November 2021 - java-sig-commits - Fedora Mailing-Lists

[Bug 1974891] New: CVE-2021-34428 jetty: SessionListener can prevent a session from being invalidated breaking logout

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1974891 Bug ID: 1974891 Summary: CVE-2021-34428 jetty: SessionListener can prevent a session from being invalidated breaking logout Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team(a)redhat.com Reporter: gsuckevi(a)redhat.com CC: abenaiss(a)redhat.com, aileenc(a)redhat.com, aos-bugs(a)redhat.com, ataylor(a)redhat.com, bibryam(a)redhat.com, bmontgom(a)redhat.com, chazlett(a)redhat.com, dbecker(a)redhat.com, drieden(a)redhat.com, eclipse-sig(a)lists.fedoraproject.org, eparis(a)redhat.com, eric.wittmann(a)redhat.com, ggaughan(a)redhat.com, gmalinko(a)redhat.com, hbraun(a)redhat.com, janstey(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, jburrell(a)redhat.com, jjohnstn(a)redhat.com, jjoyce(a)redhat.com, jkang(a)redhat.com, jnethert(a)redhat.com, jochrist(a)redhat.com, jokerman(a)redhat.com, jross(a)redhat.com, jschluet(a)redhat.com, jwon(a)redhat.com, krzysztof.daniel(a)gmail.com, lhh(a)redhat.com, lpeer(a)redhat.com, mat.booth(a)gmail.com, mburns(a)redhat.com, mizdebsk(a)redhat.com, mkolesni(a)redhat.com, nstielau(a)redhat.com, pantinor(a)redhat.com, pbhattac(a)redhat.com, sclewis(a)redhat.com, scohen(a)redhat.com, sd-operator-metering(a)redhat.com, slinaber(a)redhat.com, sochotni(a)redhat.com, sponnaga(a)redhat.com, swoodman(a)redhat.com, tflannag(a)redhat.com, vbobade(a)redhat.com Target Milestone: --- Classification: Other For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, if an exception is thrown from the SessionListener#sessionDestroyed() method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in. Reference: https://github.com/eclipse/jetty.project/security/advisories/GHSA-m6cp-vx... -- You are receiving this mail because: You are on the CC list for the bug.

2 years

1
26
0 / 0

[Bug 1974892] New: CVE-2021-34428 jetty: SessionListener can prevent a session from being invalidated breaking logout [fedora-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1974892 Bug ID: 1974892 Summary: CVE-2021-34428 jetty: SessionListener can prevent a session from being invalidated breaking logout [fedora-all] Product: Fedora Version: 34 Status: NEW Component: jetty Keywords: Security, SecurityTracking Severity: low Priority: low Assignee: mat.booth(a)gmail.com Reporter: gsuckevi(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: eclipse-sig(a)lists.fedoraproject.org, java-sig-commits(a)lists.fedoraproject.org, jjohnstn(a)redhat.com, krzysztof.daniel(a)gmail.com, mat.booth(a)gmail.com, mizdebsk(a)redhat.com, sochotni(a)redhat.com Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug.

2 years

1
4
0 / 0

[Bug 1973416] New: CVE-2021-33813 javapackages-tools: jdom: XXE allows attackers to cause a DoS via a crafted HTTP request [fedora-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1973416 Bug ID: 1973416 Summary: CVE-2021-33813 javapackages-tools: jdom: XXE allows attackers to cause a DoS via a crafted HTTP request [fedora-all] Product: Fedora Version: 34 Status: NEW Component: javapackages-tools Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: mizdebsk(a)redhat.com Reporter: gsuckevi(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, mat.booth(a)gmail.com, mizdebsk(a)redhat.com, msrb(a)redhat.com, sochotni(a)redhat.com Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug.

2 years

1
6
0 / 0

[Bug 1971017] New: CVE-2021-28169 jetty: requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-INF directory [fedora-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1971017 Bug ID: 1971017 Summary: CVE-2021-28169 jetty: requests to the ConcatServlet and WelcomeFilter are able to access protected resources within the WEB-INF directory [fedora-all] Product: Fedora Version: 34 Status: NEW Component: jetty Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: mat.booth(a)gmail.com Reporter: gsuckevi(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: eclipse-sig(a)lists.fedoraproject.org, java-sig-commits(a)lists.fedoraproject.org, jjohnstn(a)redhat.com, krzysztof.daniel(a)gmail.com, mat.booth(a)gmail.com, mizdebsk(a)redhat.com, sochotni(a)redhat.com Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug.

