[Bug 1410481] CVE-2017-2582 picketlink, keycloak: SAML request parser replaces special strings with system properties
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1410481
Kunjan Rathod <krathod(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |asoldano(a)redhat.com,
| |brian.stansberry(a)redhat.com
| |, iweiss(a)redhat.com,
| |jkurik(a)redhat.com,
| |jperkins(a)redhat.com,
| |krathod(a)redhat.com,
| |kwills(a)redhat.com,
| |msochure(a)redhat.com,
| |msvehla(a)redhat.com,
| |pmackay(a)redhat.com,
| |rguimara(a)redhat.com,
| |smaestri(a)redhat.com,
| |tom.jenkinson(a)redhat.com
Whiteboard|impact=moderate,public=2017 |impact=moderate,public=2017
|0926,reported=20170105,sour |0926,reported=20170105,sour
|ce=redhat,cvss3=6.5/CVSS:3. |ce=redhat,cvss3=6.5/CVSS:3.
|0/AV:N/AC:L/PR:L/UI:N/S:U/C |0/AV:N/AC:L/PR:L/UI:N/S:U/C
|:H/I:N/A:N,cwe=CWE-201,bpms |:H/I:N/A:N,cwe=CWE-201,bpms
|-6/picketlink-idm-core=nota |-6/picketlink-idm-core=nota
|ffected,brms-6/picketlink-i |ffected,brms-6/picketlink-i
|dm-core=notaffected,jdg-6/p |dm-core=notaffected,jdg-6/p
|icketlink-idm-impl=notaffec |icketlink-idm-impl=notaffec
|ted,jdg-6/picketlink-impl=n |ted,jdg-6/picketlink-impl=n
|otaffected,eap-6/picketlink |otaffected,eap-6/picketlink
|-idm-impl=new,eap-6/picketl |-idm-impl=new,eap-6/picketl
|ink-impl=affected,eap-7/pic |ink-impl=affected,eap-7/pic
|ketlink-idm-impl=notaffecte |ketlink-idm-impl=notaffecte
|d,eap-7/picketlink-impl=aff |d,eap-7/picketlink,
|ected,jon-3/picketlink-idm- |keycloak=affected,jon-3/pic
|impl=notaffected,jon-3/pick |ketlink-idm-impl=notaffecte
|etlink-impl=notaffected,jpp |d,jon-3/picketlink-impl=not
|-6/picketlink-idm-impl=wont |affected,jpp-6/picketlink-i
|fix,jpp-6/picketlink-impl=w |dm-impl=wontfix,jpp-6/picke
|ontfix,rhsso-7/picketlink-i |tlink-impl=wontfix,rhsso-7/
|dm-impl=notaffected,rhsso-7 |picketlink-idm-impl=notaffe
|/picketlink-impl=notaffecte |cted,rhsso-7/picketlink-imp
|d,rhsso-7/keycloak-saml-cor |l=notaffected,rhsso-7/keycl
|e=notaffected,rhsso-7/keycl |oak-saml-core=notaffected,r
|oak-core=notaffected,rhmap- |hsso-7/keycloak-core=notaff
|4/keycloak-core=notaffected |ected,rhmap-4/keycloak-core
|,fedora-all/picketlink=affe |=notaffected,fedora-all/pic
|cted,fuse-6/switchyard=nota |ketlink=affected,fuse-6/swi
|ffected |tchyard=notaffected
--
You are receiving this mail because:
You are on the CC list for the bug.
4 years, 10 months
[Bug 1410481] CVE-2017-2582 picketlink, keycloak: SAML request parser replaces special strings with system properties
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1410481
Kunjan Rathod <krathod(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=moderate,public=2017 |impact=moderate,public=2017
|0926,reported=20170105,sour |0926,reported=20170105,sour
|ce=redhat,cvss3=6.5/CVSS:3. |ce=redhat,cvss3=6.5/CVSS:3.
