-3/xmlr |pc-common=new,rhev-m-3/xmlr
|pc-common=new,rhscl-2/rh-ja |pc-common=new,rhscl-3/rh-ja
|va-common-xmlrpc=new,storag |va-common-xmlrpc=new,rhscon
|e-console-2/xmlrpc-common=n |-2/xmlrpc-common=new,rhes-3
|ew,storage-3/xmlrpc-common= |/xmlrpc-common=new,jbds-8/x
|new,jbds-8/xmlrpc=new,jbds- |mlrpc=new,jbds-10/xmlrpc=ne
|10/xmlrpc=new,fuse-6/camel- |w,fuse-6/camel-xmlrpc=new
|xmlrpc=new,openshift-enterp |
|rise-2/camel-xmlrpc=new,dts |
|-2/xmlrpc=new,dts-3/xmlrpc= |
|new |
--
You are receiving this mail because:
You are on the CC list for the bug.
6 years, 5 months
[Bug 1506612] CVE-2017-15095 jackson-databind: Unsafe deserialization due to incomplete black list ( incomplete fix for CVE-2017-7525)
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1506612
Doran Moppert <dmoppert(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Group|security, qe_staff |
CC| |abhgupta(a)redhat.com,
| |aileenc(a)redhat.com,
| |alazarot(a)redhat.com,
| |anstephe(a)redhat.com,
| |bmcclain(a)redhat.com,
| |cbillett(a)redhat.com,
| |dblechte(a)redhat.com,
| |drusso(a)redhat.com,
| |eedri(a)redhat.com,
| |etirelli(a)redhat.com,
| |felias(a)redhat.com,
| |gklein(a)redhat.com,
| |hchiorea(a)redhat.com,
| |hghasemb(a)redhat.com,
| |ibek(a)redhat.com,
| |java-sig-commits(a)lists.fedo
| |raproject.org,
| |jcoleman(a)redhat.com,
| |jmadigan(a)redhat.com,
| |jolee(a)redhat.com,
| |kpiwko(a)redhat.com,
| |kseifried(a)redhat.com,
| |kverlaen(a)redhat.com,
| |lef(a)fedoraproject.org,
| |lgriffin(a)redhat.com,
| |loleary(a)redhat.com,
| |lpetrovi(a)redhat.com,
| |lsurette(a)redhat.com,
| |mgoldboi(a)redhat.com,
| |miburman(a)redhat.com,
| |michal.skrivanek(a)redhat.com
| |, ngough(a)redhat.com,
| |nwallace(a)redhat.com,
| |paradhya(a)redhat.com,
| |pavelp(a)redhat.com,
| |pbraun(a)redhat.com,
| |pszubiak(a)redhat.com,
| |puntogil(a)libero.it,
| |pwright(a)redhat.com,
| |rbalakri(a)redhat.com,
| |Rhev-m-bugs(a)redhat.com,
| |rrajasek(a)redhat.com,
| |rsynek(a)redhat.com,
| |rzhang(a)redhat.com,
| |sdaley(a)redhat.com,
| |sherold(a)redhat.com,
| |spinder(a)redhat.com,
| |srevivo(a)redhat.com,
| |theute(a)redhat.com,
| |tiwillia(a)redhat.com,
| |tomckay(a)redhat.com,
| |vhalbert(a)redhat.com,
| |ykaul(a)redhat.com,
| |ylavi(a)redhat.com
Summary|EMBARGOED CVE-2017-15095 |CVE-2017-15095
|jackson-databind: Unsafe |jackson-databind: Unsafe
|deserialization due to |deserialization due to
|incomplete black list |incomplete black list
|(incomplete fix for |(incomplete fix for
|CVE-2017-7525) |CVE-2017-7525)
Whiteboard|impact=important,reported=2 |impact=important,public=201
|0171010,source=researcher,c |71102,reported=20171010,sou
|vss3=8.1/CVSS:3.0/AV:N/AC:H |rce=researcher,cvss3=8.1/CV
|/PR:N/UI:N/S:U/C:H/I:H/A:H, |SS:3.0/AV:N/AC:H/PR:N/UI:N/
|cwe=CWE-184,fedora-all/jack |S:U/C:H/I:H/A:H,cwe=CWE-184
|son-databind=affected,amq-6 |,fedora-all/jackson-databin
|/jackson-databind=notaffect |d=affected,amq-6/jackson-da
|ed,jdg-7/jackson-databind=n |tabind=notaffected,jdg-7/ja
