[Bug 1643043] CVE-2018-15756 springframework: DoS Attack via Range Requests
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1643043
Jonathan Christison <jochrist(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |ataylor(a)redhat.com,
| |jochrist(a)redhat.com,
| |pdrozd(a)redhat.com,
| |sthorger(a)redhat.com
Whiteboard|impact=low,public=20181016, |impact=low,public=20181016,
|reported=20181016,source=in |reported=20181016,source=in
|ternet,cvss3=3.1/CVSS:3.0/A |ternet,cvss3=3.1/CVSS:3.0/A
|V:N/AC:H/PR:L/UI:N/S:U/C:N/ |V:N/AC:H/PR:L/UI:N/S:U/C:N/
|I:N/A:L,cwe=CWE-20,fedora-a |I:N/A:L,cwe=CWE-20,fedora-a
|ll/springframework=affected |ll/springframework=affected
|,rhes-3/rhevm-dependencies= |,rhes-3/rhevm-dependencies=
|notaffected,openstack-12/sp |notaffected,openstack-12/sp
|ringframework=notaffected,o |ringframework=notaffected,o
|penstack-11/springframework |penstack-11/springframework
|=notaffected,openstack-10/s |=notaffected,openstack-10/s
|pringframework=notaffected, |pringframework=notaffected,
|openstack-9/springframework |openstack-9/springframework
|=notaffected,fuse-7/springf |=notaffected,fuse-7/springf
|ramework=new,fuse-6/springf |ramework=affected,fuse-6/sp
|ramework=new,fsw-6/springfr |ringframework=new,fsw-6/spr
|amework=new,brms-5/springfr |ingframework=new,brms-5/spr
|amework=new,jdv-6/springfra |ingframework=new,jdv-6/spri
|mework=new,soap-5/springfra |ngframework=new,soap-5/spri
|mework=new,rhev-m-4/rhvm-de |ngframework=new,rhev-m-4/rh
|pendencies=notaffected |vm-dependencies=notaffected
| |,amq-7/springframework=affe
| |cted,rhsso-7/springframewor
| |k=affected
--
You are receiving this mail because:
You are on the CC list for the bug.
4 years, 10 months
[Bug 1353380] jenkins-2.176.1 is available
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1353380
Upstream Release Monitoring <upstream-release-monitoring(a)fedoraproject.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|jenkins-2.164.3 is |jenkins-2.176.1 is
|available |available
--- Comment #31 from Upstream Release Monitoring <upstream-release-monitoring(a)fedoraproject.org> ---
Latest upstream release: 2.176.1
Current version/release in rawhide: 1.651.3-10.fc30
URL: http://jenkins-ci.org/
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from anitya:
https://release-monitoring.org/project/5493/
--
You are receiving this mail because:
You are on the CC list for the bug.
4 years, 10 months
[Bug 1640615] CVE-2018-3258 mysql-connector-java: Connector/J unspecified vulnerability (CPU October 2018)
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1640615
Paramvir jindal <pjindal(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=important,public=201 |impact=important,public=201
|81017,reported=20181017,sou |81017,reported=20181017,sou
|rce=internet,cvss3=8.8/CVSS |rce=internet,cvss3=8.8/CVSS
|:3.0/AV:N/AC:L/PR:L/UI:N/S: |:3.0/AV:N/AC:L/PR:L/UI:N/S:
|U/C:H/I:H/A:H,fedora-all/my |U/C:H/I:H/A:H,fedora-all/my
|sql-connector-java=affected |sql-connector-java=affected
|,jdg-7/mysql-connector-java |,jdg-7/mysql-connector-java
|=affected,fsw-6/mysql-conne |=notaffected,fsw-6/mysql-co
|ctor-java=wontfix,fuse-7/my |nnector-java=wontfix,fuse-7
|sql-connector-java=affected |/mysql-connector-java=affec
|,rhsso-7/mysql-connector-ja |ted,rhsso-7/mysql-connector
|va=affected,rhmap-4/mysql-c |-java=notaffected,rhmap-4/m
|onnector-java=defer,rhel-6/ |ysql-connector-java=defer,r
|mysql-connector-java=wontfi |hel-6/mysql-connector-java=
|x,rhel-7/mysql-connector-ja |wontfix,rhel-7/mysql-connec
|va=affected,rhn_satellite_6 |tor-java=affected,rhn_satel
|/mysql-connector-java=affec |lite_6/mysql-connector-java
|ted |=affected
--
You are receiving this mail because:
You are on the CC list for the bug.
