2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

December

java-sig-commits March 2018

java-sig-commits@lists.fedoraproject.org

1 participants
417 discussions

Start a nNew thread

[Bug 1548909] slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1548909 Doran Moppert <dmoppert(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=important,public=201 |impact=important,public=201 |80222,reported=20180226,sou |80222,reported=20180226,sou |rce=researcher,cvss3=8.1/CV |rce=researcher,cvss3=8.1/CV |SS:3.0/AV:N/AC:H/PR:N/UI:N/ |SS:3.0/AV:N/AC:H/PR:N/UI:N/ |S:U/C:H/I:H/A:H,cwe=CWE-502 |S:U/C:H/I:H/A:H,cwe=CWE-502 |,fedora-all/slf4j=affected, |,fedora-all/slf4j=affected, |fedora-all/slf4j-jboss-logm |fedora-all/slf4j-jboss-logm |anager=affected,openshift-1 |anager=affected,openshift-1 |/slf4j=affected,rhscl-3/rh- |/slf4j=affected,rhscl-3/rh- |java-common-slf4j=affected, |java-common-slf4j=affected, |sam-1/slf4j=wontfix,jws-3/s |sam-1/slf4j=wontfix,jws-3/s |lf4j=new,brms-5/slf4j=new,b |lf4j=new,brms-5/slf4j=new,b |rms-6/slf4j=new,amq-6/slf4j |rms-6/slf4j=new,amq-6/slf4j |=new,soap-5/slf4j=new,eap-5 |=new,soap-5/slf4j=new,eap-5 |/slf4j=new,eap-6/slf4j=affe |/slf4j=new,eap-6/slf4j=affe |cted,eap-7/slf4j=affected,j |cted,eap-7/slf4j=affected,j |bds-11/slf4j=new,jdg-6/slf4 |bds-11/slf4j=new,jdg-6/slf4 |j=new,jdg-7/slf4j=new,jdv-6 |j=new,jdg-7/slf4j=new,jdv-6 |/slf4j=new,fsw-6/slf4j=new, |/slf4j=new,fsw-6/slf4j=new, |fuse-6/slf4j=new,jon-3/slf4 |fuse-6/slf4j=new,jon-3/slf4 |j=new,jpp-6/slf4j=new,rhsso |j=new,jpp-6/slf4j=new,rhsso |-7/slf4j=new,rhn_satellite_ |-7/slf4j=new,rhn_satellite_ |6/spacewalk-slf4j=affected, |6/spacewalk-slf4j=affected, |rhn_satellite_6/slf4j=affec |rhn_satellite_6/slf4j=affec |ted,rhel-6/slf4j=affected,r |ted,rhel-6/slf4j=wontfix,rh |hel-7/slf4j=affected,rhel-8 |el-7/slf4j=affected,rhel-8/ |/slf4j=affected,rhev-m-4/jb |slf4j=affected,rhev-m-4/jbo |oss=affected,vertx-3/slf4j= |ss=affected,vertx-3/slf4j=n |new,openstack-8/slf4j-api=n |ew,openstack-8/slf4j-api=no |otaffected,openstack-9/slf4 |taffected,openstack-9/slf4j |j-api=notaffected,openstack |-api=notaffected,openstack- |-10/slf4j-api=notaffected,o |10/slf4j-api=notaffected,op |penstack-11/slf4j-api=notaf |enstack-11/slf4j-api=notaff |fected,openstack-12/slf4j-a |ected,openstack-12/slf4j-ap |pi=notaffected,openstack-13 |i=notaffected,openstack-13/ |/slf4j-api=notaffected,rhsc |slf4j-api=notaffected,rhscl |l-3/rh-maven35-slf4j=affect |-3/rh-maven35-slf4j=affecte |ed |d -- You are receiving this mail because: You are on the CC list for the bug.

6 years, 1 month

1
0
0 / 0

[Bug 1537610] New: Please retire this package in rawhide

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1537610 Bug ID: 1537610 Summary: Please retire this package in rawhide Product: Fedora Version: rawhide Component: jackson-module-jaxb-annotations Assignee: puntogil(a)libero.it Reporter: mat.booth(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, lef(a)fedoraproject.org, puntogil(a)libero.it Jackson upstream merged this module into the jackson-modules-base repo Accordingly, in rawhide/F28+ the jackson-modules-base package was updated and it now provides a jackson-module-jaxb-annotations sub-package that obsoletes this standalone RPM. See this build of jackson-modules-base: https://koji.fedoraproject.org/koji/buildinfo?buildID=1020083 Please retire this package in Fedora 28 onwards. -- You are receiving this mail because: You are on the CC list for the bug.

