[Bug 1887648] New: CVE-2020-13943 tomcat: Apache Tomcat HTTP/2 Request mix-up
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1887648
Bug ID: 1887648
Summary: CVE-2020-13943 tomcat: Apache Tomcat HTTP/2 Request
mix-up
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: jwon(a)redhat.com
CC: aboyko(a)redhat.com, aileenc(a)redhat.com,
akoufoud(a)redhat.com, alazarot(a)redhat.com,
alee(a)redhat.com, almorale(a)redhat.com,
anstephe(a)redhat.com, asoldano(a)redhat.com,
atangrin(a)redhat.com, avibelli(a)redhat.com,
bbaranow(a)redhat.com, bgeorges(a)redhat.com,
bmaxwell(a)redhat.com, brian.stansberry(a)redhat.com,
cdewolf(a)redhat.com, chazlett(a)redhat.com,
cmoulliard(a)redhat.com, coolsvap(a)gmail.com,
csutherl(a)redhat.com, darran.lofthouse(a)redhat.com,
dbecker(a)redhat.com, dkreling(a)redhat.com,
dosoudil(a)redhat.com, drieden(a)redhat.com,
eleandro(a)redhat.com, etirelli(a)redhat.com,
ggaughan(a)redhat.com, gmalinko(a)redhat.com,
gzaronik(a)redhat.com, hhorak(a)redhat.com,
huwang(a)redhat.com, ibek(a)redhat.com,
ikanello(a)redhat.com, ivan.afonichev(a)gmail.com,
iweiss(a)redhat.com, janstey(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jawilson(a)redhat.com, jbalunas(a)redhat.com,
jclere(a)redhat.com, jjoyce(a)redhat.com,
jochrist(a)redhat.com, jolee(a)redhat.com,
jorton(a)redhat.com, jpallich(a)redhat.com,
jperkins(a)redhat.com, jschatte(a)redhat.com,
jschluet(a)redhat.com, jstastny(a)redhat.com,
jwon(a)redhat.com, krathod(a)redhat.com,
krzysztof.daniel(a)gmail.com, kverlaen(a)redhat.com,
kwills(a)redhat.com, lgao(a)redhat.com, lhh(a)redhat.com,
lpeer(a)redhat.com, lthon(a)redhat.com,
mbabacek(a)redhat.com, mburns(a)redhat.com,
mizdebsk(a)redhat.com, mkolesni(a)redhat.com,
mnovotny(a)redhat.com, msochure(a)redhat.com,
msvehla(a)redhat.com, mszynkie(a)redhat.com,
myarboro(a)redhat.com, nwallace(a)redhat.com,
pgallagh(a)redhat.com, pjindal(a)redhat.com,
pmackay(a)redhat.com, rguimara(a)redhat.com,
rrajasek(a)redhat.com, rruss(a)redhat.com,
rstancel(a)redhat.com, rsvoboda(a)redhat.com,
rsynek(a)redhat.com, sclewis(a)redhat.com,
scohen(a)redhat.com, sdaley(a)redhat.com,
slinaber(a)redhat.com, smaestri(a)redhat.com,
tom.jenkinson(a)redhat.com, vhalbert(a)redhat.com,
weli(a)redhat.com
Blocks: 1887641
Target Milestone: ---
Classification: Other
If an HTTP/2 client exceeded the agreed maximum number of concurrent streams
for a connection (in violation of the HTTP/2 protocol), it was possible that a
subsequent request made on that connection could contain HTTP headers -
including HTTP/2 pseudo headers - from a previous request rather than the
intended headers. This could lead to users seeing responses for unexpected
resources.
Upstream commits:
Tomcat 10.0:
https://github.com/apache/tomcat/commit/1bbc650cbc3f08d85a1ec6d803c47ae53...
Tomcat 9.0:
https://github.com/apache/tomcat/commit/55911430df13f8c9998fbdee1f9716994...
