[Bug 1636513] CVE-2018-11784 tomcat: Open redirect in default servlet [fedora-all]
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1636513
Fedora Update System <updates(a)fedoraproject.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Fixed In Version|tomcat-9.0.13-1.fc29 |tomcat-9.0.13-1.fc29
|tomcat-7.0.92-1.el6 |tomcat-7.0.92-1.el6
| |tomcat-8.5.35-1.fc28
--- Comment #9 from Fedora Update System <updates(a)fedoraproject.org> ---
tomcat-8.5.35-1.fc28 has been pushed to the Fedora 28 stable repository. If
problems still persist, please make note of it in this bug report.
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years
[Bug 1636514] CVE-2018-11784 tomcat: Open redirect in default servlet [epel-all]
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1636514
Fedora Update System <updates(a)fedoraproject.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Fixed In Version|tomcat-9.0.13-1.fc29 |tomcat-9.0.13-1.fc29
|tomcat-7.0.92-1.el6 |tomcat-7.0.92-1.el6
| |tomcat-8.5.35-1.fc28
--- Comment #9 from Fedora Update System <updates(a)fedoraproject.org> ---
tomcat-8.5.35-1.fc28 has been pushed to the Fedora 28 stable repository. If
problems still persist, please make note of it in this bug report.
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years
[Bug 1636513] CVE-2018-11784 tomcat: Open redirect in default servlet [fedora-all]
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1636513
Fedora Update System <updates(a)fedoraproject.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Fixed In Version|tomcat-9.0.13-1.fc29 |tomcat-9.0.13-1.fc29
| |tomcat-7.0.92-1.el6
--- Comment #8 from Fedora Update System <updates(a)fedoraproject.org> ---
tomcat-7.0.92-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If
problems still persist, please make note of it in this bug report.
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years
[Bug 1636514] CVE-2018-11784 tomcat: Open redirect in default servlet [epel-all]
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1636514
Fedora Update System <updates(a)fedoraproject.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Fixed In Version|tomcat-9.0.13-1.fc29 |tomcat-9.0.13-1.fc29
| |tomcat-7.0.92-1.el6
--- Comment #8 from Fedora Update System <updates(a)fedoraproject.org> ---
tomcat-7.0.92-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If
problems still persist, please make note of it in this bug report.
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years
[Bug 1657836] gradle: FTBFS in Fedora rawhide
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1657836
Miro Hrončok <mhroncok(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |mhroncok(a)redhat.com
--- Comment #1 from Miro Hrončok <mhroncok(a)redhat.com> ---
Could not resolve all files for configuration ':codeQuality:compileClasspath'.
> Could not resolve com.google.code.findbugs:findbugs:2.0.1.
Required by:
project :codeQuality
> Could not resolve com.google.code.findbugs:findbugs:2.0.1.
> Could not parse POM /usr/share/maven-poms/JPP-findbugs.pom
> java.lang.UnsupportedOperationException (no error message)
> No cached version of com.google.code.findbugs:findbugs:2.0.1 available for
offline mode.
> No cached version of com.google.code.findbugs:findbugs:2.0.1 available for
offline mode.
> No cached version of com.google.code.findbugs:findbugs:2.0.1 available for
offline mode.
> Could not resolve com.google.code.findbugs:findbugs:2.0.1.
> Could not parse POM /usr/share/maven-poms/JPP-findbugs.pom
> java.lang.UnsupportedOperationException (no error message)
gradle 4.4.1-1 was built with gradle 4.3.1 - since then, it doesn't build (with
4.4.1).
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years
[Bug 1632462] CVE-2018-11761 tika: XML entity expansion vulnerability due to lack of limit configuration
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1632462
Chess Hazlett <chazlett(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=moderate,public=2018 |impact=moderate,public=2018
|0919,reported=20180919,sour |0919,reported=20180919,sour
|ce=cve,cvss3=7.5/CVSS:3.0/A |ce=cve,cvss3=7.5/CVSS:3.0/A
|V:N/AC:L/PR:N/UI:N/S:U/C:N/ |V:N/AC:L/PR:N/UI:N/S:U/C:N/
|I:N/A:H,cwe=CWE-776,fedora- |I:N/A:H,cwe=CWE-776,fedora-
|all/tika=affected,rhscl-3/r |all/tika=affected,rhscl-3/r
|h-eclipse46-tika=wontfix,fi |h-eclipse46-tika=wontfix,fi
|s-2/tika-core=new,fuse-7/ca |s-2/tika-core=new,fuse-7/ca
|mel-tika=new,fsw-6/tika-cor |mel-tika=new,fsw-6/tika-cor
|e=new,brms-5/tika-core=new, |e=wontfix,brms-5/tika-core=
|brms-6/tika-core=new,bpms-6 |wontfix,brms-6/tika-core=wo
|/tika-core=new,jdv-6/tika-c |ntfix,bpms-6/tika-core=wont
|ore=new,rhn_satellite_5/tik |fix,jdv-6/tika-core=wontfix
|a=wontfix/impact=low |,rhn_satellite_5/tika=wontf
| |ix/impact=low
--- Comment #7 from Chess Hazlett <chazlett(a)redhat.com> ---
FSW, BxMS, JDV are out of support scope for this level of impact. marking
WONTFIX.
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years
[Bug 1632466] CVE-2018-8017 tika: infinite loop in the IptcAnpaParser
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1632466
Chess Hazlett <chazlett(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=low,public=20180919, |impact=low,public=20180919,
|reported=20180919,source=cv |reported=20180919,source=cv
|e,cvss3=2.5/CVSS:3.0/AV:L/A |e,cvss3=2.5/CVSS:3.0/AV:L/A
|C:H/PR:N/UI:R/S:U/C:N/I:N/A |C:H/PR:N/UI:R/S:U/C:N/I:N/A
|:L,cwe=CWE-835,fedora-all/t |:L,cwe=CWE-835,fedora-all/t
|ika=affected,rhscl-3/rh-ecl |ika=affected,rhscl-3/rh-ecl
|ipse46-tika=wontfix,fis-2/t |ipse46-tika=wontfix,fis-2/t
|ika-core=new,fuse-7/camel-t |ika-core=new,fuse-7/camel-t
|ika=new,fsw-6/tika-core=new |ika=new,fsw-6/tika-core=won
|,brms-5/tika-core=new,brms- |tfix,brms-5/tika-core=wontf
|6/tika-core=new,bpms-6/tika |ix,brms-6/tika-core=wontfix
|-core=new,jdv-6/tika-core=n |,bpms-6/tika-core=wontfix,j
|ew,rhn_satellite_5/tika=not |dv-6/tika-core=wontfix,rhn_
|affected |satellite_5/tika=notaffecte
| |d
--- Comment #8 from Chess Hazlett <chazlett(a)redhat.com> ---
FSW, BxMS, JDV are out of support scope for this level of impact. marking
WONTFIX.
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years