[Bug 1693325] New: CVE-2019-0199 tomcat: Apache Tomcat HTTP/2 DoS
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1693325
Bug ID: 1693325
Summary: CVE-2019-0199 tomcat: Apache Tomcat HTTP/2 DoS
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Whiteboard: impact=important,public=20190325,reported=20190326,sou
rce=internet,cvss3=7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:
U/C:N/I:N/A:H,cwe=CWE-400,fedora-all/tomcat=affected,r
hscl-3/rh-java-common-tomcat=notaffected,bpms-6/tomcat
=notaffected,brms-6/tomcat=notaffected,epel-all/tomcat
=notaffected,brms-5/jbossweb=notaffected,eap-6/jbosswe
b=notaffected,eap-5/jbossweb=notaffected,jdg-6/jbosswe
b=notaffected,jdg-7/tomcat=notaffected,jdv-6/jbossweb=
notaffected,fuse-6/tomcat=notaffected,fuse-7/tomcat=no
taffected,fsw-6/jbossweb=notaffected,soap-5/jbossweb=n
otaffected,springboot-1/tomcat=notaffected,jbews-2/tom
cat6=notaffected,jws-3/tomcat7=notaffected,rhel-7/tomc
at=notaffected,jbews-2/tomcat7=notaffected,jws-3/tomca
t8=new,rhel-6/tomcat6=notaffected,jon-3/jbossweb=notaf
fected,jws-5/tomcat=new
Component: vulnerability
Keywords: Security
Severity: high
Priority: high
Assignee: security-response-team(a)redhat.com
Reporter: lpardo(a)redhat.com
CC: aileenc(a)redhat.com, alazarot(a)redhat.com,
alee(a)redhat.com, anstephe(a)redhat.com,
apintea(a)redhat.com, avibelli(a)redhat.com,
bgeorges(a)redhat.com, bmaxwell(a)redhat.com,
cdewolf(a)redhat.com, chazlett(a)redhat.com,
cmoulliard(a)redhat.com, coolsvap(a)gmail.com,
csutherl(a)redhat.com, darran.lofthouse(a)redhat.com,
dimitris(a)redhat.com, dosoudil(a)redhat.com,
drieden(a)redhat.com, etirelli(a)redhat.com,
fgavrilo(a)redhat.com, gvarsami(a)redhat.com,
gzaronik(a)redhat.com, hhorak(a)redhat.com,
ibek(a)redhat.com, ikanello(a)redhat.com,
ivan.afonichev(a)gmail.com,
java-sig-commits(a)lists.fedoraproject.org,
jawilson(a)redhat.com, jbalunas(a)redhat.com,
jclere(a)redhat.com, jcoleman(a)redhat.com,
jdoyle(a)redhat.com, jolee(a)redhat.com,
jondruse(a)redhat.com, jorton(a)redhat.com,
jpallich(a)redhat.com, jschatte(a)redhat.com,
jshepherd(a)redhat.com, jstastny(a)redhat.com,
kconner(a)redhat.com, krathod(a)redhat.com,
krzysztof.daniel(a)gmail.com, kverlaen(a)redhat.com,
ldimaggi(a)redhat.com, lgao(a)redhat.com,
loleary(a)redhat.com, lpetrovi(a)redhat.com,
lthon(a)redhat.com, mbabacek(a)redhat.com,
mizdebsk(a)redhat.com, mszynkie(a)redhat.com,
myarboro(a)redhat.com, nwallace(a)redhat.com,
paradhya(a)redhat.com, pgallagh(a)redhat.com,
pgier(a)redhat.com, pjurak(a)redhat.com,
ppalaga(a)redhat.com, psakar(a)redhat.com,
pslavice(a)redhat.com, pszubiak(a)redhat.com,
rnetuka(a)redhat.com, rrajasek(a)redhat.com,
rruss(a)redhat.com, rstancel(a)redhat.com,
rsvoboda(a)redhat.com, rsynek(a)redhat.com,
rwagner(a)redhat.com, rzhang(a)redhat.com,
sdaley(a)redhat.com, spinder(a)redhat.com,
tcunning(a)redhat.com, theute(a)redhat.com,
tkirby(a)redhat.com, trogers(a)redhat.com,
twalsh(a)redhat.com, vhalbert(a)redhat.com,
vtunka(a)redhat.com, weli(a)redhat.com
Target Milestone: ---
Classification: Other
A vulnerability was found in Apache Tomcat version from 9.0.0.M1 to 9.0.14
inclusive and 8.5.0 to 8.5.37 inclusive. The HTTP/2 implementation accepted
streams with excessive numbers of SETTINGS frames and also permitted clients to
keep streams open without reading/writing request/response data. By keeping
streams open for requests that utilised the Servlet API's blocking I/O, clients
were able to cause server-side threads to block eventually leading to thread
exhaustion and a DoS.
