[Bug 1516064] gradle-5.3.0-RC2 is available
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1516064
Upstream Release Monitoring <upstream-release-monitoring(a)fedoraproject.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|gradle-5.3.0-RC1 is |gradle-5.3.0-RC2 is
|available |available
--- Comment #26 from Upstream Release Monitoring <upstream-release-monitoring(a)fedoraproject.org> ---
Latest upstream release: 5.3.0-RC2
Current version/release in rawhide: 4.4.1-1.fc30
URL: http://www.gradle.org/
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from anitya:
https://release-monitoring.org/project/6088/
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years
[Bug 1599015] antlr4: python 3 runtime support
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1599015
Stuart D Gathman <stuart(a)gathman.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |stuart(a)gathman.org
Assignee|mizdebsk(a)redhat.com |stuart(a)gathman.org
--- Comment #6 from Stuart D Gathman <stuart(a)gathman.org> ---
As new maintainer, I'll take a crack at this.
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years
[Bug 1516064] gradle-5.3.0-RC1 is available
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1516064
Upstream Release Monitoring <upstream-release-monitoring(a)fedoraproject.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|gradle-5.2.1 is available |gradle-5.3.0-RC1 is
| |available
--- Comment #25 from Upstream Release Monitoring <upstream-release-monitoring(a)fedoraproject.org> ---
Latest upstream release: 5.3.0-RC1
Current version/release in rawhide: 4.4.1-1.fc30
URL: http://www.gradle.org/
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from anitya:
https://release-monitoring.org/project/6088/
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years
[Bug 1685312] New: Cannot upgrade to F30
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1685312
Bug ID: 1685312
Summary: Cannot upgrade to F30
Product: Fedora
Version: 30
Status: NEW
Component: hamcrest
Assignee: dwalluck(a)redhat.com
Reporter: dan.cermak(a)cgc-instruments.com
QA Contact: extras-qa(a)fedoraproject.org
CC: akurtako(a)redhat.com, dwalluck(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jerboaa(a)gmail.com, mizdebsk(a)redhat.com
Target Milestone: ---
Classification: Fedora
Description of problem:
Following the request from devel(a)lists.fedoraproject.org I ran:
dnf --releasever=30 --setopt=module_platform_id=platform:f30
--enablerepo=updates-testing distro-sync
and got the following problem with hamcrest:
Problem 7: problem with installed package hamcrest-1.3-24.fc29.noarch
- package hamcrest-1.3-25.fc30.noarch requires hamcrest-core = 1.3-25.fc30,
but none of the providers can be installed
- hamcrest-1.3-24.fc29.noarch does not belong to a distupgrade repository
- package hamcrest-core-1.3-25.fc30.noarch is excluded
Version-Release number of selected component (if applicable):
hamcrest-1.3-24.fc29
How reproducible:
Run dnf --releasever=30 --setopt=module_platform_id=platform:f30
--enablerepo=updates-testing distro-sync
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years
[Bug 1665601] CVE-2018-1000873 jackson-modules-java8: DoS due to an Improper Input Validation
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1665601
Doran Moppert <dmoppert(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=moderate,public=2018 |impact=moderate,public=2018
|1024,reported=20181220,sour |1024,reported=20181220,sour
|ce=cve,cvss3=5.3/CVSS:3.0/A |ce=cve,cvss3=5.3/CVSS:3.0/A
|V:N/AC:H/PR:N/UI:R/S:U/C:N/ |V:N/AC:H/PR:N/UI:R/S:U/C:N/
|I:N/A:H,cwe=CWE-20,fuse-6/j |I:N/A:H,cwe=CWE-20,fuse-6/j
|ackson-databind=notaffected |ackson-databind=notaffected
|,rhmap-4/jackson-databind=n |,rhmap-4/jackson-databind=n
|otaffected,sam-1/jackson-da |otaffected,sam-1/jackson-da
|tabind=notaffected,fedora-a |tabind=notaffected,fedora-a
|ll/jackson-databind=notaffe |ll/jackson-databind=notaffe
|cted,fuse-7/jackson-datatyp |cted,fuse-7/jackson-datatyp
|e-jsr310=new,jdv-6/jackson- |e-jsr310=new,jdv-6/jackson-
|databind=notaffected,amq-6/ |databind=notaffected,amq-6/
|jackson-databind=notaffecte |jackson-databind=notaffecte
|d,brms-6/jackson-databind=n |d,brms-6/jackson-databind=n
|otaffected,eap-7/jackson-da |otaffected,eap-7/jackson-da
|tatype-jsr310=affected,jdg- |tatype-jsr310=affected,jdg-
|7/jackson-databind=notaffec |7/jackson-databind=notaffec
|ted,bpms-6/jackson-databind |ted,bpms-6/jackson-databind
|=notaffected,openshift-ente |=notaffected,openshift-ente
|rprise-2/jackson-databind=n |rprise-2/jackson-databind=n
|otaffected,rhev-m-4/rhvm-ap |otaffected,rhev-m-4/rhvm-ap
|pliance=notaffected,eap-6/j |pliance=defer/impact=low,ea
|ackson-databind=notaffected |p-6/jackson-databind=notaff
|,jon-3/Core |ected,jon-3/Core
|Server=notaffected,vertx-3/ |Server=notaffected,vertx-3/
|jackson-databind=notaffecte |jackson-databind=notaffecte
|d,swarm-7/jackson-databind= |d,swarm-7/jackson-databind=
|notaffected,rhn_satellite_6 |notaffected,rhn_satellite_6
|/jackson-databind=notaffect |/jackson-databind=notaffect
|ed/impact=low,rhscl-3/rh-ec |ed/impact=low,rhscl-3/rh-ec
|lipse46-jackson-databind=no |lipse46-jackson-databind=no
|taffected,fis-2/jackson-dat |taffected,fis-2/jackson-dat
|abind=notaffected,rhscl-3/r |abind=notaffected,rhscl-3/r
|h-maven35-jackson-databind= |h-maven35-jackson-databind=
|notaffected,rhel-8/jackson- |notaffected,rhel-8/jackson-
|databind=notaffected,rhpam- |databind=notaffected,rhpam-
|7/jackson-datatype-jsr310=n |7/jackson-datatype-jsr310=n
|ew,rhdm-7/jackson-datatype- |ew,rhdm-7/jackson-datatype-
|jsr310=new,rhsso-7/jackson- |jsr310=new,rhsso-7/jackson-
|datatype-jsr310=new,fedora- |datatype-jsr310=new,fedora-
|all/jackson-datatype-jsr310 |all/jackson-datatype-jsr310
|=affected |=affected
--- Comment #6 from Doran Moppert <dmoppert(a)redhat.com> ---
rhvm-appliance includes the affected package eap7-jackson-datatype-jsr310, as a
dependency of eap7-wildfly, used by ovirt-engine. However, the deserialization
classes affected by this flaw are not used by Wildfly or oVirt, and thus cannot
be exposed to untrusted input. A future update will address this
vulnerability.
