[Bug 1581542] New: CVE-2018-8012 zookeeper: No authentication or authorization is enforced when a server joins a quorum
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1581542
Bug ID: 1581542
Summary: CVE-2018-8012 zookeeper: No authentication or
authorization is enforced when a server joins a quorum
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: high
Priority: high
Assignee: security-response-team(a)redhat.com
Reporter: sfowler(a)redhat.com
CC: aileenc(a)redhat.com, alazarot(a)redhat.com,
anstephe(a)redhat.com, avibelli(a)redhat.com,
bgeorges(a)redhat.com, chazlett(a)redhat.com,
cmoulliard(a)redhat.com, ctubbsii(a)fedoraproject.org,
drieden(a)redhat.com, etirelli(a)redhat.com,
greg.hellings(a)gmail.com, gvarsami(a)redhat.com,
hghasemb(a)redhat.com, ibek(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jbalunas(a)redhat.com, jcoleman(a)redhat.com,
jolee(a)redhat.com, jpallich(a)redhat.com,
jschatte(a)redhat.com, jshepherd(a)redhat.com,
jstastny(a)redhat.com, kconner(a)redhat.com,
krathod(a)redhat.com, kverlaen(a)redhat.com,
ldimaggi(a)redhat.com, lpetrovi(a)redhat.com,
lthon(a)redhat.com, mluscon(a)gmail.com,
mszynkie(a)redhat.com, nwallace(a)redhat.com,
paradhya(a)redhat.com, pavelp(a)redhat.com,
pgallagh(a)redhat.com, pszubiak(a)redhat.com,
rhel8-maint(a)redhat.com, rrajasek(a)redhat.com,
rruss(a)redhat.com, rsynek(a)redhat.com,
rwagner(a)redhat.com, rzhang(a)redhat.com,
sdaley(a)redhat.com, s(a)shk.io, tcunning(a)redhat.com,
tkirby(a)redhat.com, trogers(a)redhat.com,
tstclair(a)heptio.com, vhalbert(a)redhat.com
Apache ZooKeeper before 3.4.10, and 3.5.0-alpha through 3.5.3-beta does not
enforce any authentication/authorization when a server attempts to join a
quorum in . As a result an arbitrary end point could join the cluster and begin
propagating counterfeit changes to the leader.
External References:
http://openwall.com/lists/oss-security/2018/05/21/6
https://cwiki.apache.org/confluence/display/ZOOKEEPER/Server-Server+mutua...
https://issues.apache.org/jira/browse/ZOOKEEPER-1045
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 9 months
[Bug 1600426] New: Reconsider auto-requires: javapackages-tools
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1600426
Bug ID: 1600426
Summary: Reconsider auto-requires: javapackages-tools
Product: Fedora
Version: rawhide
Component: javapackages-tools
Assignee: mizdebsk(a)redhat.com
Reporter: sgehwolf(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: ctubbsii(a)fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
mat.booth(a)redhat.com, mizdebsk(a)redhat.com,
msimacek(a)redhat.com, msrb(a)redhat.com,
sochotni(a)redhat.com
Description of problem:
In rawhide when I build a Java package I get a run-time requirement of
javapackakges-tools whether I want that or not. This wouldn't concern me as
much if javapackages-tools wouldn't drag in java-1.8.0-openjdk-headless. So for
a java package that runs fine with, say JDK 10, I'd get JDK 8 too, due to
javapackages-tools auto-requires.