|0/AV:N/AC:L/PR:L/UI:N/S:U/C |0/AV:N/AC:L/PR:L/UI:N/S:U/C
|:H/I:N/A:N,cwe=CWE-201,bpms |:H/I:N/A:N,cwe=CWE-201,bpms
|-6/picketlink-idm-core=nota |-6/picketlink-idm-core=nota
|ffected,brms-6/picketlink-i |ffected,brms-6/picketlink-i
|dm-core=notaffected,jdg-6/p |dm-core=notaffected,jdg-6/p
|icketlink-idm-impl=notaffec |icketlink-idm-impl=notaffec
|ted,jdg-6/picketlink-impl=n |ted,jdg-6/picketlink-impl=n
|otaffected,eap-6/picketlink |otaffected,eap-6/picketlink
|-idm-impl=new,eap-6/picketl |-idm-impl=new,eap-6/picketl
|ink-impl=affected,eap-7/pic |ink-impl=affected,eap-7/pic
|ketlink-idm-impl=new,eap-7/ |ketlink-idm-impl=notaffecte
|picketlink-impl=affected,jo |d,eap-7/picketlink-impl=aff
|n-3/picketlink-idm-impl=not |ected,jon-3/picketlink-idm-
|affected,jon-3/picketlink-i |impl=notaffected,jon-3/pick
|mpl=notaffected,jpp-6/picke |etlink-impl=notaffected,jpp
|tlink-idm-impl=wontfix,jpp- |-6/picketlink-idm-impl=wont
|6/picketlink-impl=wontfix,r |fix,jpp-6/picketlink-impl=w
|hsso-7/picketlink-idm-impl= |ontfix,rhsso-7/picketlink-i
|notaffected,rhsso-7/picketl |dm-impl=notaffected,rhsso-7
|ink-impl=notaffected,rhsso- |/picketlink-impl=notaffecte
|7/keycloak-saml-core=notaff |d,rhsso-7/keycloak-saml-cor
|ected,rhsso-7/keycloak-core |e=notaffected,rhsso-7/keycl
|=notaffected,rhmap-4/keyclo |oak-core=notaffected,rhmap-
|ak-core=notaffected,fedora- |4/keycloak-core=notaffected
|all/picketlink=affected,fus |,fedora-all/picketlink=affe
|e-6/switchyard=notaffected |cted,fuse-6/switchyard=nota
| |ffected
--
You are receiving this mail because:
You are on the CC list for the bug.
4 years, 10 months
[Bug 1516064] gradle-5.5.0-RC3 is available
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1516064
Upstream Release Monitoring <upstream-release-monitoring(a)fedoraproject.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|gradle-5.4.1 is available |gradle-5.5.0-RC3 is
| |available
--- Comment #37 from Upstream Release Monitoring <upstream-release-monitoring(a)fedoraproject.org> ---
Latest upstream release: 5.5.0-RC3
Current version/release in rawhide: 4.4.1-3.fc31
URL: http://www.gradle.org/
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from anitya:
https://release-monitoring.org/project/6088/
--
You are receiving this mail because:
You are on the CC list for the bug.
4 years, 10 months
[Bug 1622774] CVE-2018-8006 activemq: Cross-site scripting (XSS) via QueueFilter parameter
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1622774
Chess Hazlett <chazlett(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |security-response-team@redh
| |at.com
Whiteboard|impact=moderate,public=2018 |impact=moderate,public=2018
|0824,reported=20180828,sour |0824,reported=20180828,sour
|ce=internet,cvss3=6.1/CVSS: |ce=internet,cvss3=6.1/CVSS:
|3.0/AV:N/AC:L/PR:N/UI:R/S:C |3.0/AV:N/AC:L/PR:N/UI:R/S:C
|/C:L/I:L/A:N,cwe=CWE-79,fed |/C:L/I:L/A:N,cwe=CWE-79,fed
|ora-all/activemq=affected,j |ora-all/activemq=affected,j
|bds-11/activemq=new,amq-6/a |bds-11/activemq=new,amq-6/a
|ctivemq=new,jdg-7/activemq- |ctivemq=new,jdg-7/activemq-
|artemis=new,eap-7/activemq- |artemis=new,eap-7/activemq-
|artemis=notaffected,fsw-6/a |artemis=notaffected,fsw-6/a
|ctivemq=new,fuse-6/activemq |ctivemq=new,fuse-6/activemq
|=new,fuse-7/activemq=new,rh |=new,fuse-7/activemq=affect
|dm-7/activemq-artemis=new,r |ed,rhdm-7/activemq-artemis=
|hpam-7/activemq-artemis=new |new,rhpam-7/activemq-artemi
|,rhsso-7/activemq-artemis=n |s=new,rhsso-7/activemq-arte
|ew,rhev-m-4/eap7-activemq-a |mis=new,rhev-m-4/eap7-activ
|rtemis=notaffected |emq-artemis=notaffected
Flags|needinfo?(chazlett(a)redhat.c |needinfo?(security-response
|om) |-team(a)redhat.com)
--
You are receiving this mail because:
You are on the CC list for the bug.