References:
https://mail-archives.apache.org/mod_mbox/tomcat-announce/201903.mbox/bro...
http://tomcat.apache.org/security-9.html
http://tomcat.apache.org/security-8.html
--
You are receiving this mail because:
You are on the CC list for the bug.
2 years, 6 months
[Bug 1709379] New: CVE-2018-20200 okhttp: certificate pinning bypass
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1709379
Bug ID: 1709379
Summary: CVE-2018-20200 okhttp: certificate pinning bypass
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Whiteboard: impact=moderate,public=20190419,reported=20190419,sour
ce=cve,cvss3=6.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/
I:L/A:N,cwe=CWE-300,fedora-all/okhttp=affected,openshi
ft-enterprise-3/okhttp=new,fuse-7/okhttp=new,rhpam-7/o
khttp=new,rhdm-7/okhttp=new,springboot-1/okhttp=new
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: msiddiqu(a)redhat.com
CC: ahardin(a)redhat.com, aileenc(a)redhat.com,
akoufoud(a)redhat.com, alazarot(a)redhat.com,
almorale(a)redhat.com, anstephe(a)redhat.com,
avibelli(a)redhat.com, bgeorges(a)redhat.com,
bleanhar(a)redhat.com, ccoleman(a)redhat.com,
chazlett(a)redhat.com, cmoulliard(a)redhat.com,
dedgar(a)redhat.com, eparis(a)redhat.com,
etirelli(a)redhat.com, gerard(a)ryan.lt, ibek(a)redhat.com,
ikanello(a)redhat.com, janstey(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jbalunas(a)redhat.com, jgoulding(a)redhat.com,
jochrist(a)redhat.com, jokerman(a)redhat.com,
jpallich(a)redhat.com, jshepherd(a)redhat.com,
krathod(a)redhat.com, kverlaen(a)redhat.com,
lpetrovi(a)redhat.com, lthon(a)redhat.com,
mchappel(a)redhat.com, mizdebsk(a)redhat.com,
mnovotny(a)redhat.com, mszynkie(a)redhat.com,
paradhya(a)redhat.com, pgallagh(a)redhat.com,
puntogil(a)libero.it, rrajasek(a)redhat.com,
rruss(a)redhat.com, rsynek(a)redhat.com,
sdaley(a)redhat.com, trogers(a)redhat.com
Target Milestone: ---
Classification: Other
CertificatePinner.java in OkHttp 3.x through 3.12.0 allows man-in-the-middle
attackers to bypass certificate pinning by changing SSLContext and the boolean
values while hooking the application.
Upstream issue:
https://github.com/square/okhttp/issues/4967
References:
https://cxsecurity.com/issue/WLB-2018120252
https://github.com/square/okhttp/commits/master
https://github.com/square/okhttp/releases
https://square.github.io/okhttp/3.x/okhttp/
--
You are receiving this mail because:
You are on the CC list for the bug.
2 years, 10 months
[Bug 1754645] New: Retire elasticsearch? FTBFS since f24
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1754645
Bug ID: 1754645
Summary: Retire elasticsearch? FTBFS since f24
Product: Fedora
Version: rawhide
Status: NEW
Component: elasticsearch
Assignee: bazanluis20(a)gmail.com
Reporter: kevin(a)scrye.com
QA Contact: extras-qa(a)fedoraproject.org
CC: bazanluis20(a)gmail.com, bobjensen(a)gmail.com,
java-sig-commits(a)lists.fedoraproject.org,
jvanek(a)redhat.com, pahan(a)hubbitus.info,
zbyszek(a)in.waw.pl
Target Milestone: ---
Classification: Fedora
elasticsearch has failed to build since f24.