Example from the byteman build:
-------------------------------
[INFO osgi.prov] input:
['/builddir/build/BUILDROOT/byteman-4.0.4-1.module_1916+32d410e4.noarch/usr/share/byteman/contrib/jboss-modules-system/byteman-jboss-modules-plugin.jar']
[INFO osgi.req] input:
['/builddir/build/BUILDROOT/byteman-4.0.4-1.module_1916+32d410e4.noarch/usr/share/byteman/contrib/jboss-modules-system/byteman-jboss-modules-plugin.jar']
[INFO osgi.prov] input:
['/builddir/build/BUILDROOT/byteman-4.0.4-1.module_1916+32d410e4.noarch/usr/share/byteman/lib/byteman-install.jar']
[INFO osgi.req] input:
['/builddir/build/BUILDROOT/byteman-4.0.4-1.module_1916+32d410e4.noarch/usr/share/byteman/lib/byteman-install.jar']
[INFO osgi.prov] input:
['/builddir/build/BUILDROOT/byteman-4.0.4-1.module_1916+32d410e4.noarch/usr/share/byteman/lib/byteman-sample.jar']
[INFO osgi.req] input:
['/builddir/build/BUILDROOT/byteman-4.0.4-1.module_1916+32d410e4.noarch/usr/share/byteman/lib/byteman-sample.jar']
[INFO osgi.prov] input:
['/builddir/build/BUILDROOT/byteman-4.0.4-1.module_1916+32d410e4.noarch/usr/share/byteman/lib/byteman-submit.jar']
[INFO osgi.req] input:
['/builddir/build/BUILDROOT/byteman-4.0.4-1.module_1916+32d410e4.noarch/usr/share/byteman/lib/byteman-submit.jar']
[INFO osgi.prov] input:
['/builddir/build/BUILDROOT/byteman-4.0.4-1.module_1916+32d410e4.noarch/usr/share/byteman/lib/byteman.jar']
[INFO osgi.req] input:
['/builddir/build/BUILDROOT/byteman-4.0.4-1.module_1916+32d410e4.noarch/usr/share/byteman/lib/byteman.jar']
[INFO osgi.prov] input:
['/builddir/build/BUILDROOT/byteman-4.0.4-1.module_1916+32d410e4.noarch/usr/share/java/byteman/byteman-agent.jar']
[INFO osgi.req] input:
['/builddir/build/BUILDROOT/byteman-4.0.4-1.module_1916+32d410e4.noarch/usr/share/java/byteman/byteman-agent.jar']
[INFO osgi.prov] input:
['/builddir/build/BUILDROOT/byteman-4.0.4-1.module_1916+32d410e4.noarch/usr/share/java/byteman/byteman-install.jar']
[INFO osgi.prov] osgi(org.jboss.byteman.agent.install) = 4.0.4
[INFO osgi.req] input:
['/builddir/build/BUILDROOT/byteman-4.0.4-1.module_1916+32d410e4.noarch/usr/share/java/byteman/byteman-install.jar']
[INFO osgi.prov] input:
['/builddir/build/BUILDROOT/byteman-4.0.4-1.module_1916+32d410e4.noarch/usr/share/java/byteman/byteman-jboss-modules-plugin.jar']
[INFO osgi.req] input:
['/builddir/build/BUILDROOT/byteman-4.0.4-1.module_1916+32d410e4.noarch/usr/share/java/byteman/byteman-jboss-modules-plugin.jar']
[INFO osgi.prov] input:
['/builddir/build/BUILDROOT/byteman-4.0.4-1.module_1916+32d410e4.noarch/usr/share/java/byteman/byteman-jigsaw.jar']
[INFO osgi.req] input:
['/builddir/build/BUILDROOT/byteman-4.0.4-1.module_1916+32d410e4.noarch/usr/share/java/byteman/byteman-jigsaw.jar']
[INFO osgi.prov] input:
['/builddir/build/BUILDROOT/byteman-4.0.4-1.module_1916+32d410e4.noarch/usr/share/java/byteman/byteman-layer.jar']
[INFO osgi.req] input:
['/builddir/build/BUILDROOT/byteman-4.0.4-1.module_1916+32d410e4.noarch/usr/share/java/byteman/byteman-layer.jar']
[INFO osgi.prov] input:
['/builddir/build/BUILDROOT/byteman-4.0.4-1.module_1916+32d410e4.noarch/usr/share/java/byteman/byteman-sample.jar']
[INFO osgi.req] input:
['/builddir/build/BUILDROOT/byteman-4.0.4-1.module_1916+32d410e4.noarch/usr/share/java/byteman/byteman-sample.jar']
[INFO osgi.prov] input:
['/builddir/build/BUILDROOT/byteman-4.0.4-1.module_1916+32d410e4.noarch/usr/share/java/byteman/byteman-submit.jar']
[INFO osgi.prov] osgi(org.jboss.byteman.agent.submit) = 4.0.4
