[Bug 1524946] New: jenkins-script-security-plugin: jenkins-plugin-script-security: Arbitrary file read vulnerability in Script Security Plugin (SECURITY-663 ) [fedora-all]
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1524946
Bug ID: 1524946
Summary: jenkins-script-security-plugin:
jenkins-plugin-script-security: Arbitrary file read
vulnerability in Script Security Plugin (SECURITY-663)
[fedora-all]
Product: Fedora
Version: 27
Component: jenkins-script-security-plugin
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: msrb(a)redhat.com
Reporter: amaris(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, msrb(a)redhat.com
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 4 months
[Bug 1540032] New: CVE-2017-8030 springframework-security: spring-framework: Improper URL path validation allows for bypassing of security checks on static resources [fedora-all]
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1540032
Bug ID: 1540032
Summary: CVE-2017-8030 springframework-security:
spring-framework: Improper URL path validation allows
for bypassing of security checks on static resources
[fedora-all]
Product: Fedora
Version: 27
Component: springframework-security
Keywords: Security, SecurityTracking
Severity: high
Priority: high
Assignee: puntogil(a)libero.it
Reporter: sfowler(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
puntogil(a)libero.it
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 4 months
[Bug 1477541] New: CVE-2017-9801 apache-commons-email: SMTP header injection vulnerabilty [fedora-all]
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1477541
Bug ID: 1477541
Summary: CVE-2017-9801 apache-commons-email: SMTP header
injection vulnerabilty [fedora-all]
Product: Fedora
Version: 26
Component: apache-commons-email
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: SpikeFedora(a)gmail.com
Reporter: amaris(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
SpikeFedora(a)gmail.com
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 4 months
[Bug 1471279] New: CVE-2016-6348 RESTEasy: Use of JacksonJsonpInterceptor in RESTEasy can lead to Cross Site Script Inclusion attack [fedora-all]
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1471279
Bug ID: 1471279
Summary: CVE-2016-6348 RESTEasy: Use of JacksonJsonpInterceptor
in RESTEasy can lead to Cross Site Script Inclusion
attack [fedora-all]
Product: Fedora
Version: 26
Component: resteasy
Keywords: Security, SecurityTracking
Severity: low
Priority: low
Assignee: alee(a)redhat.com
Reporter: kseifried(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: alee(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
mgoldman(a)redhat.com, puntogil(a)libero.it,
weli(a)redhat.com
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 4 months
[Bug 1471277] New: CVE-2016-6347 RESTEasy: Use of the default exception handler in RESTEasy can lead to reflected XSS attack [fedora-all]
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1471277
Bug ID: 1471277
Summary: CVE-2016-6347 RESTEasy: Use of the default exception
handler in RESTEasy can lead to reflected XSS attack
[fedora-all]
Product: Fedora
Version: 26
Component: resteasy
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: alee(a)redhat.com
Reporter: kseifried(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: alee(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
mgoldman(a)redhat.com, puntogil(a)libero.it,
weli(a)redhat.com
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 4 months
[Bug 1451406] New: CVE-2017-5654 CVE-2017-5655 ambari: Multiple security vulnerabilities fixed in ambari 2.5.1 [fedora-all]
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1451406
Bug ID: 1451406
Summary: CVE-2017-5654 CVE-2017-5655 ambari: Multiple security
vulnerabilities fixed in ambari 2.5.1 [fedora-all]
Product: Fedora
Version: 25
Component: ambari
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: pmackinn(a)redhat.com
Reporter: anemec(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
me(a)coolsvap.net, moceap(a)hotmail.com,
pmackinn(a)redhat.com
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 4 months
[Bug 1480769] New: CVE-2016-6345 RESTEasy: Insufficient use of random values in RESTEasy async jobs could lead to loss of data confidentiality [fedora-all]
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1480769
Bug ID: 1480769
Summary: CVE-2016-6345 RESTEasy: Insufficient use of random
values in RESTEasy async jobs could lead to loss of
data confidentiality [fedora-all]
Product: Fedora
Version: 26
Component: resteasy
Keywords: Security, SecurityTracking
Severity: low
Priority: low
Assignee: alee(a)redhat.com
Reporter: kseifried(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: alee(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
mgoldman(a)redhat.com, puntogil(a)libero.it,
weli(a)redhat.com
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 4 months
[Bug 1457104] New: CVE-2016-3083 hive: Common name attribute of the certificate is not verified [fedora-all]
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1457104
Bug ID: 1457104
Summary: CVE-2016-3083 hive: Common name attribute of the
certificate is not verified [fedora-all]
Product: Fedora
Version: 25
Component: hive
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: pmackinn(a)redhat.com
Reporter: amaris(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
me(a)coolsvap.net, moceap(a)hotmail.com,
pmackinn(a)redhat.com
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 4 months
[Bug 1418736] New: CVE-2017-2598 CVE-2017-2599 CVE-2017-2600 CVE-2017-2601 CVE-2017-2602 CVE-2017-2604 CVE-2017-2605 CVE-2017-2606 CVE-2017-2607 CVE-2017-2608 CVE-2017-2609 CVE-2017-2610 CVE-2017-2611 CVE-2017-2612 CVE-2017-2613 jenkins : various flaws [fedora-all]
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1418736
Bug ID: 1418736
Summary: CVE-2017-2598 CVE-2017-2599 CVE-2017-2600
CVE-2017-2601 CVE-2017-2602 CVE-2017-2604
CVE-2017-2605 CVE-2017-2606 CVE-2017-2607
CVE-2017-2608 CVE-2017-2609 CVE-2017-2610
CVE-2017-2611 CVE-2017-2612 CVE-2017-2613 jenkins:
various flaws [fedora-all]
Product: Fedora
Version: 25
Component: jenkins
Keywords: Security, SecurityTracking
Severity: high
Priority: high
Assignee: msrb(a)redhat.com
Reporter: anemec(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, msrb(a)redhat.com
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 4 months
[Bug 1372118] New: CVE-2016-6345 RESTEasy: Insufficient use of random values in RESTEasy async jobs could lead to loss of data confidentiality [fedora-all]
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1372118
Bug ID: 1372118
Summary: CVE-2016-6345 RESTEasy: Insufficient use of random
values in RESTEasy async jobs could lead to loss of
data confidentiality [fedora-all]
Product: Fedora
Version: 24
Component: resteasy
Keywords: Security, SecurityTracking
Severity: low
Priority: low
Assignee: alee(a)redhat.com
Reporter: jshepherd(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: alee(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
mgoldman(a)redhat.com, puntogil(a)libero.it,
weli(a)redhat.com
Blocks: 1372117 (CVE-2016-6345)
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1372117
[Bug 1372117] CVE-2016-6345 RESTEasy: Insufficient use of random values in
RESTEasy async jobs could lead to loss of data confidentiality
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 4 months