The failure is in prep/sources (the sources file wasn't updated with the last
package update), so due to never creating a koji build on mass rebuilds it's
never shown up in the FTBFS list.
With the java stack in modules now, I don't think it can be built currently.
Some options:
* retire it now and re-add it after ursa-prime lands so you can use the java
stack to build it.
* retire it and make a module for it.
* something else?
If there's not a good reason to keep it, I'd suggest we retire it in
rawhide/f31 asap.
--
You are receiving this mail because:
You are on the CC list for the bug.
2 years, 11 months
[Bug 1699483] New: maven-3.6.1 is available
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1699483
Bug ID: 1699483
Summary: maven-3.6.1 is available
Product: Fedora Modules
Status: NEW
Component: maven
Keywords: FutureFeature, Triaged
Assignee: mizdebsk(a)redhat.com
Reporter: mizdebsk(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: akurtako(a)redhat.com, extras-qa(a)fedoraproject.org,
jamielinux(a)fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
mhroncok(a)redhat.com, mizdebsk(a)redhat.com,
mkoncek(a)redhat.com, msrb(a)redhat.com,
sochotni(a)redhat.com,
stewardship-sig(a)lists.fedoraproject.org,
upstream-release-monitoring(a)fedoraproject.org
Target Milestone: ---
Classification: Fedora
+++ This bug was initially created as a clone of Bug #1699465 +++
Latest upstream release: 3.6.1
Current version/release in rawhide: 3.5.4-7.fc30
URL: https://maven.apache.org/
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from anitya:
https://release-monitoring.org/project/1894/
--- Additional comment from Mikolaj Izdebski on 2019-04-12 23:02:26 CEST ---
Maven 3.6.1 requires XMLUnit >= 2,
https://src.fedoraproject.org/rpms/xmlunit/pull-request/1
Marian Koncek has a patch for this update.
I will be creating a new module stream with Maven 3.6.x
--
You are receiving this mail because:
You are on the CC list for the bug.
2 years, 11 months
[Bug 1737517] New: CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1737517
Bug ID: 1737517
Summary: CVE-2019-14379 jackson-databind: default typing
mishandling leading to remote code execution
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: high
Priority: high
Assignee: security-response-team(a)redhat.com
Reporter: msiddiqu(a)redhat.com
CC: ahardin(a)redhat.com, aileenc(a)redhat.com,
akoufoud(a)redhat.com, alazarot(a)redhat.com,
almorale(a)redhat.com, anstephe(a)redhat.com,
asoldano(a)redhat.com, ataylor(a)redhat.com,
avibelli(a)redhat.com, bbaranow(a)redhat.com,
bbuckingham(a)redhat.com, bcourt(a)redhat.com,
bgeorges(a)redhat.com, bkearney(a)redhat.com,
bleanhar(a)redhat.com, bmaxwell(a)redhat.com,
brian.stansberry(a)redhat.com, btotty(a)redhat.com,
cbyrne(a)redhat.com, ccoleman(a)redhat.com,
cdewolf(a)redhat.com, chazlett(a)redhat.com,
cmacedo(a)redhat.com, darran.lofthouse(a)redhat.com,
dbecker(a)redhat.com, dedgar(a)redhat.com,
dffrench(a)redhat.com, dosoudil(a)redhat.com,
drieden(a)redhat.com, drusso(a)redhat.com,