Tomcat 8.5:
https://github.com/apache/tomcat/commit/9d7def063b47407a09a2f9202beed99f4...
Reference:
http://mail-archives.apache.org/mod_mbox/tomcat-announce/202010.mbox/%3C2...
--
You are receiving this mail because:
You are on the CC list for the bug.
2 years, 6 months
[Bug 1851019] New: CVE-2020-2875mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1851019
Bug ID: 1851019
Summary: CVE-2020-2875mysql-connector-java: allows
unauthenticated attacker with network access via
multiple protocols to compromise MySQL Connectors
which could result in unauthorized update, insert or
delete
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: low
Priority: low
Assignee: security-response-team(a)redhat.com
Reporter: mkaplan(a)redhat.com
CC: aboyko(a)redhat.com, aileenc(a)redhat.com,
akoufoud(a)redhat.com, alazarot(a)redhat.com,
almorale(a)redhat.com, anstephe(a)redhat.com,
asoldano(a)redhat.com, atangrin(a)redhat.com,
avibelli(a)redhat.com, bbaranow(a)redhat.com,
bgeorges(a)redhat.com, bibryam(a)redhat.com,
bmaxwell(a)redhat.com, bmontgom(a)redhat.com,
brian.stansberry(a)redhat.com, cdewolf(a)redhat.com,
chazlett(a)redhat.com, clement.escoffier(a)redhat.com,
dandread(a)redhat.com, darran.lofthouse(a)redhat.com,
databases-maint(a)redhat.com, dkreling(a)redhat.com,
dosoudil(a)redhat.com, drieden(a)redhat.com,
eparis(a)redhat.com, etirelli(a)redhat.com,
ganandan(a)redhat.com, ggaughan(a)redhat.com,
gmalinko(a)redhat.com, gmorling(a)redhat.com,
gsmet(a)redhat.com, gvarsami(a)redhat.com,
hhorak(a)redhat.com, ibek(a)redhat.com, iweiss(a)redhat.com,
janstey(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jawilson(a)redhat.com, jbalunas(a)redhat.com,
jburrell(a)redhat.com, jcoleman(a)redhat.com,
jjanco(a)redhat.com, jochrist(a)redhat.com,
jokerman(a)redhat.com, jolee(a)redhat.com,
jpallich(a)redhat.com, jperkins(a)redhat.com,
jschatte(a)redhat.com, jstastny(a)redhat.com,
jwon(a)redhat.com, kconner(a)redhat.com,
krathod(a)redhat.com, kverlaen(a)redhat.com,
kwills(a)redhat.com, ldimaggi(a)redhat.com,
lgao(a)redhat.com, lthon(a)redhat.com, mmuzila(a)redhat.com,
mnovotny(a)redhat.com, mschorm(a)redhat.com,
msochure(a)redhat.com, msvehla(a)redhat.com,
mszynkie(a)redhat.com, nstielau(a)redhat.com,
nwallace(a)redhat.com, odubaj(a)redhat.com,
pantinor(a)redhat.com, paradhya(a)redhat.com,
pgallagh(a)redhat.com, pjindal(a)redhat.com,
pmackay(a)redhat.com, psotirop(a)redhat.com,
puntogil(a)libero.it, rguimara(a)redhat.com,
rrajasek(a)redhat.com, rruss(a)redhat.com,
rstancel(a)redhat.com, rsvoboda(a)redhat.com,
rsynek(a)redhat.com, rwagner(a)redhat.com,
sbiarozk(a)redhat.com, sdaley(a)redhat.com,
sdouglas(a)redhat.com, smaestri(a)redhat.com,
sponnaga(a)redhat.com, steve.traylen(a)cern.ch,
tcunning(a)redhat.com, tkirby(a)redhat.com,
tom.jenkinson(a)redhat.com, vhalbert(a)redhat.com,
xjakub(a)fi.muni.cz
Target Milestone: ---
Classification: Other
Vulnerability in the MySQL Connectors product of Oracle MySQL (component:
Connector/J). Supported versions that are affected are 8.0.14 and prior and
5.1.48 and prior. Difficult to exploit vulnerability allows unauthenticated
attacker with network access via multiple protocols to compromise MySQL
Connectors. Successful attacks require human interaction from a person other
than the attacker and while the vulnerability is in MySQL Connectors, attacks
may significantly impact additional products. Successful attacks of this
vulnerability can result in unauthorized update, insert or delete access to
some of MySQL Connectors accessible data as well as unauthorized read access to
a subset of MySQL Connectors accessible data.
