[Bug 1578578] CVE-2018-1257 spring-framework: ReDoS Attack with spring-messaging
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1578578
Tomas Hoger <thoger(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=low,public=20180509, |impact=low,public=20180509,
|reported=20180511,source=cv |reported=20180511,source=cv
|e,cvss3=4.8/CVSS:3.0/AV:N/A |e,cvss3=4.8/CVSS:3.0/AV:N/A
|C:H/PR:N/UI:N/S:U/C:L/I:N/A |C:H/PR:N/UI:N/S:U/C:L/I:N/A
|:L,cwe=CWE-200,fedora-all/s |:L,cwe=CWE-200,fedora-all/s
|pringframework=affected,rhe |pringframework=affected,eap
|l-8/springframework=affecte |-5/spring=notaffected,rhes-
|d,eap-5/spring=notaffected, |3/spring=notaffected,amq-6/
|rhes-3/spring=notaffected,a |spring=notaffected,brms-5/s
|mq-6/spring=notaffected,brm |pring=notaffected,jdv-6/spr
|s-5/spring=notaffected,jdv- |ing=new,fis-2/spring=affect
|6/spring=new,fis-2/spring=a |ed,fuse-6/spring=notaffecte
|ffected,fuse-6/spring=notaf |d,fuse-7/spring=affected,fs
|fected,fuse-7/spring=affect |w-6/spring=notaffected,rhma
|ed,fsw-6/spring=notaffected |p-4/spring=notaffected,soap
|,rhmap-4/spring=notaffected |-5/spring=new,openstack-10/
|,soap-5/spring=new,openstac |opendaylight=notaffected,op
|k-10/opendaylight=notaffect |enstack-11/opendaylight=not
|ed,openstack-11/opendayligh |affected,openstack-12/opend
|t=notaffected,openstack-12/ |aylight=notaffected,opensta
|opendaylight=notaffected,op |ck-9/opendaylight=notaffect
|enstack-9/opendaylight=nota |ed,openstack-13/opendayligh
|ffected,openstack-13/openda |t=notaffected
|ylight=notaffected |
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 3 months
[Bug 1637492] CVE-2018-11797 pdfbox: unbounded computation in parser resulting in a denial of service
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1637492
Cedric Buissart <cbuissar(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=moderate,public=2018 |impact=moderate,public=2018
|1005,reported=20181005,sour |1005,reported=20181005,sour
|ce=oss-security,cvss3=5.5/C |ce=oss-security,cvss3=5.5/C
|VSS:3.0/AV:L/AC:L/PR:N/UI:R |VSS:3.0/AV:L/AC:L/PR:N/UI:R
|/S:U/C:N/I:N/A:H,cwe=CWE-67 |/S:U/C:N/I:N/A:H,cwe=CWE-67
|4,fedora-all/pdfbox=affecte |4,fedora-all/pdfbox=affecte
|d,bpms-6/pdfbox=new,brms-6/ |d,bpms-6/pdfbox=new,brms-6/
|pdfbox=new,fsw-6/pdfbox=new |pdfbox=new,fsw-6/pdfbox=new
|,fuse-6/pdfbox=new,fuse-7/p |,fuse-6/pdfbox=new,fuse-7/p
|dfbox=new,jdv-6/pdfbox=new, |dfbox=new,jdv-6/pdfbox=new,
|rhn_satellite_5/PDFBox=new |rhn_satellite_5/nutch=wontf
| |ix/impact=low
--- Comment #2 from Cedric Buissart <cbuissar(a)redhat.com> ---
Regarding the Satellite 5 product:
Reducing the severity to Low : PDFBox is only used to create PDF. No attack
vector, where an attacker could send a crafted PDF for parsing, have been
found.
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 3 months
[Bug 1590964] IcedTea-web fails to run with connection failed after upgrade to Fedora 28
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1590964
Fedora Update System <updates(a)fedoraproject.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Fixed In Version|icedtea-web-1.7.1-11.fc28 |icedtea-web-1.7.1-11.fc28
| |icedtea-web-1.7.1-11.fc29
--- Comment #16 from Fedora Update System <updates(a)fedoraproject.org> ---
icedtea-web-1.7.1-11.fc29 has been pushed to the Fedora 29 stable repository.
If problems still persist, please make note of it in this bug report.
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 3 months
[Bug 1590964] IcedTea-web fails to run with connection failed after upgrade to Fedora 28
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1590964
Fedora Update System <updates(a)fedoraproject.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ON_QA |CLOSED
Fixed In Version| |icedtea-web-1.7.1-11.fc28
Resolution|--- |ERRATA
Last Closed| |2019-01-03 02:26:34
--- Comment #15 from Fedora Update System <updates(a)fedoraproject.org> ---
icedtea-web-1.7.1-11.fc28 has been pushed to the Fedora 28 stable repository.
If problems still persist, please make note of it in this bug report.
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 3 months