eparis(a)redhat.com, etirelli(a)redhat.com,
extras-orphan(a)fedoraproject.org, ggaughan(a)redhat.com,
hhorak(a)redhat.com, hhudgeon(a)redhat.com,
ibek(a)redhat.com, iweiss(a)redhat.com,
janstey(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jawilson(a)redhat.com, jbalunas(a)redhat.com,
jgoulding(a)redhat.com, jjoyce(a)redhat.com,
jkurik(a)redhat.com, jmadigan(a)redhat.com,
jochrist(a)redhat.com, jokerman(a)redhat.com,
jolee(a)redhat.com, jorton(a)redhat.com,
jpallich(a)redhat.com, jperkins(a)redhat.com,
jschatte(a)redhat.com, jschluet(a)redhat.com,
jshepherd(a)redhat.com, jstastny(a)redhat.com,
kbasil(a)redhat.com, krathod(a)redhat.com,
kverlaen(a)redhat.com, kwills(a)redhat.com,
lef(a)fedoraproject.org, lgao(a)redhat.com,
lhh(a)redhat.com, lpeer(a)redhat.com, lpetrovi(a)redhat.com,
lthon(a)redhat.com, lzap(a)redhat.com,
mat.booth(a)redhat.com, mburns(a)redhat.com,
mchappel(a)redhat.com, mhulan(a)redhat.com,
mkolesni(a)redhat.com, mmccune(a)redhat.com,
mnovotny(a)redhat.com, msochure(a)redhat.com,
msvehla(a)redhat.com, mszynkie(a)redhat.com,
ngough(a)redhat.com, nwallace(a)redhat.com,
paradhya(a)redhat.com, pdrozd(a)redhat.com,
pgallagh(a)redhat.com, pmackay(a)redhat.com,
psotirop(a)redhat.com, puntogil(a)libero.it,
pwright(a)redhat.com, rchan(a)redhat.com,
rguimara(a)redhat.com, rhcs-maint(a)redhat.com,
rjerrido(a)redhat.com, rrajasek(a)redhat.com,
rruss(a)redhat.com, rsvoboda(a)redhat.com,
rsynek(a)redhat.com, sclewis(a)redhat.com,
scohen(a)redhat.com, sdaley(a)redhat.com,
slinaber(a)redhat.com, smaestri(a)redhat.com,
sthorger(a)redhat.com, tbrisker(a)redhat.com,
tom.jenkinson(a)redhat.com, trepel(a)redhat.com,
trogers(a)redhat.com, twalsh(a)redhat.com,
vhalbert(a)redhat.com
Target Milestone: ---
Classification: Other
SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles
default typing when ehcache is used, leading to remote code execution.
References:
https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2....
Upstream issue:
https://github.com/FasterXML/jackson-databind/issues/2387
--
You are receiving this mail because:
You are on the CC list for the bug.
2 years, 11 months
[Bug 1683547] New: lucene-7.7.1 is available
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1683547
Bug ID: 1683547
Summary: lucene-7.7.1 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: lucene
Keywords: FutureFeature, Triaged
Assignee: akurtako(a)redhat.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: akurtako(a)redhat.com, dbhole(a)redhat.com,
dingyichen(a)gmail.com,
eclipse-sig(a)lists.fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
jerboaa(a)gmail.com, krzysztof.daniel(a)gmail.com,
lef(a)fedoraproject.org, rgrunber(a)redhat.com
Target Milestone: ---
Classification: Fedora
Latest upstream release: 7.7.1
Current version/release in rawhide: 7.7.0-1.fc30
URL: http://lucene.apache.org/
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from anitya:
https://release-monitoring.org/project/7178/
--
You are receiving this mail because:
You are on the CC list for the bug.
