March 2020 - java-sig-commits - Fedora Mailing-Lists

[Bug 1370262] catalina.out is no longer in use in the main package, but still gets rotated

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1370262 Bug 1370262 depends on bug 1370261, which changed state. Bug 1370261 Summary: catalina.out is no longer in use, but still gets rotated https://bugzilla.redhat.com/show_bug.cgi?id=1370261 What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |WONTFIX -- You are receiving this mail because: You are on the CC list for the bug.

4 years, 2 months

1
0
0 / 0

[Bug 1815470] CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1815470 --- Comment #9 from Ted (Jong Seok) Won <jwon(a)redhat.com> --- This vulnerability is out of security support scope for the following product: * Red Hat Enterprise Application Platform 6 Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details. -- You are receiving this mail because: You are on the CC list for the bug.

4 years, 2 months

1
0
0 / 0

[Bug 1815470] CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1815470 --- Comment #8 from Ted (Jong Seok) Won <jwon(a)redhat.com> --- EAP 7.2.7 and EAP-CD 18 are affected, but EAP 7.3.0 is not affected. -- You are receiving this mail because: You are on the CC list for the bug.

4 years, 2 months

1
0
0 / 0

[Bug 1781214] New: CVE-2019-17632 jetty: generation of default unhandled error response content does not escape exception messages in stacktraces included in error output

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1781214 Bug ID: 1781214 Summary: CVE-2019-17632 jetty: generation of default unhandled error response content does not escape exception messages in stacktraces included in error output Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: gsuckevi(a)redhat.com CC: aboyko(a)redhat.com, aileenc(a)redhat.com, bkearney(a)redhat.com, chazlett(a)redhat.com, drieden(a)redhat.com, eclipse-sig(a)lists.fedoraproject.org, ggaughan(a)redhat.com, gvarsami(a)redhat.com, hhorak(a)redhat.com, janstey(a)redhat.com, java-maint(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, jcoleman(a)redhat.com, jjohnstn(a)redhat.com, jochrist(a)redhat.com, jorton(a)redhat.com, jwon(a)redhat.com, kconner(a)redhat.com, krathod(a)redhat.com, krzysztof.daniel(a)gmail.com, ldimaggi(a)redhat.com, mat.booth(a)redhat.com, mizdebsk(a)redhat.com, nwallace(a)redhat.com, pdrozd(a)redhat.com, pjindal(a)redhat.com, rwagner(a)redhat.com, sochotni(a)redhat.com, sthorger(a)redhat.com, tcunning(a)redhat.com, tkirby(a)redhat.com, tlestach(a)redhat.com Target Milestone: --- Classification: Other In Eclipse Jetty versions 9.4.21.v20190926, 9.4.22.v20191022, and 9.4.23.v20191118, the generation of default unhandled Error response content (in text/html and text/json Content-Type) does not escape Exception messages in stacktraces included in error output. Reference: https://bugs.eclipse.org/bugs/show_bug.cgi?id=553443 -- You are receiving this mail because: You are on the CC list for the bug.

4 years, 2 months

1
8
0 / 0

[Bug 1815470] CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1815470 Jason Shepherd <jshepherd(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1818661, 1818662 -- You are receiving this mail because: You are on the CC list for the bug.

4 years, 2 months

1
0
0 / 0

[Bug 1815470] CVE-2020-10673 jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1815470 --- Comment #5 from Jason Shepherd <jshepherd(a)redhat.com> --- Statement: Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time. Additionally, the gadget is not available within Red Hat Openstack Platform's OpenDaylight. While OpenShift Container Platform's elasticsearch plugins do ship the vulnerable component, it doesn't do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release. -- You are receiving this mail because: You are on the CC list for the bug.

4 years, 2 months

1
0
0 / 0

[Bug 1504563] CVE-2017-12628 apache-james-project: Java deserialization in the JMX server [epel-7]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1504563 Fedora Admin XMLRPC Client <fedora-admin-xmlrpc(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|extras-orphan@fedoraproject |lef(a)fedoraproject.org |.org | --- Comment #3 from Fedora Admin XMLRPC Client <fedora-admin-xmlrpc(a)redhat.com> --- This package has changed maintainer in the Fedora. Reassigning to the new maintainer of this component. -- You are receiving this mail because: You are on the CC list for the bug.

4 years, 3 months

1
0
0 / 0

[Bug 1504563] CVE-2017-12628 apache-james-project: Java deserialization in the JMX server [epel-7]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1504563 Fedora Admin XMLRPC Client <fedora-admin-xmlrpc(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|lef(a)fedoraproject.org |extras-orphan@fedoraproject | |.org --- Comment #2 from Fedora Admin XMLRPC Client <fedora-admin-xmlrpc(a)redhat.com> --- This package has changed maintainer in the Fedora. Reassigning to the new maintainer of this component. -- You are receiving this mail because: You are on the CC list for the bug.

4 years, 3 months

1
0
0 / 0

[Bug 1592954] javamail-2.0.0-RC4 is available

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1592954 Upstream Release Monitoring <upstream-release-monitoring(a)fedoraproject.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|javamail-2.0.0-RC3 is |javamail-2.0.0-RC4 is |available |available --- Comment #7 from Upstream Release Monitoring <upstream-release-monitoring(a)fedoraproject.org> --- Latest upstream release: 2.0.0-RC4 Current version/release in rawhide: 1.5.2-11.fc32 URL: https://eclipse-ee4j.github.io/mail/ Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/1428/ -- You are receiving this mail because: You are on the CC list for the bug.

4 years, 3 months

1
0
0 / 0

[Bug 1818160] New: javacc-maven-plugin-7.0.5 is available

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1818160 Bug ID: 1818160 Summary: javacc-maven-plugin-7.0.5 is available Product: Fedora Version: rawhide Status: NEW Component: javacc-maven-plugin Keywords: FutureFeature, Triaged Assignee: stewardship-sig(a)lists.fedoraproject.org Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: akurtako(a)redhat.com, decathorpe(a)gmail.com, jaromir.capik(a)email.cz, java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, stewardship-sig(a)lists.fedoraproject.org Target Milestone: --- Classification: Fedora Latest upstream release: 7.0.5 Current version/release in rawhide: 2.6-29.fc32 URL: http://svn.codehaus.org/mojo/tags/ Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/1423/ -- You are receiving this mail because: You are on the CC list for the bug.

4 years, 3 months

1
2
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

java-sig-commits March 2020