2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

December

java-sig-commits April 2019

java-sig-commits@lists.fedoraproject.org

1 participants
323 discussions

Start a nNew thread

[Bug 1510968] CVE-2017-8028 spring-ldap: Authentication with userSearch and STARTTLS allows authentication with arbitrary password

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1510968 Chess Hazlett <chazlett(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=important,public=201 |impact=important,public=201 |71016,reported=20171016,sou |71016,reported=20171016,sou |rce=internet,cvss3=7.4/CVSS |rce=internet,cvss3=7.4/CVSS |:3.0/AV:N/AC:H/PR:N/UI:N/S: |:3.0/AV:N/AC:H/PR:N/UI:N/S: |U/C:H/I:H/A:N,cwe=CWE-592,f |U/C:H/I:H/A:N,cwe=CWE-592,f |edora-all/spring-ldap=affec |edora-all/spring-ldap=affec |ted,fuse-6/Camel=affected,r |ted,fuse-6/Camel=affected,r |hes-3/spring-ldap-core=wont |hes-3/spring-ldap-core=wont |fix/impact=low |fix/impact=low,fuse-7/cxf/s | |pring-ldap-core=affected -- You are receiving this mail because: You are on the CC list for the bug.

5 years

1
0
0 / 0

[Bug 1540030] CVE-2018-1199 spring-framework: Improper URL path validation allows for bypassing of security checks on static resources

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1540030 Chess Hazlett <chazlett(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=important,public=201 |impact=important,public=201 |80129,reported=20180130,sou |80129,reported=20180130,sou |rce=internet,cvss3=7.5/CVSS |rce=internet,cvss3=7.5/CVSS |:3.0/AV:N/AC:L/PR:N/UI:N/S: |:3.0/AV:N/AC:L/PR:N/UI:N/S: |U/C:H/I:N/A:N,cwe=CWE-20,fe |U/C:H/I:N/A:N,cwe=CWE-20,fe |dora-all/springframework=no |dora-all/springframework=no |taffected,fedora-all/spring |taffected,fedora-all/spring |framework-security=affected |framework-security=affected |,rhel-8/springframework=not |,rhel-8/springframework=not |affected,fsw-6/spring=notaf |affected,fsw-6/spring=notaf |fected,fuse-6/spring=notaff |fected,fuse-6/spring=notaff |ected,jdv-6/spring=notaffec |ected,jdv-6/spring=notaffec |ted,brms-5/spring=notaffect |ted,brms-5/spring=notaffect |ed,soap-5/spring=notaffecte |ed,soap-5/spring=notaffecte |d,openstack-9/opendaylight= |d,openstack-9/opendaylight= |wontfix,openstack-10/openda |wontfix,openstack-10/openda |ylight=wontfix,openstack-11 |ylight=wontfix,openstack-11 |/opendaylight=wontfix,opens |/opendaylight=wontfix,opens |tack-12/opendaylight=wontfi |tack-12/opendaylight=wontfi |x,rhes-3/rhevm-dependencies |x,rhes-3/rhevm-dependencies |=notaffected,amq-6/spring=n |=notaffected,amq-6/spring=n |otaffected,eap-5/jbossweb=n |otaffected,eap-5/jbossweb=n |otaffected,eap-7/undertow=n |otaffected,eap-7/undertow=n |otaffected,eap-6/jbossweb=n |otaffected,eap-6/jbossweb=n |otaffected,jpp-6/spring=not |otaffected,jpp-6/spring=not |affected,jbews-2/tomcat=not |affected,jbews-2/tomcat=not |affected,jws-3/tomcat=notaf |affected,jws-3/tomcat=notaf |fected,rhmap-4/spring=notaf |fected,rhmap-4/spring=notaf |fected,fis-2/spring=affecte |fected,fis-2/spring=affecte |d,openshift-enterprise-3/mi |d,openshift-enterprise-3/mi |llicore=notaffected/impact= |llicore=notaffected/impact= |low |low,fuse-7/spring=affected -- You are receiving this mail because: You are on the CC list for the bug.

