September 2019 - java-sig-commits - Fedora Mailing-Lists

[Bug 1686872] New: jenkins-ssh-credentials-plugin-1.15 is available

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1686872 Bug ID: 1686872 Summary: jenkins-ssh-credentials-plugin-1.15 is available Product: Fedora Version: rawhide Status: NEW Component: jenkins-ssh-credentials-plugin Keywords: FutureFeature, Triaged Assignee: msrb(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, msrb(a)redhat.com Target Milestone: --- Classification: Fedora Latest upstream release: 1.15 Current version/release in rawhide: 1.11-4.fc24 URL: https://wiki.jenkins-ci.org/display/JENKINS/SSH+Credentials+Plugin Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/6328/ -- You are receiving this mail because: You are on the CC list for the bug.

3 years, 1 month

1
3
0 / 0

[Bug 1686062] New: jenkins-matrix-project-plugin-1.14 is available

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1686062 Bug ID: 1686062 Summary: jenkins-matrix-project-plugin-1.14 is available Product: Fedora Version: rawhide Status: NEW Component: jenkins-matrix-project-plugin Keywords: FutureFeature, Triaged Assignee: msrb(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, msrb(a)redhat.com Target Milestone: --- Classification: Fedora Latest upstream release: 1.14 Current version/release in rawhide: 1.6-2.fc24 URL: https://github.com/jenkinsci/matrix-project-plugin Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/6112/ -- You are receiving this mail because: You are on the CC list for the bug.

3 years, 1 month

1
1
0 / 0

[Bug 1685682] New: jenkins-javadoc-plugin-1.5 is available

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1685682 Bug ID: 1685682 Summary: jenkins-javadoc-plugin-1.5 is available Product: Fedora Version: rawhide Status: NEW Component: jenkins-javadoc-plugin Keywords: FutureFeature, Triaged Assignee: msrb(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, msrb(a)redhat.com Target Milestone: --- Classification: Fedora Latest upstream release: 1.5 Current version/release in rawhide: 1.3-4.fc24 URL: https://wiki.jenkins-ci.org/display/JENKINS/Javadoc+Plugin Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/6314/ -- You are receiving this mail because: You are on the CC list for the bug.

3 years, 1 month

1
1
0 / 0

[Bug 1672856] New: jenkins-ssh-cli-auth-1.5 is available

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1672856 Bug ID: 1672856 Summary: jenkins-ssh-cli-auth-1.5 is available Product: Fedora Version: rawhide Status: NEW Component: jenkins-ssh-cli-auth Keywords: FutureFeature, Triaged Assignee: msrb(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, msrb(a)redhat.com Target Milestone: --- Classification: Fedora Latest upstream release: 1.5 Current version/release in rawhide: 1.2-8.fc24 URL: https://github.com/jenkinsci/ssh-cli-auth-module Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/6321/ -- You are receiving this mail because: You are on the CC list for the bug.

3 years, 1 month

1
1
0 / 0

[Bug 1672740] New: jenkins-sshd-2.6 is available

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1672740 Bug ID: 1672740 Summary: jenkins-sshd-2.6 is available Product: Fedora Version: rawhide Status: NEW Component: jenkins-sshd Keywords: FutureFeature, Triaged Assignee: msrb(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, msrb(a)redhat.com Target Milestone: --- Classification: Fedora Latest upstream release: 2.6 Current version/release in rawhide: 1.6-7.fc24 URL: https://github.com/jenkinsci/sshd-module Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/6327/ -- You are receiving this mail because: You are on the CC list for the bug.

3 years, 1 month

1
1
0 / 0

[Bug 1690417] New: Newer version of plantuml available 1.2019.3

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1690417 Bug ID: 1690417 Summary: Newer version of plantuml available 1.2019.3 Product: Fedora Version: rawhide Hardware: All OS: All Status: NEW Component: plantuml Severity: medium Assignee: jsafrane(a)redhat.com Reporter: elavarde(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, jsafrane(a)redhat.com, puntogil(a)libero.it Target Milestone: --- Classification: Fedora Description of problem: The current packaged version of plantuml is 8033 and roughly 2 years old. Since then there is a newer version 1.2019.3 and it would be nice to get it packaged. Version-Release number of selected component (if applicable): plantuml-8033-8.fc29.noarch Additional info: While you're packaging, two things to consider: - the package must depend on graphviz to work (else it fails on missing `dot`) - the Language Reference Guide should be packaged as well -- You are receiving this mail because: You are on the CC list for the bug.

