June 2018 - java-sig-commits - Fedora Mailing-Lists

[Bug 1549276] CVE-2018-7489 jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1549276 errata-xmlrpc <errata-xmlrpc(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- External Bug ID| |Red Hat Product Errata | |RHSA-2018:1786 -- You are receiving this mail because: You are on the CC list for the bug.

5 years, 10 months

1
0
0 / 0

[Bug 1549276] CVE-2018-7489 jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1549276 --- Comment #22 from errata-xmlrpc <errata-xmlrpc(a)redhat.com> --- This issue has been addressed in the following products: Red Hat Openshift Application Runtimes Via RHSA-2018:1786 https://access.redhat.com/errata/RHSA-2018:1786 -- You are receiving this mail because: You are on the CC list for the bug.

5 years, 10 months

1
0
0 / 0

[Bug 1508111] New: CVE-2016-5002 xmlrpc: XML external entity vulnerability SSRF via a crafted DTD [fedora-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1508111 Bug ID: 1508111 Summary: CVE-2016-5002 xmlrpc: XML external entity vulnerability SSRF via a crafted DTD [fedora-all] Product: Fedora Version: 26 Component: xmlrpc Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: mizdebsk(a)redhat.com Reporter: psampaio(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: dbhole(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, krzysztof.daniel(a)gmail.com, mizdebsk(a)redhat.com, msimacek(a)redhat.com, puntogil(a)libero.it, sochotni(a)redhat.com This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug.

5 years, 10 months

1
16
0 / 0

[Bug 1508124] New: CVE-2016-5003 xmlrpc: Deserialization of untrusted Java object through <ex:serializable> tag [ fedora-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1508124 Bug ID: 1508124 Summary: CVE-2016-5003 xmlrpc: Deserialization of untrusted Java object through <ex:serializable> tag [fedora-all] Product: Fedora Version: 26 Component: xmlrpc Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: mizdebsk(a)redhat.com Reporter: psampaio(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: dbhole(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, krzysztof.daniel(a)gmail.com, mizdebsk(a)redhat.com, msimacek(a)redhat.com, puntogil(a)libero.it, sochotni(a)redhat.com This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug.

5 years, 10 months

1
17
0 / 0

[Bug 1508110] CVE-2016-5002 xmlrpc: XML external entity vulnerability SSRF via a crafted DTD

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1508110 Bug 1508110 depends on bug 1508111, which changed state. Bug 1508111 Summary: CVE-2016-5002 xmlrpc: XML external entity vulnerability SSRF via a crafted DTD [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1508111 What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA -- You are receiving this mail because: You are on the CC list for the bug.

5 years, 10 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

java-sig-commits June 2018