[Bug 1749536] New: hamcrest-2.2-rc1 is available
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1749536
Bug ID: 1749536
Summary: hamcrest-2.2-rc1 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: hamcrest
Keywords: FutureFeature, Triaged
Assignee: dwalluck(a)redhat.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: akurtako(a)redhat.com, dwalluck(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jerboaa(a)gmail.com, mizdebsk(a)redhat.com
Target Milestone: ---
Classification: Fedora
Latest upstream release: 2.2-rc1
Current version/release in rawhide: 1.3-26.fc31
URL: https://github.com/hamcrest/JavaHamcrest
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from anitya:
https://release-monitoring.org/project/1293/
--
You are receiving this mail because:
You are on the CC list for the bug.
3 years, 11 months
[Bug 1692150] New: bcel-6.3.1 is available
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1692150
Bug ID: 1692150
Summary: bcel-6.3.1 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: bcel
Keywords: FutureFeature, Triaged
Assignee: extras-orphan(a)fedoraproject.org
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: agrimm(a)gmail.com, extras-orphan(a)fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, richardfearn(a)gmail.com
Target Milestone: ---
Classification: Fedora
Latest upstream release: 6.3.1
Current version/release in rawhide: 6.2-4.fc30
URL: http://www.apache.org/dist/commons/bcel/source/
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from anitya:
https://release-monitoring.org/project/171/
--
You are receiving this mail because:
You are on the CC list for the bug.
3 years, 11 months
[Bug 1699465] New: maven-3.6.1 is available
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1699465
Bug ID: 1699465
Summary: maven-3.6.1 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: maven
Keywords: FutureFeature, Triaged
Assignee: stewardship-sig(a)lists.fedoraproject.org
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: akurtako(a)redhat.com, jamielinux(a)fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
mhroncok(a)redhat.com, mizdebsk(a)redhat.com,
msrb(a)redhat.com, sochotni(a)redhat.com,
stewardship-sig(a)lists.fedoraproject.org
Target Milestone: ---
Classification: Fedora
Latest upstream release: 3.6.1
Current version/release in rawhide: 3.5.4-7.fc30
URL: https://maven.apache.org/
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from anitya:
https://release-monitoring.org/project/1894/
--
You are receiving this mail because:
You are on the CC list for the bug.
3 years, 11 months
[Bug 1813855] New: tomcat-9.0.33 is available
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1813855
Bug ID: 1813855
Summary: tomcat-9.0.33 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: tomcat
Keywords: FutureFeature, Triaged
Assignee: ivan.afonichev(a)gmail.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: alee(a)redhat.com, coolsvap(a)gmail.com,
csutherl(a)redhat.com, ivan.afonichev(a)gmail.com,
java-sig-commits(a)lists.fedoraproject.org,
krzysztof.daniel(a)gmail.com
Target Milestone: ---
Classification: Fedora
Latest upstream release: 9.0.33
Current version/release in rawhide: 9.0.31-1.fc33
URL: http://tomcat.apache.org/
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from anitya:
https://release-monitoring.org/project/17032/
--
You are receiving this mail because:
You are on the CC list for the bug.
3 years, 11 months
[Bug 1819092] New: CVE-2020-2134 jenkins-script-security-plugin: jenkins-2-plugins: sandbox protection bypass via crafted constructor calls and crafted constructor bodies [fedora-30]
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1819092
Bug ID: 1819092
Summary: CVE-2020-2134 jenkins-script-security-plugin:
jenkins-2-plugins: sandbox protection bypass via
crafted constructor calls and crafted constructor
bodies [fedora-30]
Product: Fedora
Version: 30
Status: NEW
Component: jenkins-script-security-plugin
Keywords: Security, SecurityTracking
Severity: high
Priority: high
Assignee: extras-orphan(a)fedoraproject.org
Reporter: darunesh(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: extras-orphan(a)fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, msrb(a)redhat.com
Target Milestone: ---
Classification: Fedora
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-30.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
--
You are receiving this mail because:
You are on the CC list for the bug.
3 years, 11 months
[Bug 1819079] New: CVE-2020-2135 jenkins-script-security-plugin: jenkins-2-plugins: sandbox protection bypass leads to arbitrary code execution [fedora-30]
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1819079
Bug ID: 1819079
Summary: CVE-2020-2135 jenkins-script-security-plugin:
jenkins-2-plugins: sandbox protection bypass leads to
arbitrary code execution [fedora-30]
Product: Fedora
Version: 30
Status: NEW
Component: jenkins-script-security-plugin
Keywords: Security, SecurityTracking
Severity: high
Priority: high
Assignee: extras-orphan(a)fedoraproject.org
Reporter: darunesh(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: extras-orphan(a)fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, msrb(a)redhat.com
Target Milestone: ---
Classification: Fedora
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-30.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
--
You are receiving this mail because:
You are on the CC list for the bug.
3 years, 11 months
[Bug 1819094] New: CVE-2020-2110 jenkins-script-security-plugin: jenkins-2-plugins: sandbox protection bypass during script compilation phase by applying AST transforming annotations [fedora-30]
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1819094
Bug ID: 1819094
Summary: CVE-2020-2110 jenkins-script-security-plugin:
jenkins-2-plugins: sandbox protection bypass during
script compilation phase by applying AST transforming
annotations [fedora-30]
Product: Fedora
Version: 30
Status: NEW
Component: jenkins-script-security-plugin
Keywords: Security, SecurityTracking
Severity: high
Priority: high
Assignee: extras-orphan(a)fedoraproject.org
Reporter: darunesh(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: extras-orphan(a)fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, msrb(a)redhat.com
Target Milestone: ---
Classification: Fedora
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-30.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
--
You are receiving this mail because:
You are on the CC list for the bug.
3 years, 11 months
[Bug 1764751] New: CVE-2019-7619 elasticsearch: Username disclosure in API Key service
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1764751
Bug ID: 1764751
Summary: CVE-2019-7619 elasticsearch: Username disclosure in
API Key service
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: low
Priority: low
Assignee: security-response-team(a)redhat.com
Reporter: psampaio(a)redhat.com
CC: aileenc(a)redhat.com, akoufoud(a)redhat.com,
alazarot(a)redhat.com, almorale(a)redhat.com,
anstephe(a)redhat.com, aos-bugs(a)redhat.com,
bazanluis20(a)gmail.com, bmontgom(a)redhat.com,
bobjensen(a)gmail.com, chazlett(a)redhat.com,
drieden(a)redhat.com, eparis(a)redhat.com,
etirelli(a)redhat.com, ggaughan(a)redhat.com,
ibek(a)redhat.com, janstey(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jburrell(a)redhat.com, jcantril(a)redhat.com,
jochrist(a)redhat.com, jokerman(a)redhat.com,
jstastny(a)redhat.com, jvanek(a)redhat.com,
krathod(a)redhat.com, kverlaen(a)redhat.com,
mnovotny(a)redhat.com, nstielau(a)redhat.com,
pahan(a)hubbitus.info, paradhya(a)redhat.com,
rmeggins(a)redhat.com, rrajasek(a)redhat.com,
rsynek(a)redhat.com, sdaley(a)redhat.com,
sponnaga(a)redhat.com, zbyszek(a)in.waw.pl
Target Milestone: ---
Classification: Other
A username disclosure flaw was found in Elasticsearch’s API Key service. An
unauthenticated attacker could send a specially crafted request and determine
if a username exists in the Elasticsearch native realm.
References:
https://discuss.elastic.co/t/elastic-stack-6-8-4-security-update/204908
--
You are receiving this mail because:
You are on the CC list for the bug.
3 years, 11 months