3 years, 2 months

1
5
0 / 0

[Bug 1702439] New: CVE-2019-0223 qpid-proton: TLS Man in the Middle Vulnerability

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1702439 Bug ID: 1702439 Summary: CVE-2019-0223 qpid-proton: TLS Man in the Middle Vulnerability Product: Security Response Hardware: All OS: Linux Status: NEW Whiteboard: impact=important,public=20190423,reported=20190423,sou rce=oss-security,cvss3=7.4/CVSS:3.0/AV:N/AC:H/PR:N/UI: N/S:U/C:H/I:H/A:N,cwe=CWE-295->CWE-300,fedora-all/qpid -proton-java=notaffected,amq-6/proton-j=new,fuse-6/pro ton-j=new,fuse-7/proton-j=new,vertx-3/proton-j=new,amq -7/qpid-proton=new,fedora-all/qpid-proton=notaffected, rhn_satellite_6/qpid-proton=new,cfme-5/qpid-proton=new ,openstack-7/qpid-proton=new,openstack-8/qpid-proton=n ew,openstack-14/qpid-proton=new,openstack-14-optools/q pid-proton=new,openstack-rdo/qpid-proton=affected,mrg- m-3/qpid-proton=new,rhui-3/qpid-proton=new,rhev-m-4/qp id-proton=new,amq-7/proton-j=new,mrg-m-3/qpid-proton-j ava=new Component: vulnerability Keywords: Security Severity: high Priority: high Assignee: security-response-team(a)redhat.com Reporter: lpardo(a)redhat.com CC: aileenc(a)redhat.com, apevec(a)redhat.com, ataylor(a)redhat.com, avibelli(a)redhat.com, bbuckingham(a)redhat.com, bcourt(a)redhat.com, bgeorges(a)redhat.com, bkearney(a)redhat.com, bmcclain(a)redhat.com, btotty(a)redhat.com, chazlett(a)redhat.com, dajohnso(a)redhat.com, dbecker(a)redhat.com, dblechte(a)redhat.com, dfediuck(a)redhat.com, dmetzger(a)redhat.com, eedri(a)redhat.com, esammons(a)redhat.com, gblomqui(a)redhat.com, gmccullo(a)redhat.com, gtanzill(a)redhat.com, hhudgeon(a)redhat.com, iboverma(a)redhat.com, janstey(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, jbalunas(a)redhat.com, jfrey(a)redhat.com, jhardy(a)redhat.com, jjoyce(a)redhat.com, jochrist(a)redhat.com, jpallich(a)redhat.com, jprause(a)redhat.com, jross(a)redhat.com, jschluet(a)redhat.com, jshepherd(a)redhat.com, kbasil(a)redhat.com, kdixon(a)redhat.com, kgiusti(a)gmail.com, krathod(a)redhat.com, lhh(a)redhat.com, lpeer(a)redhat.com, lthon(a)redhat.com, mburns(a)redhat.com, mcressma(a)redhat.com, messaging-bugs(a)redhat.com, mgoldboi(a)redhat.com, michal.skrivanek(a)redhat.com, mmccune(a)redhat.com, mszynkie(a)redhat.com, obarenbo(a)redhat.com, pgallagh(a)redhat.com, puntogil(a)libero.it, rchan(a)redhat.com, rhos-maint(a)redhat.com, rjerrido(a)redhat.com, roliveri(a)redhat.com, rrajasek(a)redhat.com, rruss(a)redhat.com, sbonazzo(a)redhat.com, sclewis(a)redhat.com, sherold(a)redhat.com, simaishi(a)redhat.com, slinaber(a)redhat.com, tjay(a)redhat.com, trogers(a)redhat.com Target Milestone: --- Classification: Other The TLS support in Apache Qpid Proton 0.9 - 0.27.0 when using OpenSSL prior to 1.1.0 can under some circumstances connect as a client to a TLS server that offers anonymous ciphers irrespective of whether the client was configured to verify the server's certificate or certificate against the hostname used to connect. This means that an undetected man in the middle attack could be constructed if an attacker can arrange to intercept TLS traffic. This includes the Qpid Proton C library, and all language binding libraries using it. This attack will not work if client certificate authentication is in use as anonymous ciphers cannot be used in this case. References: https://issues.apache.org/jira/browse/PROTON-2014 https://qpid.apache.org/cves/CVE-2019-0223.html Upstream Patch: https://gitbox.apache.org/repos/asf?p=qpid-proton.git;h=97c7733 https://gitbox.apache.org/repos/asf?p=qpid-proton.git;h=159fac1 https://gitbox.apache.org/repos/asf?p=qpid-proton.git;h=4aea0fd https://gitbox.apache.org/repos/asf?p=qpid-proton.git;h=2d3ba8a -- You are receiving this mail because: You are on the CC list for the bug.