2 years

1
4
0 / 0

[Bug 1923445] New: httpunit: FTBFS in Fedora rawhide/f34

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1923445 Bug ID: 1923445 Summary: httpunit: FTBFS in Fedora rawhide/f34 Product: Fedora Version: rawhide Status: NEW Component: httpunit Assignee: jjelen(a)redhat.com Reporter: releng(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: decathorpe(a)gmail.com, fnasser(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, jjelen(a)redhat.com, mizdebsk(a)redhat.com Blocks: 1868278 (F34FTBFS) Target Milestone: --- Classification: Fedora httpunit failed to build from source in Fedora rawhide/f34 https://koji.fedoraproject.org/koji/taskinfo?taskID=60910571 For details on the mass rebuild see: https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild Please fix httpunit at your earliest convenience and set the bug's status to ASSIGNED when you start fixing it. If the bug remains in NEW state for 8 weeks, httpunit will be orphaned. Before branching of Fedora 35, httpunit will be retired, if it still fails to build. For more details on the FTBFS policy, please visit: https://docs.fedoraproject.org/en-US/fesco/Fails_to_build_from_source_Fai... Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1868278 [Bug 1868278] (F34FTBFS) - Fedora 34 FTBFS Tracker -- You are receiving this mail because: You are on the CC list for the bug.

2 years

1
10
0 / 0

[Bug 1923444] New: felix-bundlerepository: FTBFS in Fedora rawhide/f34

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1923444 Bug ID: 1923444 Summary: felix-bundlerepository: FTBFS in Fedora rawhide/f34 Product: Fedora Version: rawhide Status: NEW Component: felix-bundlerepository Assignee: stewardship-sig(a)lists.fedoraproject.org Reporter: releng(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: decathorpe(a)gmail.com, jaromir.capik(a)email.cz, java-sig-commits(a)lists.fedoraproject.org, jjelen(a)redhat.com, mizdebsk(a)redhat.com, stewardship-sig(a)lists.fedoraproject.org Blocks: 1868278 (F34FTBFS) Target Milestone: --- Classification: Fedora felix-bundlerepository failed to build from source in Fedora rawhide/f34 https://koji.fedoraproject.org/koji/taskinfo?taskID=60910565 For details on the mass rebuild see: https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild Please fix felix-bundlerepository at your earliest convenience and set the bug's status to ASSIGNED when you start fixing it. If the bug remains in NEW state for 8 weeks, felix-bundlerepository will be orphaned. Before branching of Fedora 35, felix-bundlerepository will be retired, if it still fails to build. For more details on the FTBFS policy, please visit: https://docs.fedoraproject.org/en-US/fesco/Fails_to_build_from_source_Fai... Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1868278 [Bug 1868278] (F34FTBFS) - Fedora 34 FTBFS Tracker -- You are receiving this mail because: You are on the CC list for the bug.

2 years

1
11
0 / 0

[Bug 1923382] New: simple-jndi: FTBFS in Fedora rawhide/f34

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1923382 Bug ID: 1923382 Summary: simple-jndi: FTBFS in Fedora rawhide/f34 Product: Fedora Version: rawhide Status: NEW Component: simple-jndi Assignee: jjelen(a)redhat.com Reporter: releng(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, jjelen(a)redhat.com, puntogil(a)libero.it Blocks: 1868278 (F34FTBFS) Target Milestone: --- Classification: Fedora simple-jndi failed to build from source in Fedora rawhide/f34 https://koji.fedoraproject.org/koji/taskinfo?taskID=60908695 For details on the mass rebuild see: https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild Please fix simple-jndi at your earliest convenience and set the bug's status to ASSIGNED when you start fixing it. If the bug remains in NEW state for 8 weeks, simple-jndi will be orphaned. Before branching of Fedora 35, simple-jndi will be retired, if it still fails to build. For more details on the FTBFS policy, please visit: https://docs.fedoraproject.org/en-US/fesco/Fails_to_build_from_source_Fai... Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1868278 [Bug 1868278] (F34FTBFS) - Fedora 34 FTBFS Tracker -- You are receiving this mail because: You are on the CC list for the bug.