References:
https://www.oracle.com/security-alerts/cpuapr2020.html
https://lists.debian.org/debian-lts-announce/2020/06/msg00015.html
https://www.debian.org/security/2020/dsa-4703
--
You are receiving this mail because:
You are on the CC list for the bug.
2 years, 6 months
[Bug 1851014] New: CVE-2020-2934 mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1851014
Bug ID: 1851014
Summary: CVE-2020-2934 mysql-connector-java: allows
unauthenticated attacker with network access via
multiple protocols to compromise MySQL Connectors
which could result in unauthorized update, insert or
delete
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: mkaplan(a)redhat.com
CC: aboyko(a)redhat.com, aileenc(a)redhat.com,
akoufoud(a)redhat.com, alazarot(a)redhat.com,
almorale(a)redhat.com, anstephe(a)redhat.com,
asoldano(a)redhat.com, atangrin(a)redhat.com,
avibelli(a)redhat.com, bbaranow(a)redhat.com,
bgeorges(a)redhat.com, bibryam(a)redhat.com,
bmaxwell(a)redhat.com, bmontgom(a)redhat.com,
brian.stansberry(a)redhat.com, cdewolf(a)redhat.com,
chazlett(a)redhat.com, clement.escoffier(a)redhat.com,
dandread(a)redhat.com, darran.lofthouse(a)redhat.com,
databases-maint(a)redhat.com, dkreling(a)redhat.com,
dosoudil(a)redhat.com, drieden(a)redhat.com,
eparis(a)redhat.com, etirelli(a)redhat.com,
ganandan(a)redhat.com, ggaughan(a)redhat.com,
gmalinko(a)redhat.com, gmorling(a)redhat.com,
gsmet(a)redhat.com, gvarsami(a)redhat.com,
hhorak(a)redhat.com, ibek(a)redhat.com, iweiss(a)redhat.com,
janstey(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jawilson(a)redhat.com, jbalunas(a)redhat.com,
jburrell(a)redhat.com, jcoleman(a)redhat.com,
jjanco(a)redhat.com, jochrist(a)redhat.com,
jokerman(a)redhat.com, jolee(a)redhat.com,
jpallich(a)redhat.com, jperkins(a)redhat.com,
jschatte(a)redhat.com, jstastny(a)redhat.com,
jwon(a)redhat.com, kconner(a)redhat.com,
krathod(a)redhat.com, kverlaen(a)redhat.com,
kwills(a)redhat.com, ldimaggi(a)redhat.com,
lgao(a)redhat.com, lthon(a)redhat.com, mmuzila(a)redhat.com,
mnovotny(a)redhat.com, mschorm(a)redhat.com,
msochure(a)redhat.com, msvehla(a)redhat.com,
mszynkie(a)redhat.com, nstielau(a)redhat.com,
nwallace(a)redhat.com, odubaj(a)redhat.com,
pantinor(a)redhat.com, paradhya(a)redhat.com,
pgallagh(a)redhat.com, pjindal(a)redhat.com,
pmackay(a)redhat.com, psotirop(a)redhat.com,
puntogil(a)libero.it, rguimara(a)redhat.com,
rrajasek(a)redhat.com, rruss(a)redhat.com,
rstancel(a)redhat.com, rsvoboda(a)redhat.com,
rsynek(a)redhat.com, rwagner(a)redhat.com,
sbiarozk(a)redhat.com, sdaley(a)redhat.com,
sdouglas(a)redhat.com, smaestri(a)redhat.com,
sponnaga(a)redhat.com, steve.traylen(a)cern.ch,
tcunning(a)redhat.com, tkirby(a)redhat.com,
tom.jenkinson(a)redhat.com, vhalbert(a)redhat.com,
xjakub(a)fi.muni.cz
Target Milestone: ---
Classification: Other
Vulnerability in the MySQL Connectors product of Oracle MySQL (component:
Connector/J). Supported versions that are affected are 8.0.14 and prior and
5.1.48 and prior. Difficult to exploit vulnerability allows unauthenticated
attacker with network access via multiple protocols to compromise MySQL
Connectors. Successful attacks require human interaction from a person other
than the attacker and while the vulnerability is in MySQL Connectors, attacks
may significantly impact additional products. Successful attacks of this
vulnerability can result in unauthorized update, insert or delete access to
some of MySQL Connectors accessible data as well as unauthorized read access to
a subset of MySQL Connectors accessible data
--
You are receiving this mail because:
You are on the CC list for the bug.