3 years, 4 months

1
67
0 / 0

[Bug 1703402] New: CVE-2019-2692 mysql-connector-java: privilege escalation in MySQL connector

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1703402 Bug ID: 1703402 Summary: CVE-2019-2692 mysql-connector-java: privilege escalation in MySQL connector Product: Security Response Hardware: All OS: Linux Status: NEW Whiteboard: impact=moderate,public=20190423,reported=20190424,sour ce=cve,cvss3=6.3/CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/ I:H/A:H,cwe=CWE-843,fedora-all/mysql-connector-java=no taffected,openshift-enterprise-3/mysql-connector-java= new,fsw-6/mysql-connector-java=new,fuse-7/mysql-connec tor-java=new,rhel-6/mysql-connector-java=new,rhel-7/my sql-connector-java=new,rhn_satellite_6/mysql-connector -java=new Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: darunesh(a)redhat.com CC: ahardin(a)redhat.com, aileenc(a)redhat.com, bbuckingham(a)redhat.com, bcourt(a)redhat.com, bkearney(a)redhat.com, bleanhar(a)redhat.com, btotty(a)redhat.com, ccoleman(a)redhat.com, chazlett(a)redhat.com, databases-maint(a)redhat.com, dedgar(a)redhat.com, eparis(a)redhat.com, gvarsami(a)redhat.com, hhorak(a)redhat.com, hhudgeon(a)redhat.com, janstey(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, jcoleman(a)redhat.com, jgoulding(a)redhat.com, jjanco(a)redhat.com, jochrist(a)redhat.com, jokerman(a)redhat.com, kconner(a)redhat.com, ldimaggi(a)redhat.com, mchappel(a)redhat.com, mmccune(a)redhat.com, mmuzila(a)redhat.com, mschorm(a)redhat.com, nwallace(a)redhat.com, puntogil(a)libero.it, rchan(a)redhat.com, rjerrido(a)redhat.com, rwagner(a)redhat.com, steve.traylen(a)cern.ch, tcunning(a)redhat.com, tkirby(a)redhat.com, xjakub(a)fi.muni.cz Target Milestone: --- Classification: Other Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. Reference: http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html -- You are receiving this mail because: You are on the CC list for the bug.

3 years, 4 months

1
10
0 / 0

[Bug 1756388] New: CVE-2019-15052 gradle: sends authentication credentials originally destined for the configured host

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1756388 Bug ID: 1756388 Summary: CVE-2019-15052 gradle: sends authentication credentials originally destined for the configured host Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: high Priority: high Assignee: security-response-team(a)redhat.com Reporter: gsuckevi(a)redhat.com CC: csutherl(a)redhat.com, dan(a)danieljamesscott.org, decathorpe(a)gmail.com, gzaronik(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, jclere(a)redhat.com, jjelen(a)redhat.com, lgao(a)redhat.com, lkundrak(a)v3.sk, mbabacek(a)redhat.com, mizdebsk(a)redhat.com, msimacek(a)redhat.com, myarboro(a)redhat.com, twalsh(a)redhat.com, weli(a)redhat.com Target Milestone: --- Classification: Other The HTTP client in Gradle before 5.6 sends authentication credentials originally destined for the configured host. If that host returns a 30x redirect, Gradle also sends those credentials to all subsequent hosts that the request redirects to. This is similar to CVE-2018-1000007. References: https://github.com/gradle/gradle/issues/10278 https://github.com/gradle/gradle/pull/10176 https://github.com/gradle/gradle/security/advisories/GHSA-4cwg-f7qc-6r95 -- You are receiving this mail because: You are on the CC list for the bug.

3 years, 4 months

1
8
0 / 0

[Bug 1756390] New: CVE-2019-15052 gradle: sends authentication credentials originally destined for the configured host [epel-6]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1756390 Bug ID: 1756390 Summary: CVE-2019-15052 gradle: sends authentication credentials originally destined for the configured host [epel-6] Product: Fedora EPEL Version: el6 Status: NEW Component: gradle Keywords: Security, SecurityTracking Severity: high Priority: high Assignee: mizdebsk(a)redhat.com Reporter: gsuckevi(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: dan(a)danieljamesscott.org, java-sig-commits(a)lists.fedoraproject.org, lkundrak(a)v3.sk, mizdebsk(a)redhat.com, msimacek(a)redhat.com Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of epel-6. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. -- You are receiving this mail because: You are on the CC list for the bug.

3 years, 4 months

1
5
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

java-sig-commits September 2019