[INFO osgi.req] input:
['/builddir/build/BUILDROOT/byteman-4.0.4-1.module_1916+32d410e4.noarch/usr/share/java/byteman/byteman-submit.jar']
[INFO osgi.prov] input:
['/builddir/build/BUILDROOT/byteman-4.0.4-1.module_1916+32d410e4.noarch/usr/share/java/byteman/byteman.jar']
[INFO osgi.req] input:
['/builddir/build/BUILDROOT/byteman-4.0.4-1.module_1916+32d410e4.noarch/usr/share/java/byteman/byteman.jar']
[INFO maven.prov] input:
['/builddir/build/BUILDROOT/byteman-4.0.4-1.module_1916+32d410e4.noarch/usr/share/maven-metadata/byteman.xml']
[INFO maven.prov] mvn(org.jboss.byteman:byteman-jigsaw:pom:) = 4.0.4,
mvn(org.jboss.byteman:byteman-submit:pom:) = 4.0.4,
mvn(org.jboss.byteman:byteman-jboss-modules-plugin) = 4.0.4,
mvn(org.jboss.byteman:byteman-submit) = 4.0.4, mvn(org.jboss.byteman:byteman) =
4.0.4, mvn(org.jboss.byteman:byteman-install:pom:) = 4.0.4,
mvn(org.jboss.byteman:byteman-jboss-modules:pom:) = 4.0.4,
mvn(org.jboss.byteman:tests:pom:) = 4.0.4, mvn(org.jboss.byteman:byteman:pom:)
= 4.0.4, mvn(org.jboss.byteman:byteman-jboss-modules-plugin:pom:) = 4.0.4,
mvn(org.jboss.byteman:byteman-jigsaw) = 4.0.4,
mvn(org.jboss.byteman:byteman-install) = 4.0.4,
mvn(org.jboss.byteman:byteman-layer:pom:) = 4.0.4,
mvn(org.jboss.byteman:byteman-sample) = 4.0.4,
mvn(org.jboss.byteman:byteman-sample:pom:) = 4.0.4,
mvn(org.jboss.byteman:byteman-root:pom:) = 4.0.4,
mvn(org.jboss.byteman:byteman-agent) = 4.0.4,
mvn(org.jboss.byteman:byteman-layer) = 4.0.4,
mvn(org.jboss.byteman:byteman-agent:pom:) = 4.0.4
[INFO maven.req] input:
['/builddir/build/BUILDROOT/byteman-4.0.4-1.module_1916+32d410e4.noarch/usr/share/maven-metadata/byteman.xml']
[INFO maven.req] javapackages-tools, mvn(org.ow2.asm:asm-commons),
mvn(org.ow2.asm:asm-tree), mvn(org.ow2.asm:asm-analysis), java-headless >=
1:1.9, mvn(org.ow2.asm:asm), mvn(java_cup:java_cup)
Provides: bundled(java_cup) = 1:0.11b-8 bundled(objectweb-asm) = 6.2 byteman =
4.0.4-1.module_1916+32d410e4 mvn(org.jboss.byteman:byteman) = 4.0.4
mvn(org.jboss.byteman:byteman-agent) = 4.0.4
mvn(org.jboss.byteman:byteman-agent:pom:) = 4.0.4
mvn(org.jboss.byteman:byteman-install) = 4.0.4
mvn(org.jboss.byteman:byteman-install:pom:) = 4.0.4
mvn(org.jboss.byteman:byteman-jboss-modules-plugin) = 4.0.4
mvn(org.jboss.byteman:byteman-jboss-modules-plugin:pom:) = 4.0.4
mvn(org.jboss.byteman:byteman-jboss-modules:pom:) = 4.0.4
mvn(org.jboss.byteman:byteman-jigsaw) = 4.0.4
mvn(org.jboss.byteman:byteman-jigsaw:pom:) = 4.0.4
mvn(org.jboss.byteman:byteman-layer) = 4.0.4
mvn(org.jboss.byteman:byteman-layer:pom:) = 4.0.4
mvn(org.jboss.byteman:byteman-root:pom:) = 4.0.4
mvn(org.jboss.byteman:byteman-sample) = 4.0.4
mvn(org.jboss.byteman:byteman-sample:pom:) = 4.0.4
mvn(org.jboss.byteman:byteman-submit) = 4.0.4
mvn(org.jboss.byteman:byteman-submit:pom:) = 4.0.4
mvn(org.jboss.byteman:byteman:pom:) = 4.0.4 mvn(org.jboss.byteman:tests:pom:) =
4.0.4 osgi(org.jboss.byteman.agent.install) = 4.0.4
osgi(org.jboss.byteman.agent.submit) = 4.0.4
Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <=
4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1
Requires: /bin/bash /bin/sh javapackages-tools
-------------------------------
The byteman package doesn't have any explicit 'Requires: javapackages-tools' in
its spec[1].
What is the reason for auto-requires of javapackages-tools? If it's the
directory structure this should get switched to javapackages-filesystem instead
which won't have a dep on the JDK.
Please re-assign component as necessary.
