January 2018 - java-sig-commits - Fedora Mailing-Lists

[Bug 1532123] CVE-2017-17837 deltaspike: Apache DeltaSpike: XSS injection vulnerability in windowId handling [fedora-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1532123 Sam Fowler <sfowler(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1532122 (CVE-2017-17837) Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1532122 [Bug 1532122] CVE-2017-17837 Apache DeltaSpike: XSS injection vulnerability in windowId handling -- You are receiving this mail because: You are on the CC list for the bug.

6 years, 4 months

1
0
0 / 0

[Bug 1532123] CVE-2017-17837 deltaspike: Apache DeltaSpike: XSS injection vulnerability in windowId handling [fedora-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1532123 --- Comment #1 from Sam Fowler <sfowler(a)redhat.com> --- Use the following template to for the 'fedpkg update' request to submit an update for this issue as it contains the top-level parent bug(s) as well as this tracking bug. This will ensure that all associated bugs get updated when new packages are pushed to stable. ===== # bugfix, security, enhancement, newpackage (required) type=security # testing, stable request=testing # Bug numbers: 1234,9876 bugs=1532122,1532123 # Description of your update notes=Security fix for [PUT CVEs HERE] # Enable request automation based on the stable/unstable karma thresholds autokarma=True stable_karma=3 unstable_karma=-3 # Automatically close bugs when this marked as stable close_bugs=True # Suggest that users restart after update suggest_reboot=False ====== Additionally, you may opt to use the bodhi web interface to submit updates: https://bodhi.fedoraproject.org/updates/new -- You are receiving this mail because: You are on the CC list for the bug.

6 years, 4 months

1
0
0 / 0

[Bug 1528565] CVE-2017-17485 jackson-databind: Unsafe deserialization due to incomplete black list ( incomplete fix for CVE-2017-15095)

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1528565 --- Comment #11 from Jason Shepherd <jshepherd(a)redhat.com> --- Acknowledgements: Name: 0c0c0f from 360观星实验室 -- You are receiving this mail because: You are on the CC list for the bug.

6 years, 4 months

1
0
0 / 0

[Bug 1529404] New: jna-4.5.1 is available

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1529404 Bug ID: 1529404 Summary: jna-4.5.1 is available Product: Fedora Version: rawhide Component: jna Keywords: FutureFeature, Triaged Assignee: mizdebsk(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: dbhole(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, msimacek(a)redhat.com Latest upstream release: 4.5.1 Current version/release in rawhide: 4.5.0-1.fc28 URL: https://github.com/java-native-access/jna/ Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/1464/ -- You are receiving this mail because: You are on the CC list for the bug.

6 years, 4 months

1
1
0 / 0

[Bug 1527488] New: maven-plugin-bundle-3.4.0 is available

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1527488 Bug ID: 1527488 Summary: maven-plugin-bundle-3.4.0 is available Product: Fedora Version: rawhide Component: maven-plugin-bundle Keywords: FutureFeature, Triaged Assignee: msimacek(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: akurtako(a)redhat.com, jaromir.capik(a)email.cz, java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, msimacek(a)redhat.com Latest upstream release: 3.4.0 Current version/release in rawhide: 3.3.0-2.fc27 URL: http://repo2.maven.org/maven2/org/apache/felix/maven-bundle-plugin/ Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/1922/ -- You are receiving this mail because: You are on the CC list for the bug.

6 years, 4 months

1
1
0 / 0

[Bug 1529820] New: xz-java-1.7 is available

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1529820 Bug ID: 1529820 Summary: xz-java-1.7 is available Product: Fedora Version: rawhide Component: xz-java Keywords: FutureFeature, Triaged Assignee: mizdebsk(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, krzysztof.daniel(a)gmail.com, mizdebsk(a)redhat.com, msimacek(a)redhat.com Latest upstream release: 1.7 Current version/release in rawhide: 1.6-5.fc28 URL: http://tukaani.org/xz/java.html Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/5278/ -- You are receiving this mail because: You are on the CC list for the bug.

