March 2018 - java-sig-commits - Fedora Mailing-Lists

[Bug 1542763] New: ant-1.10.2 is available

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1542763 Bug ID: 1542763 Summary: ant-1.10.2 is available Product: Fedora Version: rawhide Component: ant Keywords: FutureFeature, Triaged Assignee: msimacek(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: akurtako(a)redhat.com, jaromir.capik(a)email.cz, java-sig-commits(a)lists.fedoraproject.org, krzysztof.daniel(a)gmail.com, mizdebsk(a)redhat.com, msimacek(a)redhat.com, msrb(a)redhat.com Latest upstream release: 1.10.2 Current version/release in rawhide: 1.10.1-8.fc28 URL: http://ant.apache.org/ Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/50/ -- You are receiving this mail because: You are on the CC list for the bug.

6 years, 1 month

1
4
0 / 0

[Bug 1549276] CVE-2018-7489 jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1549276 Doran Moppert <dmoppert(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1551887, 1551888, 1551886 -- You are receiving this mail because: You are on the CC list for the bug.

6 years, 1 month

1
0
0 / 0

[Bug 1549276] CVE-2018-7489 jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries

by bugzilla＠redhat.com

6 years, 1 month

1
0
0 / 0

[Bug 1549276] CVE-2018-7489 jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1549276 --- Comment #4 from Doran Moppert <dmoppert(a)redhat.com> --- Mitigation: Advice on how to remain safe while using JAX-RS webservices on JBoss EAP 7.x is available here: https://access.redhat.com/solutions/3279231 https://github.com/FasterXML/jackson-docs/wiki/JacksonPolymorphicDeserial... -- You are receiving this mail because: You are on the CC list for the bug.

6 years, 1 month

1
0
0 / 0

[Bug 1549276] CVE-2018-7489 jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries

by bugzilla＠redhat.com

6 years, 1 month

1
0
0 / 0

[Bug 1549276] CVE-2018-7489 jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries

by bugzilla＠redhat.com

6 years, 1 month

1
0
0 / 0

[Bug 1548909] slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1548909 Doran Moppert <dmoppert(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1551850, 1551851, 1551848, | |1551849 -- You are receiving this mail because: You are on the CC list for the bug.

6 years, 1 month

1
0
0 / 0

[Bug 1538332] CVE-2018-5968 jackson-databind: unsafe deserialization due to incomplete blacklist ( incomplete fix for CVE-2017-7525 and CVE-2017-17485)

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1538332 Doran Moppert <dmoppert(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dmoppert(a)redhat.com Depends On| |1551370, 1551371, 1551372 -- You are receiving this mail because: You are on the CC list for the bug.

6 years, 1 month

1
0
0 / 0

[Bug 1548909] slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1548909 Doran Moppert <dmoppert(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1551844, 1551843, 1551846, | |1551845 -- You are receiving this mail because: You are on the CC list for the bug.

6 years, 1 month

1
0
0 / 0

[Bug 1548909] slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1548909 Doran Moppert <dmoppert(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1551840 -- You are receiving this mail because: You are on the CC list for the bug.

6 years, 1 month

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

java-sig-commits March 2018