2 years, 6 months
[Bug 1937440] New: CVE-2020-13936 velocity: arbitrary code execution when attacker is able to modify templates
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1937440
Bug ID: 1937440
Summary: CVE-2020-13936 velocity: arbitrary code execution when
attacker is able to modify templates
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: high
Priority: high
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: aboyko(a)redhat.com, aileenc(a)redhat.com,
akoufoud(a)redhat.com, akurtako(a)redhat.com,
alazarot(a)redhat.com, almorale(a)redhat.com,
andjrobins(a)gmail.com, anstephe(a)redhat.com,
aos-bugs(a)redhat.com, asoldano(a)redhat.com,
atangrin(a)redhat.com, ataylor(a)redhat.com,
bbaranow(a)redhat.com, bibryam(a)redhat.com,
bmaxwell(a)redhat.com, bmontgom(a)redhat.com,
brian.stansberry(a)redhat.com, cdewolf(a)redhat.com,
chazlett(a)redhat.com, darran.lofthouse(a)redhat.com,
dbhole(a)redhat.com, decathorpe(a)gmail.com,
devrim(a)gunduz.org, dkreling(a)redhat.com,
dosoudil(a)redhat.com, drieden(a)redhat.com,
ebaron(a)redhat.com,
eclipse-sig(a)lists.fedoraproject.org,
eleandro(a)redhat.com, eparis(a)redhat.com,
etirelli(a)redhat.com, fjuma(a)redhat.com,
ganandan(a)redhat.com, ggaughan(a)redhat.com,
gmalinko(a)redhat.com, gvarsami(a)redhat.com,
hbraun(a)redhat.com, ibek(a)redhat.com, iweiss(a)redhat.com,
janstey(a)redhat.com, java-maint(a)redhat.com,
java-maint-sig(a)lists.fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
jburrell(a)redhat.com, jcantril(a)redhat.com,
jcoleman(a)redhat.com, jerboaa(a)gmail.com,
jjohnstn(a)redhat.com, jochrist(a)redhat.com,
jokerman(a)redhat.com, jolee(a)redhat.com,
jperkins(a)redhat.com, jross(a)redhat.com,
jschatte(a)redhat.com, jstastny(a)redhat.com,
jwon(a)redhat.com, kconner(a)redhat.com,
krathod(a)redhat.com, kverlaen(a)redhat.com,
kwills(a)redhat.com, ldimaggi(a)redhat.com,
lef(a)fedoraproject.org, lgao(a)redhat.com,
loleary(a)redhat.com, mat.booth(a)redhat.com,
mizdebsk(a)redhat.com, mnovotny(a)redhat.com,
msochure(a)redhat.com, msvehla(a)redhat.com,
nstielau(a)redhat.com, nwallace(a)redhat.com,
pantinor(a)redhat.com, pjindal(a)redhat.com,
pmackay(a)redhat.com, rgrunber(a)redhat.com,
rguimara(a)redhat.com, rhcs-maint(a)redhat.com,
rrajasek(a)redhat.com, rstancel(a)redhat.com,
rsvoboda(a)redhat.com, rsynek(a)redhat.com,
rwagner(a)redhat.com, sdaley(a)redhat.com,
sd-operator-metering(a)redhat.com, smaestri(a)redhat.com,
sochotni(a)redhat.com, spinder(a)redhat.com,
sponnaga(a)redhat.com, tcunning(a)redhat.com,
tflannag(a)redhat.com, theute(a)redhat.com,
tkirby(a)redhat.com, tom.jenkinson(a)redhat.com,
yborgess(a)redhat.com
Target Milestone: ---
Classification: Other
An attacker that is able to modify Velocity templates may execute arbitrary
Java code or run arbitrary system commands with the same privileges as the
account running the Servlet container. This applies to applications that allow
untrusted users to upload/modify velocity templates running Apache Velocity
Engine versions up to 2.2.