2 years, 12 months
[Bug 1758171] New: jackson-databind: Serialization gadgets in classes of the commons-configuration package
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1758171
Bug ID: 1758171
Summary: jackson-databind: Serialization gadgets in classes of
the commons-configuration package
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: psampaio(a)redhat.com
CC: aileenc(a)redhat.com, akoufoud(a)redhat.com,
alazarot(a)redhat.com, almorale(a)redhat.com,
anstephe(a)redhat.com, asoldano(a)redhat.com,
atangrin(a)redhat.com, ataylor(a)redhat.com,
avibelli(a)redhat.com, bbaranow(a)redhat.com,
bbuckingham(a)redhat.com, bcourt(a)redhat.com,
bgeorges(a)redhat.com, bkearney(a)redhat.com,
bmaxwell(a)redhat.com, bmontgom(a)redhat.com,
brian.stansberry(a)redhat.com, btotty(a)redhat.com,
cbyrne(a)redhat.com, cdewolf(a)redhat.com,
chazlett(a)redhat.com, cmacedo(a)redhat.com,
darran.lofthouse(a)redhat.com, dbecker(a)redhat.com,
decathorpe(a)gmail.com, dffrench(a)redhat.com,
dosoudil(a)redhat.com, drieden(a)redhat.com,
drusso(a)redhat.com, eparis(a)redhat.com,
etirelli(a)redhat.com, ganandan(a)redhat.com,
ggaughan(a)redhat.com, hhorak(a)redhat.com,
hhudgeon(a)redhat.com, ibek(a)redhat.com,
iweiss(a)redhat.com, janstey(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jawilson(a)redhat.com, jbalunas(a)redhat.com,
jburrell(a)redhat.com, jjoyce(a)redhat.com,
jmadigan(a)redhat.com, jochrist(a)redhat.com,
jokerman(a)redhat.com, jolee(a)redhat.com,
jorton(a)redhat.com, jpallich(a)redhat.com,
jperkins(a)redhat.com, jschatte(a)redhat.com,
jschluet(a)redhat.com, jshepherd(a)redhat.com,
jstastny(a)redhat.com, kbasil(a)redhat.com,
krathod(a)redhat.com, kverlaen(a)redhat.com,
kwills(a)redhat.com, lef(a)fedoraproject.org,
lgao(a)redhat.com, lhh(a)redhat.com, lpeer(a)redhat.com,
lthon(a)redhat.com, lzap(a)redhat.com,
mat.booth(a)redhat.com, mburns(a)redhat.com,
mkolesni(a)redhat.com, mmccune(a)redhat.com,
mnovotny(a)redhat.com, msochure(a)redhat.com,
msvehla(a)redhat.com, mszynkie(a)redhat.com,
ngough(a)redhat.com, nstielau(a)redhat.com,
nwallace(a)redhat.com, paradhya(a)redhat.com,
pdrozd(a)redhat.com, pgallagh(a)redhat.com,
pmackay(a)redhat.com, psotirop(a)redhat.com,
puntogil(a)libero.it, pwright(a)redhat.com,
rchan(a)redhat.com, rguimara(a)redhat.com,
rhcs-maint(a)redhat.com, rjerrido(a)redhat.com,
rrajasek(a)redhat.com, rruss(a)redhat.com,
rsvoboda(a)redhat.com, rsynek(a)redhat.com,
sclewis(a)redhat.com, scohen(a)redhat.com,
sdaley(a)redhat.com, slinaber(a)redhat.com,
smaestri(a)redhat.com, sponnaga(a)redhat.com,
stewardship-sig(a)lists.fedoraproject.org,
sthorger(a)redhat.com, swoodman(a)redhat.com,
tbrisker(a)redhat.com, tom.jenkinson(a)redhat.com,
trepel(a)redhat.com, trogers(a)redhat.com,
twalsh(a)redhat.com, vhalbert(a)redhat.com
Target Milestone: ---
Classification: Other
A flaw was found in jackson-databind before 2.9.10. New serialization gadgets
were found regarding a class of the commons-configuration 1 and
commons-configuration 2 packages which may help in exploiting deserialization
issues.
Upstream issue:
https://github.com/FasterXML/jackson-databind/issues/2462
Upstream patch:
https://github.com/FasterXML/jackson-databind/commit/41b7f9b90149e9d44a65...
https://github.com/FasterXML/jackson-databind/commit/819cdbcab51c6da9fb89...
References:
https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-...
--
You are receiving this mail because:
You are on the CC list for the bug.
