August 2018 - java-sig-commits - Fedora Mailing-Lists

[Bug 1607585] New: CVE-2018-8037 tomcat: Due to a mishandling of close in NIO/ NIO2 connectors user sessions can get mixed up [epel-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1607585 Bug ID: 1607585 Summary: CVE-2018-8037 tomcat: Due to a mishandling of close in NIO/NIO2 connectors user sessions can get mixed up [epel-all] Product: Fedora EPEL Version: epel7 Component: tomcat Keywords: Security, SecurityTracking Severity: high Priority: high Assignee: ivan.afonichev(a)gmail.com Reporter: psampaio(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: alee(a)redhat.com, coolsvap(a)gmail.com, csutherl(a)redhat.com, ivan.afonichev(a)gmail.com, java-sig-commits(a)lists.fedoraproject.org, krzysztof.daniel(a)gmail.com This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of epel-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora EPEL. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug.

5 years, 8 months

1
6
0 / 0

[Bug 1579613] New: CVE-2018-8014 tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins [epel-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1579613 Bug ID: 1579613 Summary: CVE-2018-8014 tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins [epel-all] Product: Fedora EPEL Version: epel7 Component: tomcat Keywords: Security, SecurityTracking Severity: low Priority: low Assignee: ivan.afonichev(a)gmail.com Reporter: sfowler(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: alee(a)redhat.com, csutherl(a)redhat.com, ivan.afonichev(a)gmail.com, java-sig-commits(a)lists.fedoraproject.org, krzysztof.daniel(a)gmail.com, me(a)coolsvap.net This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of epel-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora EPEL. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug.

5 years, 8 months

1
7
0 / 0

[Bug 1622775] New: CVE-2018-8006 activemq: Cross-site scripting (XSS) via QueueFilter parameter [fedora-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1622775 Bug ID: 1622775 Summary: CVE-2018-8006 activemq: Cross-site scripting (XSS) via QueueFilter parameter [fedora-all] Product: Fedora Version: 28 Component: activemq Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: puntogil(a)libero.it Reporter: sfowler(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: agrimm(a)gmail.com, java-sig-commits(a)lists.fedoraproject.org, puntogil(a)libero.it, s(a)shk.io, tdawson(a)redhat.com This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug.

5 years, 8 months

1
2
0 / 0

[Bug 1615673] New: wildfly-core: Cross-site scripting (XSS) in JBoss Management Console

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1615673 Bug ID: 1615673 Summary: wildfly-core: Cross-site scripting (XSS) in JBoss Management Console Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: sfowler(a)redhat.com CC: alazarot(a)redhat.com, anstephe(a)redhat.com, apintea(a)redhat.com, bkundal(a)redhat.com, bmaxwell(a)redhat.com, cdewolf(a)redhat.com, chazlett(a)redhat.com, csutherl(a)redhat.com, darran.lofthouse(a)redhat.com, dimitris(a)redhat.com, dosoudil(a)redhat.com, drieden(a)redhat.com, etirelli(a)redhat.com, fgavrilo(a)redhat.com, hghasemb(a)redhat.com, ibek(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, jawilson(a)redhat.com, jolee(a)redhat.com, jondruse(a)redhat.com, jschatte(a)redhat.com, jshepherd(a)redhat.com, jstastny(a)redhat.com, krathod(a)redhat.com, kverlaen(a)redhat.com, lef(a)fedoraproject.org, lgao(a)redhat.com, loleary(a)redhat.com, lpetrovi(a)redhat.com, mgoldman(a)redhat.com, myarboro(a)redhat.com, paradhya(a)redhat.com, pdrozd(a)redhat.com, pgier(a)redhat.com, pjurak(a)redhat.com, ppalaga(a)redhat.com, psakar(a)redhat.com, pslavice(a)redhat.com, psotirop(a)redhat.com, pszubiak(a)redhat.com, puntogil(a)libero.it, rnetuka(a)redhat.com, rrajasek(a)redhat.com, rstancel(a)redhat.com, rsvoboda(a)redhat.com, rsynek(a)redhat.com, rzhang(a)redhat.com, sdaley(a)redhat.com, spinder(a)redhat.com, sstavrev(a)redhat.com, sthorger(a)redhat.com, theute(a)redhat.com, twalsh(a)redhat.com, vhalbert(a)redhat.com, vtunka(a)redhat.com Blocks: 1614541 A cross-site scripting (XSS) vulnerability was found in the JBoss Management Console. Users with roles that can create objects in the application can exploit this to attack other privileged users. -- You are receiving this mail because: You are on the CC list for the bug.

5 years, 8 months

1
8
0 / 0

[Bug 1620342] CVE-2018-1999043 jenkins: Ephemeral user record was created on some invalid authentication attempts

by bugzilla＠redhat.com

5 years, 9 months

1
0
0 / 0

[Bug 1620355] New: CVE-2018-1999047 jenkins: Unauthorized users could cancel scheduled restarts initiated from the update center [fedora-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1620355 Bug ID: 1620355 Summary: CVE-2018-1999047 jenkins: Unauthorized users could cancel scheduled restarts initiated from the update center [fedora-all] Product: Fedora Version: 28 Component: jenkins Keywords: Security, SecurityTracking Severity: low Priority: low Assignee: msrb(a)redhat.com Reporter: sfowler(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, msrb(a)redhat.com This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug.

5 years, 9 months

1
2
0 / 0

[Bug 1620352] New: CVE-2018-1999046 jenkins: Unauthorized users could access agent logs [fedora-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1620352 Bug ID: 1620352 Summary: CVE-2018-1999046 jenkins: Unauthorized users could access agent logs [fedora-all] Product: Fedora Version: 28 Component: jenkins Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: msrb(a)redhat.com Reporter: sfowler(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, msrb(a)redhat.com This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug.

5 years, 9 months

1
2
0 / 0

[Bug 1620347] New: CVE-2018-1999045 jenkins: "Remember me" cookie was evaluated even if that feature is disabled [fedora-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1620347 Bug ID: 1620347 Summary: CVE-2018-1999045 jenkins: "Remember me" cookie was evaluated even if that feature is disabled [fedora-all] Product: Fedora Version: 28 Component: jenkins Keywords: Security, SecurityTracking Severity: low Priority: low Assignee: msrb(a)redhat.com Reporter: sfowler(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, msrb(a)redhat.com This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug.

5 years, 9 months

1
2
0 / 0

[Bug 1620345] New: CVE-2018-1999044 jenkins: Cron expression form validation could enter infinite loop, potentially resulting in denial of service [fedora-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1620345 Bug ID: 1620345 Summary: CVE-2018-1999044 jenkins: Cron expression form validation could enter infinite loop, potentially resulting in denial of service [fedora-all] Product: Fedora Version: 28 Component: jenkins Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: msrb(a)redhat.com Reporter: sfowler(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, msrb(a)redhat.com This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug.

5 years, 9 months

1
2
0 / 0

[Bug 1620343] New: CVE-2018-1999043 jenkins: Ephemeral user record was created on some invalid authentication attempts [fedora-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1620343 Bug ID: 1620343 Summary: CVE-2018-1999043 jenkins: Ephemeral user record was created on some invalid authentication attempts [fedora-all] Product: Fedora Version: 28 Component: jenkins Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: msrb(a)redhat.com Reporter: sfowler(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, msrb(a)redhat.com This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug.

5 years, 9 months

1
2
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

java-sig-commits August 2018