|otaffected,jdv-6/jackson-da |ckson-databind=notaffected,
|tabind=notaffected,eap-7/ja |jdv-6/jackson-databind=nota
|ckson-databind=affected,bpm |ffected,eap-7/jackson-datab
|s-6/jackson-databind=notaff |ind=affected,bpms-6/jackson
|ected,brms-6/jackson-databi |-databind=notaffected,brms-
|nd=notaffected,fuse-6/jacks |6/jackson-databind=notaffec
|on-databind=notaffected,ope |ted,fuse-6/jackson-databind
|nshift-enterprise-2/jackson |=notaffected,openshift-ente
|-databind=notaffected,rhn_s |rprise-2/jackson-databind=n
|atellite_6/jackson-databind |otaffected,rhn_satellite_6/
|=affected,rhmap-4/jackson-d |jackson-databind=affected,r
|atabind=notaffected,sam-1/j |hmap-4/jackson-databind=not
|ackson-databind=wontfix,rhe |affected,sam-1/jackson-data
|v-m-3/jasperreports-server- |bind=wontfix,rhev-m-3/jaspe
|pro=wontfix/impact=moderate |rreports-server-pro=wontfix
|,rhev-m-4/eap7-jackson-data |/impact=moderate,rhev-m-4/e
|bind=wontfix/impact=moderat |ap7-jackson-databind=wontfi
|e,rhscl-3/rh-eclipse46-jack |x/impact=moderate,rhscl-3/r
|son-databind=affected,jon-3 |h-eclipse46-jackson-databin
|/Core |d=affected,jon-3/Core
|Server=notaffected,eap-6/ja |Server=notaffected,eap-6/ja
|ckson-databind=affected,dts |ckson-databind=affected,dts
|-4/devtoolset-4-jackson-dat |-4/devtoolset-4-jackson-dat
|abind=affected,rhscl-3/rh-m |abind=affected,rhscl-3/rh-m
|aven35-jackson-databind=aff |aven35-jackson-databind=aff
|ected |ected
--
You are receiving this mail because:
You are on the CC list for the bug.
6 years, 5 months
[Bug 1404645] New: CVE-2016-681 activemq: Cross-site scripting in web based administration console
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1404645
Bug ID: 1404645
Summary: CVE-2016-681 activemq: Cross-site scripting in web
based administration console
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: amaris(a)redhat.com
CC: abhgupta(a)redhat.com, agrimm(a)gmail.com,
aileenc(a)redhat.com, ccoleman(a)redhat.com,
chazlett(a)redhat.com, dedgar(a)redhat.com,
dmcphers(a)redhat.com, gvarsami(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jcoleman(a)redhat.com, jgoulding(a)redhat.com,
jialiu(a)redhat.com, joelsmith(a)redhat.com,
jokerman(a)redhat.com, kconner(a)redhat.com,
kseifried(a)redhat.com, ldimaggi(a)redhat.com,
lmeyer(a)redhat.com, mmccomas(a)redhat.com,
nwallace(a)redhat.com, pavelp(a)redhat.com,
puntogil(a)libero.it, rwagner(a)redhat.com,
soa-p-jira(a)post-office.corp.redhat.com, s(a)shk.io,
tcunning(a)redhat.com, tdawson(a)redhat.com,
tiwillia(a)redhat.com, tkirby(a)redhat.com
An instance of a cross-site scripting vulnerability was identified to be
present in the web based administration console. The root cause of this issue
is improper user data output validation.
Affected versions: ActiveMQ 5.0.0 - 5.14.1
External Reference:
http://activemq.apache.org/security-advisories.data/CVE-2016-6810-announc...
--
You are receiving this mail because:
You are on the CC list for the bug.
6 years, 5 months