3 years, 1 month
[Bug 1755831] New: CVE-2019-16335 jackson-databind: polymorphic typing issue related to com.zaxxer.hikari.HikariDataSource
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1755831
Bug ID: 1755831
Summary: CVE-2019-16335 jackson-databind: polymorphic typing
issue related to com.zaxxer.hikari.HikariDataSource
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: darunesh(a)redhat.com
CC: ahardin(a)redhat.com, aileenc(a)redhat.com,
akoufoud(a)redhat.com, alazarot(a)redhat.com,
almorale(a)redhat.com, anstephe(a)redhat.com,
asoldano(a)redhat.com, atangrin(a)redhat.com,
ataylor(a)redhat.com, avibelli(a)redhat.com,
bbaranow(a)redhat.com, bbuckingham(a)redhat.com,
bcourt(a)redhat.com, bgeorges(a)redhat.com,
bkearney(a)redhat.com, bleanhar(a)redhat.com,
bmaxwell(a)redhat.com, brian.stansberry(a)redhat.com,
btotty(a)redhat.com, cbyrne(a)redhat.com,
ccoleman(a)redhat.com, cdewolf(a)redhat.com,
chazlett(a)redhat.com, cmacedo(a)redhat.com,
darran.lofthouse(a)redhat.com, dbecker(a)redhat.com,
decathorpe(a)gmail.com, dedgar(a)redhat.com,
dffrench(a)redhat.com, dosoudil(a)redhat.com,
drieden(a)redhat.com, drusso(a)redhat.com,
eparis(a)redhat.com, etirelli(a)redhat.com,
ganandan(a)redhat.com, ggaughan(a)redhat.com,
hhorak(a)redhat.com, hhudgeon(a)redhat.com,
ibek(a)redhat.com, iweiss(a)redhat.com,
janstey(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jawilson(a)redhat.com, jbalunas(a)redhat.com,
jgoulding(a)redhat.com, jjoyce(a)redhat.com,
jmadigan(a)redhat.com, jochrist(a)redhat.com,
jokerman(a)redhat.com, jolee(a)redhat.com,
jorton(a)redhat.com, jpallich(a)redhat.com,
jperkins(a)redhat.com, jschatte(a)redhat.com,
jschluet(a)redhat.com, jshepherd(a)redhat.com,
jstastny(a)redhat.com, kbasil(a)redhat.com,
krathod(a)redhat.com, kverlaen(a)redhat.com,
kwills(a)redhat.com, lef(a)fedoraproject.org,
lgao(a)redhat.com, lhh(a)redhat.com, lpeer(a)redhat.com,
lthon(a)redhat.com, lzap(a)redhat.com,
mat.booth(a)redhat.com, mburns(a)redhat.com,
mchappel(a)redhat.com, mkolesni(a)redhat.com,
mmccune(a)redhat.com, mnovotny(a)redhat.com,
msochure(a)redhat.com, msvehla(a)redhat.com,
mszynkie(a)redhat.com, ngough(a)redhat.com,
nstielau(a)redhat.com, nwallace(a)redhat.com,
paradhya(a)redhat.com, pdrozd(a)redhat.com,
pgallagh(a)redhat.com, pmackay(a)redhat.com,
psotirop(a)redhat.com, puntogil(a)libero.it,
pwright(a)redhat.com, rchan(a)redhat.com,
rguimara(a)redhat.com, rhcs-maint(a)redhat.com,
rjerrido(a)redhat.com, rrajasek(a)redhat.com,
rruss(a)redhat.com, rsvoboda(a)redhat.com,
rsynek(a)redhat.com, sclewis(a)redhat.com,
scohen(a)redhat.com, sdaley(a)redhat.com,
slinaber(a)redhat.com, smaestri(a)redhat.com,
stewardship-sig(a)lists.fedoraproject.org,
sthorger(a)redhat.com, swoodman(a)redhat.com,
tbrisker(a)redhat.com, tom.jenkinson(a)redhat.com,
trepel(a)redhat.com, trogers(a)redhat.com,
twalsh(a)redhat.com, vhalbert(a)redhat.com
Target Milestone: ---
Classification: Other
A Polymorphic Typing issue was discovered in FasterXML jackson-databind before
2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a
different vulnerability than CVE-2019-14540.
Reference:
https://github.com/FasterXML/jackson-databind/issues/2449
https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647...
https://lists.apache.org/thread.html/40c00861b53bb611dee7d6f35f864aa7d1c1...
--
You are receiving this mail because:
You are on the CC list for the bug.
3 years, 1 month