November 2019 - java-sig-commits - Fedora Mailing-Lists

[Bug 1756388] New: CVE-2019-15052 gradle: sends authentication credentials originally destined for the configured host

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1756388 Bug ID: 1756388 Summary: CVE-2019-15052 gradle: sends authentication credentials originally destined for the configured host Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: high Priority: high Assignee: security-response-team(a)redhat.com Reporter: gsuckevi(a)redhat.com CC: csutherl(a)redhat.com, dan(a)danieljamesscott.org, decathorpe(a)gmail.com, gzaronik(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, jclere(a)redhat.com, jjelen(a)redhat.com, lgao(a)redhat.com, lkundrak(a)v3.sk, mbabacek(a)redhat.com, mizdebsk(a)redhat.com, msimacek(a)redhat.com, myarboro(a)redhat.com, twalsh(a)redhat.com, weli(a)redhat.com Target Milestone: --- Classification: Other The HTTP client in Gradle before 5.6 sends authentication credentials originally destined for the configured host. If that host returns a 30x redirect, Gradle also sends those credentials to all subsequent hosts that the request redirects to. This is similar to CVE-2018-1000007. References: https://github.com/gradle/gradle/issues/10278 https://github.com/gradle/gradle/pull/10176 https://github.com/gradle/gradle/security/advisories/GHSA-4cwg-f7qc-6r95 -- You are receiving this mail because: You are on the CC list for the bug.

3 years, 5 months

1
8
0 / 0

[Bug 1756390] New: CVE-2019-15052 gradle: sends authentication credentials originally destined for the configured host [epel-6]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1756390 Bug ID: 1756390 Summary: CVE-2019-15052 gradle: sends authentication credentials originally destined for the configured host [epel-6] Product: Fedora EPEL Version: el6 Status: NEW Component: gradle Keywords: Security, SecurityTracking Severity: high Priority: high Assignee: mizdebsk(a)redhat.com Reporter: gsuckevi(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: dan(a)danieljamesscott.org, java-sig-commits(a)lists.fedoraproject.org, lkundrak(a)v3.sk, mizdebsk(a)redhat.com, msimacek(a)redhat.com Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of epel-6. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. -- You are receiving this mail because: You are on the CC list for the bug.

3 years, 5 months

1
5
0 / 0

[Bug 1767371] New: elasticsearch dependencies

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1767371 Bug ID: 1767371 Summary: elasticsearch dependencies Product: Fedora Version: 31 Status: NEW Component: elasticsearch Assignee: bazanluis20(a)gmail.com Reporter: mail(a)lukaszposadowski.pl QA Contact: extras-qa(a)fedoraproject.org CC: bazanluis20(a)gmail.com, bobjensen(a)gmail.com, java-sig-commits(a)lists.fedoraproject.org, jvanek(a)redhat.com, pahan(a)hubbitus.info, zbyszek(a)in.waw.pl Target Milestone: --- Classification: Fedora Description of problem: elascticsearchpackage has unmet dependencies. Version-Release number of selected component (if applicable): elasticsearch.noarch 1.7.1-3.fc24 fedora How reproducible: Steps to Reproduce: 1. dnf install elasticsearch 2. 3. Actual results: dnf install elasticsearch Last metadata expiration check: 2:08:15 ago on Thu Oct 31 08:58:08 2019. Error: Problem: conflicting requests - nothing provides mvn(org.apache.lucene:lucene-analyzers-common:4.10.4) needed by elasticsearch-1.7.1-3.fc24.noarch - nothing provides mvn(org.apache.lucene:lucene-core:4.10.4) needed by elasticsearch-1.7.1-3.fc24.noarch - nothing provides mvn(org.apache.lucene:lucene-highlighter:4.10.4) needed by elasticsearch-1.7.1-3.fc24.noarch - nothing provides mvn(org.apache.lucene:lucene-join:4.10.4) needed by elasticsearch-1.7.1-3.fc24.noarch - nothing provides mvn(org.apache.lucene:lucene-memory:4.10.4) needed by elasticsearch-1.7.1-3.fc24.noarch - nothing provides mvn(org.apache.lucene:lucene-queries:4.10.4) needed by elasticsearch-1.7.1-3.fc24.noarch - nothing provides mvn(org.apache.lucene:lucene-queryparser:4.10.4) needed by elasticsearch-1.7.1-3.fc24.noarch - nothing provides mvn(org.apache.lucene:lucene-sandbox:4) needed by elasticsearch-1.7.1-3.fc24.noarch - nothing provides mvn(org.apache.lucene:lucene-spatial:4.10.4) needed by elasticsearch-1.7.1-3.fc24.noarch - nothing provides mvn(org.apache.lucene:lucene-suggest:4.10.4) needed by elasticsearch-1.7.1-3.fc24.noarch (try to add '--skip-broken' to skip uninstallable packages) Expected results: Additional info: -- You are receiving this mail because: You are on the CC list for the bug.