[1] https://src.fedoraproject.org/rpms/byteman/blob/byteman/f/byteman.spec
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 9 months
[Bug 1622774] New: CVE-2018-8006 activemq: Cross-site scripting (XSS) via QueueFilter parameter
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1622774
Bug ID: 1622774
Summary: CVE-2018-8006 activemq: Cross-site scripting (XSS) via
QueueFilter parameter
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: sfowler(a)redhat.com
CC: agrimm(a)gmail.com, aileenc(a)redhat.com,
alazarot(a)redhat.com, anstephe(a)redhat.com,
bkundal(a)redhat.com, bmaxwell(a)redhat.com,
bmcclain(a)redhat.com, cdewolf(a)redhat.com,
chazlett(a)redhat.com, csutherl(a)redhat.com,
darran.lofthouse(a)redhat.com, dblechte(a)redhat.com,
dfediuck(a)redhat.com, dimitris(a)redhat.com,
dosoudil(a)redhat.com, drieden(a)redhat.com,
eedri(a)redhat.com, etirelli(a)redhat.com,
gvarsami(a)redhat.com, hghasemb(a)redhat.com,
ibek(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jawilson(a)redhat.com, jcoleman(a)redhat.com,
jshepherd(a)redhat.com, kconner(a)redhat.com,
krathod(a)redhat.com, kverlaen(a)redhat.com,
ldimaggi(a)redhat.com, lgao(a)redhat.com,
lpetrovi(a)redhat.com, mgoldboi(a)redhat.com,
michal.skrivanek(a)redhat.com, myarboro(a)redhat.com,
nwallace(a)redhat.com, paradhya(a)redhat.com,
pdrozd(a)redhat.com, pgier(a)redhat.com,
psakar(a)redhat.com, pslavice(a)redhat.com,
psotirop(a)redhat.com, pszubiak(a)redhat.com,
puntogil(a)libero.it, rnetuka(a)redhat.com,
rrajasek(a)redhat.com, rsvoboda(a)redhat.com,
rsynek(a)redhat.com, rwagner(a)redhat.com,
rzhang(a)redhat.com, sbonazzo(a)redhat.com,
sdaley(a)redhat.com, sherold(a)redhat.com, s(a)shk.io,
sthorger(a)redhat.com, tcunning(a)redhat.com,
tdawson(a)redhat.com, tkirby(a)redhat.com,
twalsh(a)redhat.com, vtunka(a)redhat.com, ylavi(a)redhat.com
Apache ActiveMQ before version 5.15.5 is vulnerable to cross-site scripting
(XSS) flaw via the QueueFilter parameter. An attacker could exploit this by
feeding a URL encoded script to the QueueFilter parameter in the URI.
External Reference:
https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL20...
Upstream Bug:
https://issues.apache.org/jira/browse/AMQ-6954
Upstream Patches:
https://git-wip-us.apache.org/repos/asf?p=activemq.git;h=d25de5d
https://git-wip-us.apache.org/repos/asf?p=activemq.git;h=d8c80a9
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 9 months
[Bug 1607584] New: CVE-2018-8037 tomcat: Due to a mishandling of close in NIO/ NIO2 connectors user sessions can get mixed up [fedora-all]
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1607584
Bug ID: 1607584
Summary: CVE-2018-8037 tomcat: Due to a mishandling of close in
NIO/NIO2 connectors user sessions can get mixed up
[fedora-all]
Product: Fedora
Version: 28
Component: tomcat
Keywords: Security, SecurityTracking
Severity: high
Priority: high
Assignee: ivan.afonichev(a)gmail.com
Reporter: psampaio(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: alee(a)redhat.com, coolsvap(a)gmail.com,
csutherl(a)redhat.com, ivan.afonichev(a)gmail.com,
java-sig-commits(a)lists.fedoraproject.org,
krzysztof.daniel(a)gmail.com
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 9 months
[Bug 1607580] New: CVE-2018-8034 tomcat: host name verification missing in WebSocket client
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1607580
Bug ID: 1607580
Summary: CVE-2018-8034 tomcat: host name verification missing
in WebSocket client
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: low
Priority: low
Assignee: security-response-team(a)redhat.com
Reporter: psampaio(a)redhat.com
CC: abhgupta(a)redhat.com, aileenc(a)redhat.com,
alazarot(a)redhat.com, alee(a)redhat.com,