6 years, 1 month

1
3
0 / 0

[Bug 1538332] CVE-2018-5968 jackson-databind: unsafe deserialization due to incomplete blacklist ( incomplete fix for CVE-2017-7525 and CVE-2017-17485)

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1538332 Doran Moppert <dmoppert(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=moderate,public=2018 |impact=moderate,public=2018 |0118,reported=20180122,sour |0118,reported=20180122,sour |ce=cve,cvss3=8.1/CVSS:3.0/A |ce=cve,cvss3=8.1/CVSS:3.0/A |V:N/AC:H/PR:N/UI:N/S:U/C:H/ |V:N/AC:H/PR:N/UI:N/S:U/C:H/ |I:H/A:H,cwe=CWE-502,jdv-6/j |I:H/A:H,cwe=CWE-502,jdv-6/j |ackson-databind=new,jbds-10 |ackson-databind=new,jbds-10 |/jackson-databind=wontfix,a |/jackson-databind=wontfix,a |mq-6/jackson-databind=new,b |mq-6/jackson-databind=new,b |pms-6/jackson-databind=new, |pms-6/jackson-databind=new, |jdg-7/jackson-databind=new, |jdg-7/jackson-databind=new, |jbds-8/jackson-databind=won |jbds-8/jackson-databind=won |tfix,eap-7/jackson-databind |tfix,eap-7/jackson-databind |=affected/impact=moderate/c |=affected/impact=moderate/c |vss3=8.1/CVSS:3.0/AV:N/AC:H |vss3=8.1/CVSS:3.0/AV:N/AC:H |/PR:N/UI:N/S:U/C:H/I:H/A:H, |/PR:N/UI:N/S:U/C:H/I:H/A:H, |fuse-6/jackson-databind=new |fuse-6/jackson-databind=new |,rhsso-7/jackson-databind=n |,rhsso-7/jackson-databind=n |ew,sam-1/jackson-databind=w |ew,sam-1/jackson-databind=w |ontfix,rhscl-3/rh-eclipse46 |ontfix,rhscl-3/rh-eclipse46 |-jackson-databind=new,rhev- |-jackson-databind=affected, |m-4/jackson-databind=new,fe |rhev-m-4/jackson-databind=a |dora-all/jackson-databind=a |ffected,fedora-all/jackson- |ffected,openshift-1/jackson |databind=affected,openshift |-databind=new,rhscl-3/rh-ma |-1/jackson-databind=new,rhs |ven35-jackson-databind=new, |cl-3/rh-maven35-jackson-dat |rhn_satellite_6/jackson-dat |abind=affected,rhn_satellit |abind=wontfix,eap-6/jackson |e_6/jackson-databind=wontfi |-databind=affected/impact=m |x,eap-6/jackson-databind=af |oderate/cvss3=8.1/CVSS:3.0/ |fected/impact=moderate/cvss |AV:N/AC:H/PR:N/UI:N/S:U/C:H |3=8.1/CVSS:3.0/AV:N/AC:H/PR |/I:H/A:H |:N/UI:N/S:U/C:H/I:H/A:H -- You are receiving this mail because: You are on the CC list for the bug.

6 years, 1 month

1
0
0 / 0

[Bug 1413466] CVE-2016-6814 Apache Groovy: Remote code execution via deserialization

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1413466 --- Comment #25 from Kurt Seifried <kseifried(a)redhat.com> --- Statement: This issue affects the versions of groovy as shipped with Red Hat Satellite 6.0 and 6.1. Red Hat Satellite 6.2 and later do not ship groovy, as such they are not affected by this vulnerability. -- You are receiving this mail because: You are on the CC list for the bug.

6 years, 1 month

1
0
0 / 0

[Bug 1413466] CVE-2016-6814 Apache Groovy: Remote code execution via deserialization

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1413466 Kurt Seifried <kseifried(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=important,public=201 |impact=important,public=201 |70114,reported=20170112,sou |70114,reported=20170112,sou |rce=internet,cvss3=9.6/CVSS |rce=internet,cvss3=9.6/CVSS |:3.0/AV:N/AC:L/PR:N/UI:R/S: |:3.0/AV:N/AC:L/PR:N/UI:R/S: |C/C:H/I:H/A:H,cwe=CWE-502,a |C/C:H/I:H/A:H,cwe=CWE-502,a |mq-6/groovy=affected,jdv-6/ |mq-6/groovy=affected,jdv-6/ |groovy=affected/cvss3=8.3/C |groovy=affected/impact=mode |VSS:3.0/AV:N/AC:H/PR:N/UI:R |rate/cvss3=8.3/CVSS:3.0/AV: |/S:C/C:H/I:H/A:H/impact=mod |N/AC:H/PR:N/UI:R/S:C/C:H/I: |erate,eap-5/groovy=wontfix, |H/A:H,eap-5/groovy=wontfix, |brms-5/groovy=wontfix,soap- |brms-5/groovy=wontfix,soap- |5/groovy=wontfix,eds-5/groo |5/groovy=wontfix,eds-5/groo |vy=wontfix,fsw-6/camel=affe |vy=wontfix,fsw-6/camel=affe |cted,fuse-6/camel=affected, |cted,fuse-6/camel=affected, |jon-3/groovy=notaffected,ep |jon-3/groovy=notaffected,ep |p-5/groovy=new,openshift-en |p-5/groovy=new,openshift-en |terprise-2/jenkins=wontfix, |terprise-2/jenkins=wontfix, |rhev-m-3/jasperreports-serv |rhev-m-3/jasperreports-serv |er-pro=wontfix,rhel-7/groov |er-pro=wontfix,rhel-7/groov |y=affected,rhn_satellite_6/ |y=affected,rhn_satellite_6/ |groovy=notaffected,rhscl-2/ |groovy=notaffected,rhscl-2/ |rh-maven33-groovy=affected, |rh-maven33-groovy=affected, |fedora-all/groovy=affected, |fedora-all/groovy=affected, |fedora-all/groovy18=affecte |fedora-all/groovy18=affecte |d |d -- You are receiving this mail because: You are on the CC list for the bug.