5 years

1
0
0 / 0

[Bug 1584392] CVE-2018-1002200 plexus-archiver: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1584392 Chess Hazlett <chazlett(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=important,public=201 |impact=important,public=201 |80605,reported=20180529,sou |80605,reported=20180529,sou |rce=researcher,cvss3=7.3/CV |rce=researcher,cvss3=7.3/CV |SS:3.0/AV:N/AC:L/PR:N/UI:N/ |SS:3.0/AV:N/AC:L/PR:N/UI:N/ |S:U/C:L/I:L/A:L,cwe=CWE-22, |S:U/C:L/I:L/A:L,cwe=CWE-22, |rhscl-3/rh-maven33-plexus-a |rhscl-3/rh-maven33-plexus-a |rchiver=affected,rhel-7/ple |rchiver=affected,rhel-7/ple |xus-archiver=affected,rhel- |xus-archiver=affected,rhel- |8/plexus-archiver=affected, |8/plexus-archiver=affected, |fedora-27/plexus-archiver=a |fedora-27/plexus-archiver=a |ffected,fedora-28/plexus-ar |ffected,fedora-28/plexus-ar |chiver=affected,fis-2/plexu |chiver=affected,fis-2/plexu |s-archiver=notaffected,jbds |s-archiver=affected,jbds-9/ |-9/plexus-archiver=notaffec |plexus-archiver=notaffected |ted,openstack-9/opendayligh |,openstack-9/opendaylight=w |t=wontfix/impact=low,rhscl- |ontfix/impact=low,rhscl-3/r |3/rh-maven35-plexus-archive |h-maven35-plexus-archiver=a |r=affected,fuse-7/plexus-ar |ffected,fuse-7/plexus-archi |chiver=affected |ver=affected -- You are receiving this mail because: You are on the CC list for the bug.

5 years

1
0
0 / 0

[Bug 1584392] CVE-2018-1002200 plexus-archiver: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1584392 Chess Hazlett <chazlett(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=important,public=201 |impact=important,public=201 |80605,reported=20180529,sou |80605,reported=20180529,sou |rce=researcher,cvss3=7.3/CV |rce=researcher,cvss3=7.3/CV |SS:3.0/AV:N/AC:L/PR:N/UI:N/ |SS:3.0/AV:N/AC:L/PR:N/UI:N/ |S:U/C:L/I:L/A:L,cwe=CWE-22, |S:U/C:L/I:L/A:L,cwe=CWE-22, |rhscl-3/rh-maven33-plexus-a |rhscl-3/rh-maven33-plexus-a |rchiver=affected,rhel-7/ple |rchiver=affected,rhel-7/ple |xus-archiver=affected,rhel- |xus-archiver=affected,rhel- |8/plexus-archiver=affected, |8/plexus-archiver=affected, |fedora-27/plexus-archiver=a |fedora-27/plexus-archiver=a |ffected,fedora-28/plexus-ar |ffected,fedora-28/plexus-ar |chiver=affected,fis-2/plexu |chiver=affected,fis-2/plexu |s-archiver=affected,jbds-9/ |s-archiver=notaffected,jbds |plexus-archiver=notaffected |-9/plexus-archiver=notaffec |,openstack-9/opendaylight=w |ted,openstack-9/opendayligh |ontfix/impact=low,rhscl-3/r |t=wontfix/impact=low,rhscl- |h-maven35-plexus-archiver=a |3/rh-maven35-plexus-archive |ffected,fuse-7/plexus-archi |r=affected,fuse-7/plexus-ar |ver=affected |chiver=affected -- You are receiving this mail because: You are on the CC list for the bug.

5 years

1
0
0 / 0

[Bug 1584392] CVE-2018-1002200 plexus-archiver: arbitrary file write vulnerability / arbitrary code execution using a specially crafted zip file

