December 2018 - java-sig-commits - Fedora Mailing-Lists

[Bug 1549276] CVE-2018-7489 jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1549276 Cedric Buissart <cbuissar(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(cbuissar(a)redhat.c | |om) | -- You are receiving this mail because: You are on the CC list for the bug.

5 years, 5 months

1
0
0 / 0

[Bug 1632452] CVE-2018-3831 elasticsearch: Information exposure via _cluster/settings API

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1632452 --- Comment #5 from Cedric Buissart <cbuissar(a)redhat.com> --- Statement: Subscription Asset Manager is now in a reduced support phase receiving only Critical impact security fixes. This issue has been rated as having a security impact Moderate, and is not currently planned to be addressed in future updates. -- You are receiving this mail because: You are on the CC list for the bug.

5 years, 5 months

1
0
0 / 0

[Bug 1632452] CVE-2018-3831 elasticsearch: Information exposure via _cluster/settings API

by bugzilla＠redhat.com

5 years, 5 months

1
0
0 / 0

[Bug 1651837] CVE-2018-17187 qpid-proton-java: Hostname verification mode not implemented in transport TLS wrapper

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1651837 --- Comment #2 from Doran Moppert <dmoppert(a)redhat.com> --- Statement: This flaw is present in qpid-proton-java packages in Red Hat Enterprise MRG Messaging, however the vulnerable TLS transport functionality is not used by any components of MRG Messaging so the vulnerability is not exposed. For MRG Messaging, this vulnerability has been given an impact rating of Low, and is not planned to be fixed at this time. -- You are receiving this mail because: You are on the CC list for the bug.

5 years, 5 months

1
0
0 / 0

[Bug 1651837] CVE-2018-17187 qpid-proton-java: Hostname verification mode not implemented in transport TLS wrapper

by bugzilla＠redhat.com

5 years, 5 months

1
0
0 / 0

[Bug 1448498] apache-sshd-2.0.0 is available

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1448498 Randy Barlow <rbarlow(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA Last Closed| |2018-12-10 23:19:57 --- Comment #6 from Randy Barlow <rbarlow(a)redhat.com> --- An update associated with this bug has been pushed to stable. -- You are receiving this mail because: You are on the CC list for the bug.

5 years, 5 months

1
0
0 / 0

[Bug 1647059] jenkins-plugin-script-security: Sandbox Bypass in finalize methods

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1647059 Nicholas Luedtke <nsl(a)fireeye.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |nsl(a)fireeye.com --- Comment #7 from Nicholas Luedtke <nsl(a)fireeye.com> --- This got split into two CVE's CVE-2018-1000865 and CVE-2018-1000866. -- You are receiving this mail because: You are on the CC list for the bug.

5 years, 5 months

1
0
0 / 0

[Bug 1657836] New: gradle: FTBFS in Fedora rawhide

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1657836 Bug ID: 1657836 Summary: gradle: FTBFS in Fedora rawhide Product: Fedora Version: rawhide URL: http://apps.fedoraproject.org/koschei/package/gradle Status: NEW Component: gradle Assignee: mizdebsk(a)redhat.com Reporter: mizdebsk(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: dan(a)danieljamesscott.org, java-sig-commits(a)lists.fedoraproject.org, lkundrak(a)v3.sk, mizdebsk(a)redhat.com Target Milestone: --- Classification: Fedora Description of problem: Package gradle fails to build from source in Fedora rawhide. Version-Release number of selected component (if applicable): 4.4.1-1.fc30 Steps to Reproduce: koji build --scratch f30 gradle-4.4.1-1.fc30.src.rpm Additional info: This package is tracked by Koschei. See: http://apps.fedoraproject.org/koschei/package/gradle -- You are receiving this mail because: You are on the CC list for the bug.

5 years, 5 months

1
0
0 / 0

[Bug 1656949] CVE-2018-1000864 jenkins: potential denial of service through cron expression form validation (SECURITY-1193) [fedora-all]

by bugzilla＠redhat.com

5 years, 5 months

1
0
0 / 0

[Bug 1656948] CVE-2018-1000864 jenkins: potential denial of service through cron expression form validation (SECURITY-1193)

by bugzilla＠redhat.com

5 years, 5 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

java-sig-commits December 2018