[Bug 1454809] New: CVE-2017-5637 zookeeper: Incorrect input validation with wchp/wchc four letter words [fedora-all]
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1454809
Bug ID: 1454809
Summary: CVE-2017-5637 zookeeper: Incorrect input validation
with wchp/wchc four letter words [fedora-all]
Product: Fedora
Version: 25
Component: zookeeper
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: tstclair(a)heptio.com
Reporter: anemec(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: ctubbsii(a)fedoraproject.org, ethan(a)ethantuttle.com,
java-sig-commits(a)lists.fedoraproject.org,
mluscon(a)gmail.com, s(a)shk.io, tstclair(a)heptio.com
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 5 months
[Bug 1434342] New: CVE-2017-2648 jenkins-ssh-slaves-plugin: Host keys were not verified [fedora-all]
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1434342
Bug ID: 1434342
Summary: CVE-2017-2648 jenkins-ssh-slaves-plugin: Host keys
were not verified [fedora-all]
Product: Fedora
Version: 25
Component: jenkins-ssh-slaves-plugin
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: msrb(a)redhat.com
Reporter: amaris(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, msimacek(a)redhat.com,
msrb(a)redhat.com
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 5 months
[Bug 1508131] New: CVE-2016-5004 xmlrpc: XSS in Content-Encoding HTTP header of xmlrpc [fedora-all]
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1508131
Bug ID: 1508131
Summary: CVE-2016-5004 xmlrpc: XSS in Content-Encoding HTTP
header of xmlrpc [fedora-all]
Product: Fedora
Version: 26
Component: xmlrpc
Keywords: Security, SecurityTracking
Severity: low
Priority: low
Assignee: mizdebsk(a)redhat.com
Reporter: psampaio(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: dbhole(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
krzysztof.daniel(a)gmail.com, mizdebsk(a)redhat.com,
msimacek(a)redhat.com, puntogil(a)libero.it,
sochotni(a)redhat.com
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 5 months
[Bug 1434343] New: CVE-2017-2651 jenkins-mailer-plugin: Emails were sent to addresses not associated with actual users of Jenkins by Mailer Plugin [fedora-all]
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1434343
Bug ID: 1434343
Summary: CVE-2017-2651 jenkins-mailer-plugin: Emails were sent
to addresses not associated with actual users of
Jenkins by Mailer Plugin [fedora-all]
Product: Fedora
Version: 25
Component: jenkins-mailer-plugin
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: msrb(a)redhat.com
Reporter: amaris(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, msimacek(a)redhat.com,
msrb(a)redhat.com
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 5 months
[Bug 1517477] New: Jenkins dependency is missing on Fedora 27
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1517477
Bug ID: 1517477
Summary: Jenkins dependency is missing on Fedora 27
Product: Fedora
Version: 27
Component: jenkins
Assignee: msrb(a)redhat.com
Reporter: psppsn96(a)gmail.com
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, msrb(a)redhat.com
Created attachment 1359038
--> https://bugzilla.redhat.com/attachment.cgi?id=1359038&action=edit
jenkins.log
Description of problem:
Upon an upgrade from Fedora 25 to 27 (using dnf-plugin-system-upgrade), Jenkins
no longer returns anything on its web interface.
Version-Release number of selected component (if applicable):
jenkins-1.651.3-6.fc27.noarch
Additional info:
Lines of the log that grab my attention
INFO: NO JSP Support for , did not find org.apache.jasper.servlet.JspServlet
and
Caused by: java.lang.NoSuchMethodError: org.dom4j.io.HTMLWriter.setEnabled(Z)V
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 5 months
[Bug 1509193] New: CVE-2017-12625 hive: Information disclosure vulnerability for column masking [fedora-all]
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1509193
Bug ID: 1509193
Summary: CVE-2017-12625 hive: Information disclosure
vulnerability for column masking [fedora-all]
Product: Fedora
Version: 26
Component: hive
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: pmackinn(a)redhat.com
Reporter: anemec(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
me(a)coolsvap.net, moceap(a)hotmail.com,
pmackinn(a)redhat.com
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 5 months
[Bug 1493503] New: CVE-2017-8045 springframework-amqp: Message.toString() deserializes java without a whitelist [fedora-all]
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1493503
Bug ID: 1493503
Summary: CVE-2017-8045 springframework-amqp: Message.toString()
deserializes java without a whitelist [fedora-all]
Product: Fedora
Version: 26
Component: springframework-amqp
Keywords: Security, SecurityTracking
Severity: high
Priority: high
Assignee: puntogil(a)libero.it
Reporter: anemec(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
puntogil(a)libero.it
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 5 months
[Bug 1510970] New: CVE-2017-8028 spring-ldap: Authentication with userSearch and STARTTLS allows authentication with arbitrary password [fedora-all]
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1510970
Bug ID: 1510970
Summary: CVE-2017-8028 spring-ldap: Authentication with
userSearch and STARTTLS allows authentication with
arbitrary password [fedora-all]
Product: Fedora
Version: 26
Component: spring-ldap
Keywords: Security, SecurityTracking
Severity: high
Priority: high
Assignee: puntogil(a)libero.it
Reporter: anemec(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
puntogil(a)libero.it
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 5 months