6 years, 4 months

1
3
0 / 0

[Bug 1516043] New: Fedora 27 upgrade fails 100%: xmvn-launcher and aether-ant-tasks dependency problems

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1516043 Bug ID: 1516043 Summary: Fedora 27 upgrade fails 100%: xmvn-launcher and aether-ant-tasks dependency problems Product: Fedora Version: 27 Component: xmvn Severity: high Assignee: mizdebsk(a)redhat.com Reporter: gasserles(a)gmail.com QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, mat.booth(a)redhat.com, mizdebsk(a)redhat.com, msimacek(a)redhat.com, msrb(a)redhat.com Description of problem: Can't upgrade to Fedora 27: xmvn-launcher can't be found/installed. I'm trying to upgrade from a working Fedora 26 to Fedora 27 following instructions on this page: https://fedoraproject.org/wiki/DNF_system_upgrade Version-Release number of selected component (if applicable): xmvn-launcher-2.5.0-21.fc26.noarch (?) aether-ant-tasks-1:1.0.1-6.fc26.noarch (?) How reproducible: Use "sudo dnf system-upgrade download --refresh --releasever=27" - fails every time. see below. Steps to Reproduce: sudo dnf system-upgrade download --refresh --releasever=27 Actual results: [this-user: ~]$ sudo dnf upgrade --refresh (also tried "dnf --refresh upgrade" per below; same result) [sudo] password for this-user: Last metadata expiration check: 0:00:00 ago on Tue Nov 21 15:22:19 2017. Dependencies resolved. Nothing to do. Complete! [this-user: ~]$ sudo dnf system-upgrade download --refresh --releasever=27 Before you continue ensure that your system is fully upgraded by running "dnf --refresh upgrade". Do you want to continue [y/N]: y Last metadata expiration check: 0:00:00 ago on Tue Nov 21 15:22:59 2017. Error: Problem: package aether-ant-tasks-1:1.0.1-6.fc26.noarch requires xmvn-launcher, but none of the providers can be installed - xmvn-launcher-2.5.0-21.fc26.noarch does not belong to a distupgrade repository - problem with installed package aether-ant-tasks-1:1.0.1-6.fc26.noarch [this-user: ~]$ -- You are receiving this mail because: You are on the CC list for the bug.

6 years, 4 months

1
9
0 / 0

[Bug 1492259] New: maven-surefire-2.20.1 is available

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1492259 Bug ID: 1492259 Summary: maven-surefire-2.20.1 is available Product: Fedora Version: rawhide Component: maven-surefire Keywords: FutureFeature, Triaged Assignee: mizdebsk(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: akurtako(a)redhat.com, jaromir.capik(a)email.cz, java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, msimacek(a)redhat.com Latest upstream release: 2.20.1 Current version/release in rawhide: 2.20-1.fc28 URL: http://repo2.maven.org/maven2/org/apache/maven/surefire/surefire/ Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/1944/ -- You are receiving this mail because: You are on the CC list for the bug.

6 years, 4 months

1
4
0 / 0

[Bug 1528565] CVE-2017-17485 jackson-databind: Unsafe deserialization due to incomplete black list ( incomplete fix for CVE-2017-15095)

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1528565 --- Comment #10 from Jason Shepherd <jshepherd(a)redhat.com> --- Acknowledgements: Name: 0c0c0f@360应急响应与攻防对抗实验室 -- You are receiving this mail because: You are on the CC list for the bug.

6 years, 4 months

1
0
0 / 0

[Bug 1530804] New: CVE-2014-9515 dozer: Potential remote code execution ( RCE) via dozer's reflection-based type conversion

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1530804 Bug ID: 1530804 Summary: CVE-2014-9515 dozer: Potential remote code execution (RCE) via dozer's reflection-based type conversion Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: lpardo(a)redhat.com CC: java-sig-commits(a)lists.fedoraproject.org, puntogil(a)libero.it A flaw was found in dozer's reflection-based approach to type conversion which may allow an attacker to execute code remotely under special circumstances. [UPSTREAM BUG] https://github.com/DozerMapper/dozer/issues/217 -- You are receiving this mail because: You are on the CC list for the bug.

6 years, 4 months

1
3
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

java-sig-commits January 2018