2 years

1
14
0 / 0

[Bug 1923381] New: geronimo-validation: FTBFS in Fedora rawhide/f34

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1923381 Bug ID: 1923381 Summary: geronimo-validation: FTBFS in Fedora rawhide/f34 Product: Fedora Version: rawhide Status: NEW Component: geronimo-validation Assignee: jjelen(a)redhat.com Reporter: releng(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: agrimm(a)gmail.com, java-sig-commits(a)lists.fedoraproject.org, jjelen(a)redhat.com, puntogil(a)libero.it Blocks: 1868278 (F34FTBFS) Target Milestone: --- Classification: Fedora geronimo-validation failed to build from source in Fedora rawhide/f34 https://koji.fedoraproject.org/koji/taskinfo?taskID=60908691 For details on the mass rebuild see: https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild Please fix geronimo-validation at your earliest convenience and set the bug's status to ASSIGNED when you start fixing it. If the bug remains in NEW state for 8 weeks, geronimo-validation will be orphaned. Before branching of Fedora 35, geronimo-validation will be retired, if it still fails to build. For more details on the FTBFS policy, please visit: https://docs.fedoraproject.org/en-US/fesco/Fails_to_build_from_source_Fai... Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1868278 [Bug 1868278] (F34FTBFS) - Fedora 34 FTBFS Tracker -- You are receiving this mail because: You are on the CC list for the bug.

2 years

1
12
0 / 0

[Bug 1923380] New: geronimo-jcdi-1.1-api: FTBFS in Fedora rawhide/f34

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1923380 Bug ID: 1923380 Summary: geronimo-jcdi-1.1-api: FTBFS in Fedora rawhide/f34 Product: Fedora Version: rawhide Status: NEW Component: geronimo-jcdi-1.1-api Assignee: jjelen(a)redhat.com Reporter: releng(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, jjelen(a)redhat.com, puntogil(a)libero.it Blocks: 1868278 (F34FTBFS) Target Milestone: --- Classification: Fedora geronimo-jcdi-1.1-api failed to build from source in Fedora rawhide/f34 https://koji.fedoraproject.org/koji/taskinfo?taskID=60908690 For details on the mass rebuild see: https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild Please fix geronimo-jcdi-1.1-api at your earliest convenience and set the bug's status to ASSIGNED when you start fixing it. If the bug remains in NEW state for 8 weeks, geronimo-jcdi-1.1-api will be orphaned. Before branching of Fedora 35, geronimo-jcdi-1.1-api will be retired, if it still fails to build. For more details on the FTBFS policy, please visit: https://docs.fedoraproject.org/en-US/fesco/Fails_to_build_from_source_Fai... Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1868278 [Bug 1868278] (F34FTBFS) - Fedora 34 FTBFS Tracker -- You are receiving this mail because: You are on the CC list for the bug.

2 years

1
12
0 / 0

[Bug 1913727] New: ant contrib still depend of jakarta-commons-httpclient

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1913727 Bug ID: 1913727 Summary: ant contrib still depend of jakarta-commons-httpclient Product: Fedora Version: rawhide Hardware: All OS: Linux Status: NEW Component: ant-contrib Severity: urgent Assignee: java-maint-sig(a)lists.fedoraproject.org Reporter: mageia-java(a)nicolaslecureuil.fr QA Contact: extras-qa(a)fedoraproject.org CC: akurtako(a)redhat.com, decathorpe(a)gmail.com, java-maint-sig(a)lists.fedoraproject.org, java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com Target Milestone: --- Classification: Fedora Description of problem: According to https://fedoraproject.org/wiki/Changes/Deprecate_Apache_Jakarta_Commons_H... nothing should depend of jakarta-commons-httpclient anymore. There is on package left : ant-contrib https://src.fedoraproject.org/rpms/ant-contrib/blob/master/f/ant-contrib.... -- You are receiving this mail because: You are on the CC list for the bug.

2 years

1
6
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

java-sig-commits November 2021