February 2017 - java-sig-commits - Fedora Mailing-Lists

[Bug 1340396] CVE-2016-2175 pdfbox: XML External Entity vulnerability

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1340396 --- Comment #8 from errata-xmlrpc <errata-xmlrpc(a)redhat.com> --- This issue has been addressed in the following products: Via RHSA-2017:0249 https://rhn.redhat.com/errata/RHSA-2017-0249.html -- You are receiving this mail because: You are on the CC list for the bug.

7 years, 2 months

1
0
0 / 0

[Bug 1418751] New: elasticsearch fails to start

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1418751 Bug ID: 1418751 Summary: elasticsearch fails to start Product: Fedora Version: 25 Component: elasticsearch Assignee: zbyszek(a)in.waw.pl Reporter: goneri(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: bobjensen(a)gmail.com, java-sig-commits(a)lists.fedoraproject.org, jvanek(a)redhat.com, pahan(a)hubbitus.info, zbyszek(a)in.waw.pl Description of problem: Exception in thread "main" java.lang.NoClassDefFoundError: com/fasterxml/jackson/databind/JsonMappingException at com.fasterxml.jackson.dataformat.yaml.YAMLFactory._createParser(YAMLFactory.java:426) at com.fasterxml.jackson.dataformat.yaml.YAMLFactory.createParser(YAMLFactory.java:327) at org.elasticsearch.common.xcontent.yaml.YamlXContent.createParser(YamlXContent.java:90) at org.elasticsearch.common.settings.loader.XContentSettingsLoader.load(XContentSettingsLoader.java:45) at org.elasticsearch.common.settings.loader.YamlSettingsLoader.load(YamlSettingsLoader.java:46) at org.elasticsearch.common.settings.ImmutableSettings$Builder.loadFromStream(ImmutableSettings.java:982) at org.elasticsearch.common.settings.ImmutableSettings$Builder.loadFromUrl(ImmutableSettings.java:969) at org.elasticsearch.node.internal.InternalSettingsPreparer.prepareSettings(InternalSettingsPreparer.java:95) at org.elasticsearch.bootstrap.Bootstrap.initialSettings(Bootstrap.java:144) at org.elasticsearch.bootstrap.Bootstrap.main(Bootstrap.java:215) at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:32) Caused by: java.lang.ClassNotFoundException: com.fasterxml.jackson.databind.JsonMappingException at java.net.URLClassLoader.findClass(URLClassLoader.java:381) at java.lang.ClassLoader.loadClass(ClassLoader.java:424) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:331) at java.lang.ClassLoader.loadClass(ClassLoader.java:357) ... 11 more Version-Release number of selected component (if applicable): elasticsearch-1.7.1-3.fc24.noarch How reproducible: Install and Start elasticsearch manually or as a service. -- You are receiving this mail because: You are on the CC list for the bug.

7 years, 2 months

1
1
0 / 0

[Bug 1418696] CVE-2017-2598 jenkins: Use of AES ECB block cipher mode without IV for encrypting secrets ( SECURITY-304)

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1418696 --- Comment #1 from Andrej Nemec <anemec(a)redhat.com> --- Created jenkins tracking bugs for this issue: Affects: fedora-all [bug 1418736] -- You are receiving this mail because: You are on the CC list for the bug.

7 years, 2 months

1
0
0 / 0

[Bug 1418696] CVE-2017-2598 jenkins: Use of AES ECB block cipher mode without IV for encrypting secrets ( SECURITY-304)

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1418696 Andrej Nemec <anemec(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1418735 Depends On| |1418736 Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1418736 [Bug 1418736] CVE-2017-2598 CVE-2017-2599 CVE-2017-2600 CVE-2017-2601 CVE-2017-2602 CVE-2017-2604 CVE-2017-2605 CVE-2017-2606 CVE-2017-2607 CVE-2017-2608 CVE-2017-2609 CVE-2017-2610 CVE-2017-2611 CVE-2017-2612 CVE-2017-2613 jenkins: various flaws [fedora-all] -- You are receiving this mail because: You are on the CC list for the bug.

7 years, 2 months

1
0
0 / 0

[Bug 1418713] New: CVE-2017-2603 jenkins: User data leak in disconnected agents' config.xml API (SECURITY-362)

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1418713 Bug ID: 1418713 Summary: CVE-2017-2603 jenkins: User data leak in disconnected agents' config.xml API (SECURITY-362) Product: Security Response Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team(a)redhat.com Reporter: anemec(a)redhat.com CC: abhgupta(a)redhat.com, bleanhar(a)redhat.com, ccoleman(a)redhat.com, dedgar(a)redhat.com, dmcphers(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, jgoulding(a)redhat.com, jkeck(a)redhat.com, joelsmith(a)redhat.com, kseifried(a)redhat.com, mizdebsk(a)redhat.com, msrb(a)redhat.com, tdawson(a)redhat.com, tiwillia(a)redhat.com The following flaw was found in Jenkins: Agents that were disconnected by users contained the disconnecting user's User object in serialized form in the config.xml remote API output. This could leak sensitive data such as API tokens. External References: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+20... Upstream patch: https://github.com/jenkinsci/jenkins/commit/3cd946cbef82c6da5ccccf3890d0a... -- You are receiving this mail because: You are on the CC list for the bug.

7 years, 2 months

1
1
0 / 0

[Bug 1418696] CVE-2017-2598 jenkins: Use of AES ECB block cipher mode without IV for encrypting secrets ( SECURITY-304)

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1418696 Andrej Nemec <anemec(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Fixed In Version| |jenkins 2.44, jenkins | |2.32.2 -- You are receiving this mail because: You are on the CC list for the bug.

7 years, 2 months

1
0
0 / 0

[Bug 1417199] New: xmlrpc_client.pc is missing Requires: xmlrpc xmlrpc_util

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1417199 Bug ID: 1417199 Summary: xmlrpc_client.pc is missing Requires: xmlrpc xmlrpc_util Product: Fedora Version: rawhide Component: xmlrpc-c Severity: high Assignee: mizdebsk(a)redhat.com Reporter: dkupka(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, msimacek(a)redhat.com Created attachment 1245156 --> https://bugzilla.redhat.com/attachment.cgi?id=1245156&action=edit patch fixing the issue Description of problem: When building binary that depends on xmlrpc_client library pkg-config --libs returns only "-lxmlrpc_client" but then the linking phase fails because xmlrpc_client depends on xmlrpc and xmlrpc_util. I believe that this is the result of changing libxmlrpc_client.so from GNU ld script to symlink. Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: Try to build application that is linking xmlrpc_client. Actual results: Linking fails because of missing libratries. Expected results: Linking succeeds. Additional info: I'm attaching a patch that fixes it for me. -- You are receiving this mail because: You are on the CC list for the bug.

7 years, 2 months

2
3
0 / 0

[Bug 1299437] New: xmlrpc-c-1.39.07 is available

by Red Hat Bugzilla

https://bugzilla.redhat.com/show_bug.cgi?id=1299437 Bug ID: 1299437 Summary: xmlrpc-c-1.39.07 is available Product: Fedora Version: rawhide Component: xmlrpc-c Keywords: FutureFeature, Triaged Assignee: mizdebsk(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, msimacek(a)redhat.com, msrb(a)redhat.com Latest upstream release: 1.39.07 Current version/release in rawhide: 1.32.5-1908.svn2451.fc23 URL: http://xmlrpc-c.sourceforge.net/ Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. -- You are receiving this mail because: You are on the CC list for the bug.

7 years, 2 months

2
7
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

java-sig-commits February 2017