References:
https://lists.apache.org/thread.html/r01043f584cbd47959fabe18fff64de940f8...
http://www.openwall.com/lists/oss-security/2021/03/10/1
--
You are receiving this mail because:
You are on the CC list for the bug.
2 years, 6 months
[Bug 1785711] New: CVE-2019-17563 tomcat: session fixation
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1785711
Bug ID: 1785711
Summary: CVE-2019-17563 tomcat: session fixation
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: low
Priority: low
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: aileenc(a)redhat.com, akoufoud(a)redhat.com,
alazarot(a)redhat.com, alee(a)redhat.com,
almorale(a)redhat.com, anstephe(a)redhat.com,
chazlett(a)redhat.com, coolsvap(a)gmail.com,
csutherl(a)redhat.com, drieden(a)redhat.com,
etirelli(a)redhat.com, extras-orphan(a)fedoraproject.org,
ggaughan(a)redhat.com, gzaronik(a)redhat.com,
ibek(a)redhat.com, ivan.afonichev(a)gmail.com,
janstey(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jclere(a)redhat.com, jochrist(a)redhat.com,
jstastny(a)redhat.com, jwon(a)redhat.com,
krathod(a)redhat.com, krzysztof.daniel(a)gmail.com,
kverlaen(a)redhat.com, lgao(a)redhat.com,
mbabacek(a)redhat.com, mnovotny(a)redhat.com,
myarboro(a)redhat.com, paradhya(a)redhat.com,
pjindal(a)redhat.com, rhcs-maint(a)redhat.com,
rrajasek(a)redhat.com, rsynek(a)redhat.com,
sdaley(a)redhat.com, weli(a)redhat.com
Target Milestone: ---
Classification: Other
When using FORM authentication there was a narrow window where an attacker
could perform a session fixation attack. The window was considered too narrow
for an exploit to be practical but, erring on the side of caution, this issue
has been treated as a security vulnerability.
Reference:
https://tomcat.apache.org/security-7.html
https://tomcat.apache.org/security-8.html
http://tomcat.apache.org/security-9.html
Upstream commits:
https://github.com/apache/tomcat/commit/ab72a10
https://github.com/apache/tomcat/commit/e19a202
https://github.com/apache/tomcat/commit/1ecba14
--
You are receiving this mail because:
You are on the CC list for the bug.
2 years, 6 months
[Bug 1858077] New: relaxngcc fails to build with java-11-openjdk
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1858077
Bug ID: 1858077
Summary: relaxngcc fails to build with java-11-openjdk
Product: Fedora
Version: rawhide
Hardware: All
OS: All
Status: NEW
Component: relaxngcc
Severity: high
Assignee: sanjay.ankur(a)gmail.com
Reporter: jvanek(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: decathorpe(a)gmail.com,
java-maint-sig(a)lists.fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
jvanek(a)redhat.com, puntogil(a)libero.it,
sanjay.ankur(a)gmail.com, sgehwolf(a)redhat.com
Blocks: 1825969 (Java11)
Target Milestone: ---
Classification: Fedora
relaxngcc fails to build with java-11-openjdk as sytem JDK. See
https://fedoraproject.org/wiki/Changes/Java11 .