4 years, 10 months
[Bug 1516064] gradle-5.5.0-RC2 is available
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1516064
Upstream Release Monitoring <upstream-release-monitoring(a)fedoraproject.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|gradle-5.4.1 is available |gradle-5.5.0-RC2 is
| |available
--- Comment #36 from Upstream Release Monitoring <upstream-release-monitoring(a)fedoraproject.org> ---
Latest upstream release: 5.5.0-RC2
Current version/release in rawhide: 4.4.1-3.fc31
URL: http://www.gradle.org/
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from anitya:
https://release-monitoring.org/project/6088/
--
You are receiving this mail because:
You are on the CC list for the bug.
4 years, 11 months
[Bug 1591929] CVE-2018-11039 springframework: Cross Site Tracing (XST) if vulnerable to XSS
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1591929
Joshua Padman <jpadman(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=low,public=20180614, |impact=low,public=20180614,
|reported=20180614,source=in |reported=20180614,source=in
|ternet,cvss3=3.7/CVSS:3.0/A |ternet,cvss3=3.7/CVSS:3.0/A
|V:N/AC:H/PR:N/UI:N/S:U/C:L/ |V:N/AC:H/PR:N/UI:N/S:U/C:L/
|I:N/A:N,cwe=CWE-648,fedora- |I:N/A:N,cwe=CWE-648,fedora-
|all/springframework=affecte |all/springframework=affecte
|d,rhes-3/rhevm-dependencies |d,rhes-3/rhevm-dependencies
|=notaffected,openstack-12/o |=notaffected,openstack-12/o
|pendaylight=wontfix,opensta |pendaylight=wontfix,opensta
|ck-11/opendaylight=wontfix, |ck-11/opendaylight=wontfix,
|openstack-10/opendaylight=w |openstack-10/opendaylight=w
|ontfix,openstack-9/opendayl |ontfix,openstack-9/opendayl
|ight=wontfix,fuse-7/springf |ight=wontfix,fuse-7/springf
|ramework=new,fuse-6/springf |ramework=notaffected,fuse-6
|ramework=new,fsw-6/springfr |/springframework=new,fsw-6/
|amework=new,brms-5/springfr |springframework=new,brms-5/
|amework=new,jdv-6/springfra |springframework=new,jdv-6/s
|mework=new,soap-5/springfra |pringframework=new,soap-5/s
|mework=new,rhev-m-4/rhvm-de |pringframework=new,rhev-m-4
|pendencies=notaffected,open |/rhvm-dependencies=notaffec
|stack-13/opendaylight=wontf |ted,openstack-13/opendaylig
|ix |ht=wontfix
--- Comment #12 from Joshua Padman <jpadman(a)redhat.com> ---
The vulnerability exist in org.springframework.web which is not a dependency of
Fuse 7. Marked as not affected.
--
You are receiving this mail because:
You are on the CC list for the bug.
4 years, 11 months
[Bug 1591931] CVE-2018-11040 springframework: cross-domain requests via JSONP through AbstractJsonpResponseBodyAdvice
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1591931
Joshua Padman <jpadman(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=low,public=20180614, |impact=low,public=20180614,
|reported=20180614,source=in |reported=20180614,source=in
|ternet,cvss3=3.7/CVSS:3.0/A |ternet,cvss3=3.7/CVSS:3.0/A
|V:N/AC:H/PR:N/UI:N/S:U/C:L/ |V:N/AC:H/PR:N/UI:N/S:U/C:L/
|I:N/A:N,cwe=CWE-79,fedora-a |I:N/A:N,cwe=CWE-79,fedora-a
|ll/springframework=affected |ll/springframework=affected
|,rhes-3/rhevm-dependencies= |,rhes-3/rhevm-dependencies=
|notaffected,openstack-12/op |notaffected,openstack-12/op
|endaylight=wontfix,openstac |endaylight=wontfix,openstac
|k-11/opendaylight=wontfix,o |k-11/opendaylight=wontfix,o
|penstack-10/opendaylight=wo |penstack-10/opendaylight=wo
|ntfix,openstack-9/opendayli |ntfix,openstack-9/opendayli
|ght=wontfix,fuse-7/springfr |ght=wontfix,fuse-7/springfr
|amework=new,fuse-6/springfr |amework=notaffected,fuse-6/
|amework=new,fsw-6/springfra |springframework=new,fsw-6/s
|mework=new,brms-5/springfra |pringframework=new,brms-5/s
|mework=new,jdv-6/springfram |pringframework=new,jdv-6/sp
|ework=new,soap-5/springfram |ringframework=new,soap-5/sp
|ework=new,rhev-m-4/rhvm-dep |ringframework=new,rhev-m-4/
|endencies=notaffected,opens |rhvm-dependencies=notaffect
|tack-13/opendaylight=wontfi |ed,openstack-13/opendayligh
|x |t=wontfix
--- Comment #11 from Joshua Padman <jpadman(a)redhat.com> ---
The vulnerability exist in org.springframework.web which is not a dependency of
Fuse 7. Marked as not affected.
--
You are receiving this mail because:
You are on the CC list for the bug.
4 years, 11 months