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years
[Bug 1665601] CVE-2018-1000873 jackson-modules-java8: DoS due to an Improper Input Validation
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1665601
Doran Moppert <dmoppert(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |yturgema(a)redhat.com
Whiteboard|impact=moderate,public=2018 |impact=moderate,public=2018
|1024,reported=20181220,sour |1024,reported=20181220,sour
|ce=cve,cvss3=5.3/CVSS:3.0/A |ce=cve,cvss3=5.3/CVSS:3.0/A
|V:N/AC:H/PR:N/UI:R/S:U/C:N/ |V:N/AC:H/PR:N/UI:R/S:U/C:N/
|I:N/A:H,cwe=CWE-20,fuse-6/j |I:N/A:H,cwe=CWE-20,fuse-6/j
|ackson-databind=notaffected |ackson-databind=notaffected
|,rhmap-4/jackson-databind=n |,rhmap-4/jackson-databind=n
|otaffected,sam-1/jackson-da |otaffected,sam-1/jackson-da
|tabind=notaffected,fedora-a |tabind=notaffected,fedora-a
|ll/jackson-databind=notaffe |ll/jackson-databind=notaffe
|cted,fuse-7/jackson-datatyp |cted,fuse-7/jackson-datatyp
|e-jsr310=new,jdv-6/jackson- |e-jsr310=new,jdv-6/jackson-
|databind=notaffected,amq-6/ |databind=notaffected,amq-6/
|jackson-databind=notaffecte |jackson-databind=notaffecte
|d,brms-6/jackson-databind=n |d,brms-6/jackson-databind=n
|otaffected,eap-7/jackson-da |otaffected,eap-7/jackson-da
|tatype-jsr310=affected,jdg- |tatype-jsr310=affected,jdg-
|7/jackson-databind=notaffec |7/jackson-databind=notaffec
|ted,bpms-6/jackson-databind |ted,bpms-6/jackson-databind
|=notaffected,openshift-ente |=notaffected,openshift-ente
|rprise-2/jackson-databind=n |rprise-2/jackson-databind=n
|otaffected,rhev-m-4/eap7-ja |otaffected,rhev-m-4/rhvm-ap
|ckson-modules-java8=new,eap |pliance=notaffected,eap-6/j
|-6/jackson-databind=notaffe |ackson-databind=notaffected
|cted,jon-3/Core |,jon-3/Core
|Server=notaffected,vertx-3/ |Server=notaffected,vertx-3/
|jackson-databind=notaffecte |jackson-databind=notaffecte
|d,swarm-7/jackson-databind= |d,swarm-7/jackson-databind=
|notaffected,rhn_satellite_6 |notaffected,rhn_satellite_6
|/jackson-databind=notaffect |/jackson-databind=notaffect
|ed/impact=low,rhscl-3/rh-ec |ed/impact=low,rhscl-3/rh-ec
|lipse46-jackson-databind=no |lipse46-jackson-databind=no
|taffected,fis-2/jackson-dat |taffected,fis-2/jackson-dat
|abind=notaffected,rhscl-3/r |abind=notaffected,rhscl-3/r
|h-maven35-jackson-databind= |h-maven35-jackson-databind=
|notaffected,rhel-8/jackson- |notaffected,rhel-8/jackson-
|databind=notaffected,rhpam- |databind=notaffected,rhpam-
|7/jackson-datatype-jsr310=n |7/jackson-datatype-jsr310=n
|ew,rhdm-7/jackson-datatype- |ew,rhdm-7/jackson-datatype-
|jsr310=new,rhsso-7/jackson- |jsr310=new,rhsso-7/jackson-
|datatype-jsr310=new,fedora- |datatype-jsr310=new,fedora-
|all/jackson-datatype-jsr310 |all/jackson-datatype-jsr310
|=affected |=affected
--- Comment #4 from Doran Moppert <dmoppert(a)redhat.com> ---
rhvm-appliance includes jackson-datatype-jdk8, which is a part of the affected
collection but not affected by this flaw, which is present in
jackson-datatype-jsr310.
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years