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1584392 Chess Hazlett <chazlett(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |chazlett(a)redhat.com Whiteboard|impact=important,public=201 |impact=important,public=201 |80605,reported=20180529,sou |80605,reported=20180529,sou |rce=researcher,cvss3=7.3/CV |rce=researcher,cvss3=7.3/CV |SS:3.0/AV:N/AC:L/PR:N/UI:N/ |SS:3.0/AV:N/AC:L/PR:N/UI:N/ |S:U/C:L/I:L/A:L,cwe=CWE-22, |S:U/C:L/I:L/A:L,cwe=CWE-22, |rhscl-3/rh-maven33-plexus-a |rhscl-3/rh-maven33-plexus-a |rchiver=affected,rhel-7/ple |rchiver=affected,rhel-7/ple |xus-archiver=affected,rhel- |xus-archiver=affected,rhel- |8/plexus-archiver=affected, |8/plexus-archiver=affected, |fedora-27/plexus-archiver=a |fedora-27/plexus-archiver=a |ffected,fedora-28/plexus-ar |ffected,fedora-28/plexus-ar |chiver=affected,fis-2/plexu |chiver=affected,fis-2/plexu |s-archiver=affected,jbds-9/ |s-archiver=affected,jbds-9/ |plexus-archiver=notaffected |plexus-archiver=notaffected |,openstack-9/opendaylight=w |,openstack-9/opendaylight=w |ontfix/impact=low,rhscl-3/r |ontfix/impact=low,rhscl-3/r |h-maven35-plexus-archiver=a |h-maven35-plexus-archiver=a |ffected |ffected,fuse-7/plexus-archi | |ver=affected -- You are receiving this mail because: You are on the CC list for the bug.

5 years

1
0
0 / 0

[Bug 1639090] CVE-2018-11796 tika: Incomplete fix allows for XML entity expansion resulting in denial of service

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1639090 Chess Hazlett <chazlett(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=moderate,public=2018 |impact=moderate,public=2018 |1010,reported=20181010,sour |1010,reported=20181010,sour |ce=oss-security,cvss3=7.5/C |ce=oss-security,cvss3=7.5/C |VSS:3.0/AV:N/AC:L/PR:N/UI:N |VSS:3.0/AV:N/AC:L/PR:N/UI:N |/S:U/C:N/I:N/A:H,cwe=CWE-77 |/S:U/C:N/I:N/A:H,cwe=CWE-77 |6,fedora-all/tika=affected, |6,fedora-all/tika=affected, |rhscl-3/rh-eclipse46-tika=n |rhscl-3/rh-eclipse46-tika=n |otaffected,fuse-7/camel-tik |otaffected,fuse-7/camel-tik |a=new,fsw-6/tika-core=new,b |a=affected,fsw-6/tika-core= |rms-5/tika-core=new,brms-6/ |new,brms-5/tika-core=new,br |tika-core=new,bpms-6/tika-c |ms-6/tika-core=new,bpms-6/t |ore=new,jdv-6/tika-core=new |ika-core=new,jdv-6/tika-cor |,rhn_satellite_5/tika=wontf |e=new,rhn_satellite_5/tika= |ix/impact=low |wontfix/impact=low -- You are receiving this mail because: You are on the CC list for the bug.

5 years

1
0
0 / 0

[Bug 1600426] Reconsider auto-requires: javapackages-tools

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1600426 Mikolaj Izdebski <mizdebsk(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|MODIFIED |CLOSED Resolution|--- |RAWHIDE Last Closed|2018-07-12 17:18:15 |2019-04-09 18:47:12 -- You are receiving this mail because: You are on the CC list for the bug.

5 years

1
0
0 / 0

[Bug 1579236] mvn_install macro seems to be doing something weird to file permissions

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1579236 Mikolaj Izdebski <mizdebsk(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA Last Closed| |2019-04-09 18:44:22 -- You are receiving this mail because: You are on the CC list for the bug.

5 years

1
0
0 / 0

[Bug 1576358] java.util.zip.ZipException: invalid entry compressed size during Eclipse build using xmvn

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1576358 Mikolaj Izdebski <mizdebsk(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA Last Closed| |2019-04-09 18:44:06 -- You are receiving this mail because: You are on the CC list for the bug.

5 years

1
0
0 / 0

[Bug 1572708] NPE when running tests on JDK 10

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1572708 Mikolaj Izdebski <mizdebsk(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|MODIFIED |CLOSED Resolution|--- |RAWHIDE Last Closed| |2019-04-09 18:42:51 -- You are receiving this mail because: You are on the CC list for the bug.

5 years

1
0
0 / 0

← Newer
1
...
24
25
26
27
28
29
30
...
33
Older →

Jump to page: