July 2019 - java-sig-commits - Fedora Mailing-Lists

[Bug 1528565] CVE-2017-17485 jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095)

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1528565 --- Comment #37 from errata-xmlrpc <errata-xmlrpc(a)redhat.com> --- This issue has been addressed in the following products: Red Hat JBoss BRMS 6.4.12 Via RHSA-2019:1782 https://access.redhat.com/errata/RHSA-2019:1782 -- You are receiving this mail because: You are on the CC list for the bug.

4 years, 9 months

1
0
0 / 0

[Bug 1528565] CVE-2017-17485 jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095)

by bugzilla＠redhat.com

4 years, 9 months

1
0
0 / 0

[Bug 1709686] New: apache-resource-bundles-30 is available

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1709686 Bug ID: 1709686 Summary: apache-resource-bundles-30 is available Product: Fedora Version: rawhide Status: NEW Component: apache-resource-bundles Keywords: FutureFeature, Triaged Assignee: stewardship-sig(a)lists.fedoraproject.org Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, mefoster(a)gmail.com, mhroncok(a)redhat.com, mizdebsk(a)redhat.com, sochotni(a)redhat.com, stewardship-sig(a)lists.fedoraproject.org Target Milestone: --- Classification: Fedora Latest upstream release: 30 Current version/release in rawhide: 2-22.fc30 URL: https://maven.apache.org/apache-resource-bundles/ Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/90/ -- You are receiving this mail because: You are on the CC list for the bug.

4 years, 9 months

1
1
0 / 0

[Bug 1294378] apache-commons-jexl-3.1 is available

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1294378 Fabio Valentini <decathorpe(a)gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED CC| |decathorpe(a)gmail.com Resolution|--- |NOTABUG Last Closed| |2019-07-15 12:10:16 --- Comment #9 from Fabio Valentini <decathorpe(a)gmail.com> --- As far as I can tell, the artifact ID has changed from commons-jexl to commons-jexl3 with the bump to version 3.0. So I think version 3+ should be packaged separately, if a package for version 3+ is ever needed - similar to separate packages, for example, for commons-collections vs. commons-collections4, and commons-configuration vs. commons-configuration2. Which is why I'm closing this as NOTABUG for now (please correct me if I'm wrong). -- You are receiving this mail because: You are on the CC list for the bug.

4 years, 9 months

1
0
0 / 0

[Bug 1579611] CVE-2018-8014 tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1579611 --- Comment #22 from Doran Moppert <dmoppert(a)redhat.com> --- Mitigation: When using the CORS filter, it is recommended to configure it explicitly for your environment. In particular, the combination of `cors.allowed.origins = *` and `cors.support.credentials = True` should be avoided as this can leave your application vulnerable to cross-site scripting (XSS). For details on configuring CORS filter, please refer to https://tomcat.apache.org/tomcat-7.0-doc/config/filter.html#CORS_Filter -- You are receiving this mail because: You are on the CC list for the bug.

4 years, 9 months

1
0
0 / 0

[Bug 1726401] New: apache-commons-daemon-1.2.0 is available

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1726401 Bug ID: 1726401 Summary: apache-commons-daemon-1.2.0 is available Product: Fedora Version: rawhide Status: NEW Component: apache-commons-daemon Keywords: FutureFeature, Triaged Assignee: fdc(a)fcami.net Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: dmoluguw(a)redhat.com, fdc(a)fcami.net, java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, SpikeFedora(a)gmail.com, stewardship-sig(a)lists.fedoraproject.org Target Milestone: --- Classification: Fedora Latest upstream release: 1.2.0 Current version/release in rawhide: 1.0.15-19.fc30 URL: http://www.apache.org/dist/commons/daemon/source/ Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/64/ -- You are receiving this mail because: You are on the CC list for the bug.