4 years, 10 months
[Bug 1550671] CVE-2018-1067 undertow: HTTP header injection using CRLF with UTF-8 Encoding (incomplete fix of CVE-2016-4993)
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1550671
Paramvir jindal <pjindal(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=moderate,public=2018 |impact=moderate,public=2018
|0425:1751,reported=20180301 |0425:1751,reported=20180301
|,source=researcher,cvss2=5. |,source=researcher,cvss2=5.
|8/AV:N/AC:M/Au:N/C:P/I:P/A: |8/AV:N/AC:M/Au:N/C:P/I:P/A:
|N,cvss3=5.4/CVSS:3.0/AV:N/A |N,cvss3=5.4/CVSS:3.0/AV:N/A
|C:L/PR:N/UI:R/S:U/C:L/I:L/A |C:L/PR:N/UI:R/S:U/C:L/I:L/A
|:N,cwe=CWE-113,fedora-all/w |:N,cwe=CWE-113,fedora-all/w
|ildfly=affected,eap-6/jboss |ildfly=affected,eap-6/jboss
|web=notaffected,eap-7/under |web=notaffected,eap-7/under
|tow=affected,openshift-1/jb |tow=affected,openshift-1/jb
|ossweb=affected,rhel-6/tomc |ossweb=affected,rhel-6/tomc
|at6=notaffected,rhel-7/tomc |at6=notaffected,rhel-7/tomc
|at=notaffected,jbews-2/tomc |at=notaffected,jbews-2/tomc
|at7=notaffected,jbews-2/tom |at7=notaffected,jbews-2/tom
|cat6=notaffected,eap-7/wild |cat6=notaffected,eap-7/wild
|fly=notaffected,jdg-7/wildf |fly=notaffected,jdg-7/wildf
|ly=new,rhev-m-4/eap7-wildfl |ly=notaffected,rhev-m-4/eap
|y=notaffected,rhsso-7/wildf |7-wildfly=notaffected,rhsso
|ly=new,jdg-6/jbossweb=notaf |-7/wildfly=notaffected,jdg-
|fected,eap-5/jbossweb=notaf |6/jbossweb=notaffected,eap-
|fected,brms-5/jbossweb=wont |5/jbossweb=notaffected,brms
|fix,soap-5/jbossweb=wontfix |-5/jbossweb=wontfix,soap-5/
|,fsw-6/jbossweb=wontfix,fus |jbossweb=wontfix,fsw-6/jbos
|e-6/jbossweb=wontfix,fedora |sweb=wontfix,fuse-6/jbosswe
|-all/tomcat=affected,epel-6 |b=wontfix,fedora-all/tomcat
|/tomcat=notaffected,rhel-5/ |=affected,epel-6/tomcat=not
|tomcat5=notaffected,rhel-8/ |affected,rhel-5/tomcat5=not
|pki-servlet-container=notaf |affected,rhel-8/pki-servlet
|fected,rhscl-3/rh-java-comm |-container=notaffected,rhsc
|on-tomcat=notaffected,swarm |l-3/rh-java-common-tomcat=n
|-7/undertow=affected,fedora |otaffected,swarm-7/undertow
|-all/undertow=affected,rhev |=affected,fedora-all/undert
|-m-4/eap7-undertow=affected |ow=affected,rhev-m-4/eap7-u
| |ndertow=affected
--
You are receiving this mail because:
You are on the CC list for the bug.
4 years, 10 months
[Bug 1629083] CVE-2018-11775 activemq: ActiveMQ Client Missing TLS Hostname Verification
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1629083
Joshua Padman <jpadman(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=moderate,public=2018 |impact=moderate,public=2018
|0910,reported=20180914,sour |0910,reported=20180914,sour
|ce=cve,cvss3=6.8/CVSS:3.0/A |ce=cve,cvss3=6.8/CVSS:3.0/A
|V:N/AC:H/PR:N/UI:R/S:U/C:H/ |V:N/AC:H/PR:N/UI:R/S:U/C:H/
|I:H/A:N,fedora-all/activemq |I:H/A:N,fedora-all/activemq
|=affected,jbds-11/activemq= |=affected,jbds-11/activemq=
|new,amq-6/activemq=affected |new,amq-6/activemq=wontfix,
|,jdg-7/activemq-artemis=not |jdg-7/activemq-artemis=nota
|affected,eap-7/activemq-art |ffected,eap-7/activemq-arte
|emis=notaffected,fsw-6/acti |mis=notaffected,fsw-6/activ
|vemq=new,fuse-6/activemq=af |emq=new,fuse-6/activemq=aff
|fected,fuse-7/activemq=affe |ected,fuse-7/activemq=affec
|cted,rhdm-7/activemq-artemi |ted,rhdm-7/activemq-artemis
|s=notaffected,rhpam-7/activ |=notaffected,rhpam-7/active
|emq-artemis=notaffected,rhs |mq-artemis=notaffected,rhss
|so-7/activemq-artemis=notaf |o-7/activemq-artemis=notaff
|fected,rhev-m-4/eap7-active |ected,rhev-m-4/eap7-activem
|mq-artemis=notaffected |q-artemis=notaffected
--
You are receiving this mail because:
You are on the CC list for the bug.
4 years, 10 months