3 years, 5 months

1
7
0 / 0

[Bug 1774726] New: CVE-2019-12422 shiro: Cookie padding oracle vulnerability with default configuration

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1774726 Bug ID: 1774726 Summary: CVE-2019-12422 shiro: Cookie padding oracle vulnerability with default configuration Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: psampaio(a)redhat.com CC: aileenc(a)redhat.com, ataylor(a)redhat.com, chazlett(a)redhat.com, dbecker(a)redhat.com, drieden(a)redhat.com, extras-orphan(a)fedoraproject.org, ganandan(a)redhat.com, ggaughan(a)redhat.com, gvarsami(a)redhat.com, janstey(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, jcoleman(a)redhat.com, jjoyce(a)redhat.com, jochrist(a)redhat.com, jschluet(a)redhat.com, kbasil(a)redhat.com, kconner(a)redhat.com, ldimaggi(a)redhat.com, lhh(a)redhat.com, lpeer(a)redhat.com, mburns(a)redhat.com, mkolesni(a)redhat.com, nwallace(a)redhat.com, puntogil(a)libero.it, rwagner(a)redhat.com, sclewis(a)redhat.com, scohen(a)redhat.com, slinaber(a)redhat.com, tcunning(a)redhat.com, tkirby(a)redhat.com Target Milestone: --- Classification: Other Apache Shiro before 1.4.2, when using the default "remember me" configuration, cookies could be susceptible to a padding attack. https://lists.apache.org/thread.html/c9db14cfebfb8e74205884ed2bf2e2b30790... -- You are receiving this mail because: You are on the CC list for the bug.

3 years, 5 months

1
7
0 / 0

[Bug 1774727] New: CVE-2019-12422 shiro: Cookie padding oracle vulnerability with default configuration [fedora-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1774727 Bug ID: 1774727 Summary: CVE-2019-12422 shiro: Cookie padding oracle vulnerability with default configuration [fedora-all] Product: Fedora Version: 31 Status: NEW Component: shiro Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: extras-orphan(a)fedoraproject.org Reporter: psampaio(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: extras-orphan(a)fedoraproject.org, java-sig-commits(a)lists.fedoraproject.org, puntogil(a)libero.it Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug.

3 years, 5 months

1
4
0 / 0

[Bug 1691250] New: Upgrade snmp4j to 3.0.2

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1691250 Bug ID: 1691250 Summary: Upgrade snmp4j to 3.0.2 Product: Fedora Version: rawhide Status: NEW Component: snmp4j Keywords: Rebase Assignee: puntogil(a)libero.it Reporter: sbonazzo(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, puntogil(a)libero.it Target Milestone: --- Classification: Fedora Fedora currently ships 2.4.1 (2015-12-30) while upstream released 3.0.2 (2018-10-10) -- You are receiving this mail because: You are on the CC list for the bug.

3 years, 5 months

1
3
0 / 0

[Bug 1663016] New: OpenNLP 1.9.1 available

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1663016 Bug ID: 1663016 Summary: OpenNLP 1.9.1 available Product: Fedora Version: 29 Hardware: x86_64 OS: Linux Status: NEW Component: opennlp Severity: low Assignee: puntogil(a)libero.it Reporter: edgar.hoch(a)ims.uni-stuttgart.de QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, puntogil(a)libero.it Target Milestone: --- Classification: Fedora Created attachment 1518001 --> https://bugzilla.redhat.com/attachment.cgi?id=1518001&action=edit opennlp.spec for 1.9.1 Description of problem: OpenNLP package distributed by Fedora 29 is more that four years old. Current OpenNLP version is 1.9.1. I have used the spec file of opennlp-1.5.3-7.fc29 and modified it until mock creates packages for version 1.9.1. It may be that it can be more optimized. It would be nice if someone could check it and creates updated packages for the public. Version-Release number of selected component (if applicable): opennlp-1.5.3-7.fc29.noarch -- You are receiving this mail because: You are on the CC list for the bug.

