June 2018 - java-sig-commits - Fedora Mailing-Lists

[Bug 1564408] CVE-2018-1272 spring-framework: Multipart content pollution

by bugzilla＠redhat.com

5 years, 11 months

1
0
0 / 0

[Bug 1550671] CVE-2018-1067 undertow: HTTP header injection using CRLF with UTF-8 Encoding ( incomplete fix of CVE-2016-4993)

by bugzilla＠redhat.com

5 years, 11 months

1
0
0 / 0

[Bug 1584337] jwebunit: FTBFS in Fedora rawhide (dependency not found)

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1584337 Raphael Groner <projects.rg(a)smart.ms> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |RAWHIDE Last Closed| |2018-06-16 08:04:33 --- Comment #2 from Raphael Groner <projects.rg(a)smart.ms> --- fixed with commit 036224 -- You are receiving this mail because: You are on the CC list for the bug.

5 years, 11 months

1
0
0 / 0

[Bug 1584392] CVE-2018-1002200 plexus-archiver: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1584392 Bug 1584392 depends on bug 1587817, which changed state. Bug 1587817 Summary: CVE-2018-1002200 plexus-archiver: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file [fedora-28] https://bugzilla.redhat.com/show_bug.cgi?id=1587817 What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA -- You are receiving this mail because: You are on the CC list for the bug.

5 years, 11 months

1
0
0 / 0

[Bug 1587817] New: CVE-2018-1002200 plexus-archiver: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file [fedora-28]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1587817 Bug ID: 1587817 Summary: CVE-2018-1002200 plexus-archiver: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file [fedora-28] Product: Fedora Version: 28 Component: plexus-archiver Keywords: Security, SecurityTracking Severity: high Priority: high Assignee: msimacek(a)redhat.com Reporter: anemec(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: dbhole(a)redhat.com, jaromir.capik(a)email.cz, java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, msimacek(a)redhat.com This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-28. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. -- You are receiving this mail because: You are on the CC list for the bug.

5 years, 11 months

1
6
0 / 0

[Bug 1584392] CVE-2018-1002200 plexus-archiver: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1584392 Bug 1584392 depends on bug 1587818, which changed state. Bug 1587818 Summary: CVE-2018-1002200 plexus-archiver: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file [fedora-27] https://bugzilla.redhat.com/show_bug.cgi?id=1587818 What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA -- You are receiving this mail because: You are on the CC list for the bug.

5 years, 11 months

1
0
0 / 0

[Bug 1587818] New: CVE-2018-1002200 plexus-archiver: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file [fedora-27]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1587818 Bug ID: 1587818 Summary: CVE-2018-1002200 plexus-archiver: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file [fedora-27] Product: Fedora Version: 27 Component: plexus-archiver Keywords: Security, SecurityTracking Severity: high Priority: high Assignee: msimacek(a)redhat.com Reporter: anemec(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: dbhole(a)redhat.com, jaromir.capik(a)email.cz, java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, msimacek(a)redhat.com This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-27. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. -- You are receiving this mail because: You are on the CC list for the bug.

5 years, 11 months

1
6
0 / 0

[Bug 1550671] CVE-2018-1067 undertow: HTTP header injection using CRLF with UTF-8 Encoding ( incomplete fix of CVE-2016-4993)

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1550671 Doran Moppert <dmoppert(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1591095 -- You are receiving this mail because: You are on the CC list for the bug.

5 years, 11 months

1
0
0 / 0

[Bug 1550671] CVE-2018-1067 undertow: HTTP header injection using CRLF with UTF-8 Encoding ( incomplete fix of CVE-2016-4993)

by bugzilla＠redhat.com

5 years, 11 months

1
0
0 / 0

[Bug 1372124] CVE-2016-6347 RESTEasy: Use of the default exception handler in RESTEasy can lead to reflected XSS attack

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1372124 Kurt Seifried <kseifried(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1590941 --- Comment #10 from Kurt Seifried <kseifried(a)redhat.com> --- Created resteasy tracking bugs for this issue: Affects: fedora-all [bug 1590941] Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1590941 [Bug 1590941] CVE-2016-6347 RESTEasy: Use of the default exception handler in RESTEasy can lead to reflected XSS attack [fedora-all] -- You are receiving this mail because: You are on the CC list for the bug.

5 years, 11 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

java-sig-commits June 2018