anstephe(a)redhat.com, apintea(a)redhat.com,
avibelli(a)redhat.com, bgeorges(a)redhat.com,
bkundal(a)redhat.com, bmaxwell(a)redhat.com,
cdewolf(a)redhat.com, chazlett(a)redhat.com,
cmoulliard(a)redhat.com, coolsvap(a)gmail.com,
csutherl(a)redhat.com, darran.lofthouse(a)redhat.com,
dbaker(a)redhat.com, dimitris(a)redhat.com,
dosoudil(a)redhat.com, drieden(a)redhat.com,
etirelli(a)redhat.com, fgavrilo(a)redhat.com,
gvarsami(a)redhat.com, gzaronik(a)redhat.com,
hghasemb(a)redhat.com, hhorak(a)redhat.com,
ibek(a)redhat.com, ikanello(a)redhat.com,
ivan.afonichev(a)gmail.com,
java-sig-commits(a)lists.fedoraproject.org,
jawilson(a)redhat.com, jbalunas(a)redhat.com,
jclere(a)redhat.com, jcoleman(a)redhat.com,
jdoyle(a)redhat.com, jokerman(a)redhat.com,
jolee(a)redhat.com, jondruse(a)redhat.com,
jorton(a)redhat.com, jpallich(a)redhat.com,
jschatte(a)redhat.com, jshepherd(a)redhat.com,
jstastny(a)redhat.com, kconner(a)redhat.com,
krathod(a)redhat.com, krzysztof.daniel(a)gmail.com,
kverlaen(a)redhat.com, ldimaggi(a)redhat.com,
lgao(a)redhat.com, loleary(a)redhat.com,
lpetrovi(a)redhat.com, lthon(a)redhat.com,
mbabacek(a)redhat.com, mizdebsk(a)redhat.com,
mszynkie(a)redhat.com, myarboro(a)redhat.com,
nwallace(a)redhat.com, paradhya(a)redhat.com,
pgallagh(a)redhat.com, pgier(a)redhat.com,
pjurak(a)redhat.com, ppalaga(a)redhat.com,
psakar(a)redhat.com, pslavice(a)redhat.com,
pszubiak(a)redhat.com, rnetuka(a)redhat.com,
rrajasek(a)redhat.com, rruss(a)redhat.com,
rstancel(a)redhat.com, rsvoboda(a)redhat.com,
rsynek(a)redhat.com, rwagner(a)redhat.com,
rzhang(a)redhat.com, sdaley(a)redhat.com,
spinder(a)redhat.com, sstavrev(a)redhat.com,
sthangav(a)redhat.com, tcunning(a)redhat.com,
theute(a)redhat.com, tkirby(a)redhat.com,
trankin(a)redhat.com, trogers(a)redhat.com,
twalsh(a)redhat.com, vhalbert(a)redhat.com,
vtunka(a)redhat.com, weli(a)redhat.com
Flaw affecting tomcat . The host name verification when using TLS with the
WebSocket client was not enabled by default.
Upstream patch:
http://svn.apache.org/viewvc?view=revision&revision=1833757
References:
https://tomcat.apache.org/security-8.html
https://tomcat.apache.org/security-9.html
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 9 months
[Bug 1607586] New: CVE-2018-8034 tomcat: host name verification missing in WebSocket client [fedora-all]
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1607586
Bug ID: 1607586
Summary: CVE-2018-8034 tomcat: host name verification missing
in WebSocket client [fedora-all]
Product: Fedora
Version: 28
Component: tomcat
Keywords: Security, SecurityTracking
Severity: low
Priority: low
Assignee: ivan.afonichev(a)gmail.com
Reporter: psampaio(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: alee(a)redhat.com, coolsvap(a)gmail.com,
csutherl(a)redhat.com, ivan.afonichev(a)gmail.com,
java-sig-commits(a)lists.fedoraproject.org,
krzysztof.daniel(a)gmail.com
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 9 months
[Bug 1579612] New: CVE-2018-8014 tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins [fedora-all]
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1579612
Bug ID: 1579612
Summary: CVE-2018-8014 tomcat: Insecure defaults in CORS filter
enable 'supportsCredentials' for all origins
[fedora-all]
Product: Fedora
Version: 28
Component: tomcat
Keywords: Security, SecurityTracking
Severity: low
Priority: low
Assignee: ivan.afonichev(a)gmail.com
Reporter: sfowler(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: alee(a)redhat.com, csutherl(a)redhat.com,
ivan.afonichev(a)gmail.com,
java-sig-commits(a)lists.fedoraproject.org,
krzysztof.daniel(a)gmail.com, me(a)coolsvap.net
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 9 months