4 years, 9 months

1
1
0 / 0

[Bug 1705867] New: log4j fails to install on i686 and armv7hl in Fedora 30 and rawhide

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1705867 Bug ID: 1705867 Summary: log4j fails to install on i686 and armv7hl in Fedora 30 and rawhide Product: Fedora Version: 30 Status: NEW Component: log4j Severity: high Priority: high Assignee: decathorpe(a)gmail.com Reporter: mattias.ellert(a)physics.uu.se QA Contact: extras-qa(a)fedoraproject.org CC: dbhole(a)redhat.com, decathorpe(a)gmail.com, devrim(a)gunduz.org, java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, sochotni(a)redhat.com, stewardship-sig(a)lists.fedoraproject.org Blocks: 1700323 (F30FailsToInstall) Target Milestone: --- Classification: Fedora Description of problem: log4j fails to install due to missing dependencies on i686 and armv7hl: DEBUG util.py:439: Last metadata expiration check: 0:00:00 ago on Fri May 3 04:28:56 2019. DEBUG util.py:439: Error: DEBUG util.py:439: Problem: package log4j-2.11.1-3.fc30.noarch requires mvn(org.eclipse.persistence:javax.persistence), but none of the providers can be installed DEBUG util.py:439: - conflicting requests DEBUG util.py:439: - nothing provides mvn(org.eclipse.osgi:org.eclipse.osgi) needed by eclipselink-persistence-api-2.1.0-7.fc30.noarch DEBUG util.py:577: Child return code was: 1 This is a regression from Fedora 29 where the package is installable on all architectures. Version-Release number of selected component (if applicable): log4j-2.11.1-3.fc30.noarch How reproducible: Always Steps to Reproduce: 1. Try to install log4j on i686 or armv7hl Actual results: Installation fails due to missing dependencies Expected results: Successful installation Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1700323 [Bug 1700323] Fedora 30 Fails To install Tracker -- You are receiving this mail because: You are on the CC list for the bug.

4 years, 9 months

1
9
0 / 0

[Bug 1699352] New: aqute-bnd: FTBFS in Fedora rawhide

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1699352 Bug ID: 1699352 Summary: aqute-bnd: FTBFS in Fedora rawhide Product: Fedora Version: rawhide URL: http://apps.fedoraproject.org/koschei/package/aqute-bn d Status: NEW Component: aqute-bnd Keywords: Patch Assignee: stewardship-sig(a)lists.fedoraproject.org Reporter: mizdebsk(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: jaromir.capik(a)email.cz, java-sig-commits(a)lists.fedoraproject.org, mhroncok(a)redhat.com, mizdebsk(a)redhat.com, stewardship-sig(a)lists.fedoraproject.org Target Milestone: --- Classification: Fedora Description of problem: Package aqute-bnd fails to build from source in Fedora rawhide. Patch is available at https://src.fedoraproject.org/fork/mbi/rpms/aqute-bnd/c/9dc6e1b Version-Release number of selected component (if applicable): 3.5.0-5.fc30 Steps to Reproduce: koji build --scratch f31 aqute-bnd-3.5.0-5.fc30.src.rpm Additional info: This package is tracked by Koschei. See: http://apps.fedoraproject.org/koschei/package/aqute-bnd -- You are receiving this mail because: You are on the CC list for the bug.

4 years, 9 months

1
5
0 / 0

[Bug 1462702] CVE-2017-7525 jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper

by bugzilla＠redhat.com

4 years, 9 months

1
0
0 / 0

[Bug 1650958] jogl2-2.3.2-8.fc29.x86_64 cause scilab's plot error.

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1650958 --- Comment #2 from f.pasquarelli(a)dmf.unicatt.it --- The problem is related to the patch "jogl2-mesa-profile-detection.patch" added to solve another bug, if I remove the patch the plot is OK. P.S: the problem appears moreover if I use scilab on a remote machine through a ssh -X -- You are receiving this mail because: You are on the CC list for the bug.

4 years, 9 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

java-sig-commits July 2019