3 years, 5 months

1
5
0 / 0

[Bug 1768661] New: thredds-dap, thredds-tdcommon and thredds-tdm uninstallable

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1768661 Bug ID: 1768661 Summary: thredds-dap, thredds-tdcommon and thredds-tdm uninstallable Product: Fedora Version: 31 Status: NEW Component: thredds Assignee: extras-orphan(a)fedoraproject.org Reporter: phil(a)fifi.org QA Contact: extras-qa(a)fedoraproject.org CC: extras-orphan(a)fedoraproject.org, java-sig-commits(a)lists.fedoraproject.org, puntogil(a)libero.it Target Milestone: --- Classification: Fedora Description of problem: None of thredds-dap, thredds-tdcommon and thredds-tdm can be installed. Version-Release number of selected component (if applicable): thredds-dap-4.6.2-10.fc31.noarch thredds-tdcommon-4.6.2-10.fc31.noarch thredds-tdm-4.6.2-10.fc31.noarch How reproducible: Always Steps to Reproduce: 1. dnf install thredds-dap-4.6.2-10.fc31.noarch thredds-tdcommon-4.6.2-10.fc31.noarch thredds-tdm-4.6.2-10.fc31.noarch Actual results: Error: Problem 1: conflicting requests - nothing provides mvn(org.springframework:spring-context) needed by thredds-tdm-4.6.2-10.fc31.noarch - nothing provides mvn(org.springframework:spring-core) needed by thredds-tdm-4.6.2-10.fc31.noarch Problem 2: conflicting requests - nothing provides mvn(org.springframework:spring-core) needed by thredds-tdcommon-4.6.2-10.fc31.noarch Problem 3: conflicting requests - nothing provides mvn(org.springframework:spring-context) needed by thredds-dap-4.6.2-10.fc31.noarch - nothing provides mvn(org.springframework:spring-web) needed by thredds-dap-4.6.2-10.fc31.noarch Expected results: The packages should be installed. -- You are receiving this mail because: You are on the CC list for the bug.

3 years, 5 months

1
2
0 / 0

[Bug 1737002] New: zookeeper: FTBFS in Fedora rawhide/f31

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1737002 Bug ID: 1737002 Summary: zookeeper: FTBFS in Fedora rawhide/f31 Product: Fedora Version: rawhide Status: NEW Component: zookeeper Assignee: tstclair(a)heptio.com Reporter: releng(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: ctubbsii(a)fedoraproject.org, java-sig-commits(a)lists.fedoraproject.org, mluscon(a)gmail.com, s(a)shk.io, tstclair(a)heptio.com Blocks: 1732841 Target Milestone: --- Classification: Fedora zookeeper failed to build from source in Fedora rawhide/f31 https://koji.fedoraproject.org/koji/taskinfo?taskID=36638240 For details on the mass rebuild see: https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild Please fix zookeeper at your earliest convenience and set the bug's status to ASSIGNED when you start fixing it. If the bug remains in NEW state for 8 weeks, zookeeper will be orphaned. Before branching of Fedora 32, zookeeper will be retired, if it still fails to build. For more details on the FTBFS policy, please visit: https://fedoraproject.org/wiki/Fails_to_build_from_source Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1732841 [Bug 1732841] (F31FTBFS) - Fedora 31 FTBFS Tracker -- You are receiving this mail because: You are on the CC list for the bug.

3 years, 5 months

1
20
0 / 0

[Bug 1737001] New: zkclient: FTBFS in Fedora rawhide/f31

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1737001 Bug ID: 1737001 Summary: zkclient: FTBFS in Fedora rawhide/f31 Product: Fedora Version: rawhide Status: NEW Component: zkclient Assignee: extras-orphan(a)fedoraproject.org Reporter: releng(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: extras-orphan(a)fedoraproject.org, java-sig-commits(a)lists.fedoraproject.org, puntogil(a)libero.it Blocks: 1732841 Target Milestone: --- Classification: Fedora zkclient failed to build from source in Fedora rawhide/f31 https://koji.fedoraproject.org/koji/taskinfo?taskID=36638239 For details on the mass rebuild see: https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild Please fix zkclient at your earliest convenience and set the bug's status to ASSIGNED when you start fixing it. If the bug remains in NEW state for 8 weeks, zkclient will be orphaned. Before branching of Fedora 32, zkclient will be retired, if it still fails to build. For more details on the FTBFS policy, please visit: https://fedoraproject.org/wiki/Fails_to_build_from_source Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1732841 [Bug 1732841] (F31FTBFS) - Fedora 31 FTBFS Tracker -- You are receiving this mail because: You are on the CC list for the bug.

3 years, 5 months

1
18
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

java-sig-commits November 2019