See especially part about known failures:
https://fedoraproject.org/wiki/Changes/Java11#common_issues_packagers_can...
For the build logs, see:
https://koji.fedoraproject.org/koji/taskinfo?taskID=47161757
We run the rebuild longer then 10days ago. Log may be gone. Also your package
may be passing in regular rawhide.
To reproduce, simply: fedpkg clone relaxngcc; cd relaxngcc; fedpkg build
--target f33-java11; #The target is crucial.
We run two reruns your package failed both.
We had tried 650 packages, and 500 had passed, so the java-11-openjdk will be
system JDK in f33, and you should fix your package if you want to keep it
alive. Usually the fix is simple, and best is to update the package to latest
upstream version.
There will be usual mass rebuild once f33 branches. You may got another FTBFS
bug.
Let us know here if you have any questions, here in bug, or at
java-devel(a)lists.fedoraproject.org .
We'd appreciate help from the people who know this package best, but if you
don't want to work on this now, let us know so we can try to work around it on
our side if needed.
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1825969
[Bug 1825969] java-11-openjdk as system JDK in F33
--
You are receiving this mail because:
You are on the CC list for the bug.
2 years, 6 months
[Bug 1953025] New: CVE-2021-28168 jersey: Local information disclosure via system temporary directory [fedora-all]
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1953025
Bug ID: 1953025
Summary: CVE-2021-28168 jersey: Local information disclosure
via system temporary directory [fedora-all]
Product: Fedora
Version: 33
Status: NEW
Component: jersey
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: extras-orphan(a)fedoraproject.org
Reporter: psampaio(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: dchen(a)redhat.com, extras-orphan(a)fedoraproject.org,
gang.wei(a)intel.com,
java-sig-commits(a)lists.fedoraproject.org,
puntogil(a)libero.it
Target Milestone: ---
Classification: Fedora
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
2 years, 6 months
[Bug 1944889] New: CVE-2021-21409 netty: Request smuggling via content-length header [fedora-all]
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1944889
Bug ID: 1944889
Summary: CVE-2021-21409 netty: Request smuggling via
content-length header [fedora-all]
Product: Fedora
Version: 33
Status: NEW
Component: netty
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: extras-orphan(a)fedoraproject.org
Reporter: psampaio(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: extras-orphan(a)fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
jerboaa(a)gmail.com, sochotni(a)redhat.com
Target Milestone: ---
Classification: Fedora
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
2 years, 6 months
[Bug 1937365] New: CVE-2021-21295 netty: possible request smuggling in HTTP/2 due missing validation [fedora-all]
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1937365
Bug ID: 1937365
Summary: CVE-2021-21295 netty: possible request smuggling in
HTTP/2 due missing validation [fedora-all]
Product: Fedora
Version: 33
Status: NEW
Component: netty
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: extras-orphan(a)fedoraproject.org
Reporter: gsuckevi(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: decathorpe(a)gmail.com, extras-orphan(a)fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
jerboaa(a)gmail.com, sochotni(a)redhat.com
Target Milestone: ---
Classification: Fedora
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
2 years, 6 months
[Bug 1927029] New: CVE-2021-21290 netty: Information disclosure via the local system temporary directory [fedora-all]
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1927029
Bug ID: 1927029
Summary: CVE-2021-21290 netty: Information disclosure via the
local system temporary directory [fedora-all]
Product: Fedora
Version: 33
Status: NEW
Component: netty
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: extras-orphan(a)fedoraproject.org
Reporter: psampaio(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: decathorpe(a)gmail.com, extras-orphan(a)fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
jerboaa(a)gmail.com, sochotni(a)redhat.com
Target Milestone: ---
Classification: Fedora
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
2 years, 6 months