6 years, 1 month

1
0
0 / 0

[Bug 1548909] slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1548909 Doran Moppert <dmoppert(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=important,public=201 |impact=important,public=201 |80222,reported=20180226,sou |80222,reported=20180226,sou |rce=researcher,cvss3=8.1/CV |rce=researcher,cvss3=8.1/CV |SS:3.0/AV:N/AC:H/PR:N/UI:N/ |SS:3.0/AV:N/AC:H/PR:N/UI:N/ |S:U/C:H/I:H/A:H,cwe=CWE-502 |S:U/C:H/I:H/A:H,cwe=CWE-502 |,fedora-all/slf4j=affected, |,fedora-all/slf4j=affected, |fedora-all/slf4j-jboss-logm |fedora-all/slf4j-jboss-logm |anager=affected,openshift-1 |anager=affected,openshift-1 |/slf4j=affected,rhscl-3/rh- |/slf4j=affected,rhscl-3/rh- |java-common-slf4j=new,sam-1 |java-common-slf4j=affected, |/slf4j=wontfix,jws-3/slf4j= |sam-1/slf4j=wontfix,jws-3/s |new,brms-5/slf4j=new,brms-6 |lf4j=new,brms-5/slf4j=new,b |/slf4j=new,amq-6/slf4j=new, |rms-6/slf4j=new,amq-6/slf4j |soap-5/slf4j=new,eap-5/slf4 |=new,soap-5/slf4j=new,eap-5 |j=new,eap-6/slf4j=affected, |/slf4j=new,eap-6/slf4j=affe |eap-7/slf4j=affected,jbds-1 |cted,eap-7/slf4j=affected,j |1/slf4j=new,jdg-6/slf4j=new |bds-11/slf4j=new,jdg-6/slf4 |,jdg-7/slf4j=new,jdv-6/slf4 |j=new,jdg-7/slf4j=new,jdv-6 |j=new,fsw-6/slf4j=new,fuse- |/slf4j=new,fsw-6/slf4j=new, |6/slf4j=new,jon-3/slf4j=new |fuse-6/slf4j=new,jon-3/slf4 |,jpp-6/slf4j=new,rhsso-7/sl |j=new,jpp-6/slf4j=new,rhsso |f4j=new,rhn_satellite_6/spa |-7/slf4j=new,rhn_satellite_ |cewalk-slf4j=affected,rhn_s |6/spacewalk-slf4j=affected, |atellite_6/slf4j=affected,r |rhn_satellite_6/slf4j=affec |hel-6/slf4j=new,rhel-7/slf4 |ted,rhel-6/slf4j=affected,r |j=new,rhel-8/slf4j=new,rhev |hel-7/slf4j=affected,rhel-8 |-m-4/jboss=new,vertx-3/slf4 |/slf4j=affected,rhev-m-4/jb |j=new,openstack-8/slf4j-api |oss=affected,vertx-3/slf4j= |=notaffected,openstack-9/sl |new,openstack-8/slf4j-api=n |f4j-api=notaffected,opensta |otaffected,openstack-9/slf4 |ck-10/slf4j-api=notaffected |j-api=notaffected,openstack |,openstack-11/slf4j-api=not |-10/slf4j-api=notaffected,o |affected,openstack-12/slf4j |penstack-11/slf4j-api=notaf |-api=notaffected,openstack- |fected,openstack-12/slf4j-a |13/slf4j-api=notaffected |pi=notaffected,openstack-13 | |/slf4j-api=notaffected,rhsc | |l-3/rh-maven35-slf4j=affect | |ed -- You are receiving this mail because: You are on the CC list for the bug.

6 years, 1 month

1
0
0 / 0

[Bug 1548909] slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1548909 Bharti Kundal <bkundal(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1550336, 1550337 -- You are receiving this mail because: You are on the CC list for the bug.

6 years, 1 month

1
0
0 / 0

← Newer
1
...
39
40
41
42
Older →

Jump to page: