January 2018 - java-sig-commits - Fedora Mailing-Lists

[Bug 1501529] CVE-2017-12629 Solr: Code execution via entity expansion

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1501529 --- Comment #40 from errata-xmlrpc <errata-xmlrpc(a)redhat.com> --- This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Via RHSA-2018:0005 https://access.redhat.com/errata/RHSA-2018:0005 -- You are receiving this mail because: You are on the CC list for the bug.

6 years, 4 months

1
0
0 / 0

[Bug 1501529] CVE-2017-12629 Solr: Code execution via entity expansion

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1501529 --- Comment #39 from errata-xmlrpc <errata-xmlrpc(a)redhat.com> --- This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 7 Via RHSA-2018:0004 https://access.redhat.com/errata/RHSA-2018:0004 -- You are receiving this mail because: You are on the CC list for the bug.

6 years, 4 months

1
0
0 / 0

[Bug 1501529] CVE-2017-12629 Solr: Code execution via entity expansion

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1501529 --- Comment #38 from errata-xmlrpc <errata-xmlrpc(a)redhat.com> --- This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.0 for RHEL 6 Via RHSA-2018:0002 https://access.redhat.com/errata/RHSA-2018:0002 -- You are receiving this mail because: You are on the CC list for the bug.

6 years, 4 months

1
0
0 / 0

[Bug 1501529] CVE-2017-12629 Solr: Code execution via entity expansion

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1501529 --- Comment #37 from errata-xmlrpc <errata-xmlrpc(a)redhat.com> --- This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform Via RHSA-2018:0003 https://access.redhat.com/errata/RHSA-2018:0003 -- You are receiving this mail because: You are on the CC list for the bug.

6 years, 4 months

1
0
0 / 0

[Bug 1528565] CVE-2017-17485 jackson-databind: Unsafe deserialization due to incomplete black list ( incomplete fix for CVE-2017-15095)

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1528565 Doran Moppert <dmoppert(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1530471, 1530473, 1530474, | |1530472 -- You are receiving this mail because: You are on the CC list for the bug.

6 years, 4 months

1
0
0 / 0

[Bug 1528565] CVE-2017-17485 jackson-databind: Unsafe deserialization due to incomplete black list ( incomplete fix for CVE-2017-15095)

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1528565 Doran Moppert <dmoppert(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1530463, 1530464 --- Comment #7 from Doran Moppert <dmoppert(a)redhat.com> --- Created jackson-databind tracking bugs for this issue: Affects: fedora-all [bug 1530463] Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1530463 [Bug 1530463] CVE-2017-17485 jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095) [fedora-all] -- You are receiving this mail because: You are on the CC list for the bug.

6 years, 4 months

1
0
0 / 0

[Bug 1528565] CVE-2017-17485 jackson-databind: Unsafe deserialization due to incomplete black list ( incomplete fix for CVE-2017-15095)

by bugzilla＠redhat.com

6 years, 4 months

1
0
0 / 0

[Bug 1528565] CVE-2017-17485 jackson-databind: Unsafe deserialization due to incomplete black list ( incomplete fix for CVE-2017-15095)

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1528565 --- Comment #6 from Jason Shepherd <jshepherd(a)redhat.com> --- Acknowledgements: Name: Changfeng Chi (0c0c0f@360应急响应与攻防对抗实验室) -- You are receiving this mail because: You are on the CC list for the bug.

6 years, 4 months

1
0
0 / 0

[Bug 1528565] CVE-2017-17485 jackson-databind: Unsafe deserialization due to incomplete black list ( incomplete fix for CVE-2017-15095)

by bugzilla＠redhat.com

6 years, 4 months

1
0
0 / 0

[Bug 1465573] CVE-2017-7536 hibernate-validator: Privilege escalation when running under the security manager

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1465573 --- Comment #25 from Salvatore Bonaccorso <carnil(a)debian.org> --- Hi Bharti! (In reply to Bharti Kundal from comment #24) > (In reply to Salvatore Bonaccorso from comment #21) > > Hi > > > > Would it be possible to indicate where the issue was fixed? In Debian we > > ship libhibernate-validator-java and we would like to clarify if/how we are > > affected by the issue. Is there any furher reference? > > > > Thank you already! > > > > Regards, > > Salvatore > > Hi Salvatore, > > The issue affected all the HV 5.x branches (so 5.2, 5.3, 5.4 are all > affected). 6 is not. > > It's fixed in the upstream 5.2 branch .The branch is here: > https://github.com/hibernate/hibernate-validator/tree/5.2 > > Does this help? Yes, thanks, that helps! Regards, Salvatore -- You are receiving this mail because: You are on the CC list for the bug.

6 years, 4 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

java-sig-commits January 2018