June 2023 - java-sig-commits - Fedora Mailing-Lists

[Bug 2157647] New: CVE-2022-4132 tomcat: Memory leak [epel-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2157647 Bug ID: 2157647 Summary: CVE-2022-4132 tomcat: Memory leak [epel-all] Product: Fedora EPEL Version: epel8 Status: NEW Component: tomcat Keywords: Security, SecurityTracking Severity: low Priority: low Assignee: csutherl(a)redhat.com Reporter: pdelbell(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: alee(a)redhat.com, csutherl(a)redhat.com, gzaronikas(a)gmail.com, huwang(a)redhat.com, ivan.afonichev(a)gmail.com, java-sig-commits(a)lists.fedoraproject.org Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2147372 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2157647

11 months

1
4
0 / 0

[Bug 2141333] New: CVE-2022-42252 tomcat: request smuggling [epel-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2141333 Bug ID: 2141333 Summary: CVE-2022-42252 tomcat: request smuggling [epel-all] Product: Fedora EPEL Version: epel8 Status: NEW Component: tomcat Keywords: Security, SecurityTracking Severity: low Priority: low Assignee: csutherl(a)redhat.com Reporter: pdelbell(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: alee(a)redhat.com, coolsvap(a)gmail.com, csutherl(a)redhat.com, gzaronikas(a)gmail.com, huwang(a)redhat.com, ivan.afonichev(a)gmail.com, java-sig-commits(a)lists.fedoraproject.org, krzysztof.daniel(a)gmail.com Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2141329 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2141333

11 months

1
4
0 / 0

[Bug 2130599] New: CVE-2021-43980: Apache Tomcat: Information disclosure

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2130599 Bug ID: 2130599 Summary: CVE-2021-43980: Apache Tomcat: Information disclosure Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: high Priority: high Assignee: security-response-team(a)redhat.com Reporter: amctagga(a)redhat.com CC: alee(a)redhat.com, coolsvap(a)gmail.com, csutherl(a)redhat.com, gzaronikas(a)gmail.com, huwang(a)redhat.com, ivan.afonichev(a)gmail.com, java-sig-commits(a)lists.fedoraproject.org, krzysztof.daniel(a)gmail.com Target Milestone: --- Classification: Other Severity: important Description: The simplified implementation of blocking reads and writes introduced in Tomcat 10 and back-ported to Tomcat 9.0.47 onwards exposed a long standing (but extremely hard to trigger) concurrency bug in Apache Tomcat 10.1.0 to 10.1.0-M12, 10.0.0-M1 to 10.0.18, 9.0.0-M1 to 9.0.60 and 8.5.0 to 8.5.77 that could cause client connections to share an Http11Processor instance resulting in responses, or part responses, to be received by the wrong client. Credit: Thanks to Adam Thomas, Richard Hernandez and Ryan Schmitt for discovering the issue and working with the Tomcat security team to identify the root cause and appropriate fix. References: https://lists.apache.org/thread/3jjqbsp6j88b198x5rmg99b1qr8ht3g3 -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2130599

11 months

1
15
0 / 0

[Bug 2133649] New: CVE-2021-43980 tomcat: : Apache Tomcat: Information disclosure [epel-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2133649 Bug ID: 2133649 Summary: CVE-2021-43980 tomcat: : Apache Tomcat: Information disclosure [epel-all] Product: Fedora EPEL Version: epel8 Status: NEW Component: tomcat Keywords: Security, SecurityTracking Severity: low Priority: low Assignee: csutherl(a)redhat.com Reporter: trathi(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: alee(a)redhat.com, coolsvap(a)gmail.com, csutherl(a)redhat.com, gzaronikas(a)gmail.com, huwang(a)redhat.com, ivan.afonichev(a)gmail.com, java-sig-commits(a)lists.fedoraproject.org, krzysztof.daniel(a)gmail.com Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of epel-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora EPEL. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2133649

11 months

1
4
0 / 0

[Bug 2190215] New: Make Tomcat 10 available through EPEL

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2190215 Bug ID: 2190215 Summary: Make Tomcat 10 available through EPEL Product: Fedora EPEL Version: epel9 Status: NEW Component: tomcat Assignee: csutherl(a)redhat.com Reporter: csutherl(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: alee(a)redhat.com, csutherl(a)redhat.com, gzaronikas(a)gmail.com, huwang(a)redhat.com, ivan.afonichev(a)gmail.com, java-sig-commits(a)lists.fedoraproject.org Target Milestone: --- Classification: Fedora We've had a few users requesting Tomcat 10 be added to EPEL. I've created this bugzilla to track those requests and to have a place to share status updates. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2190215

11 months

1
1
0 / 0

[Bug 2210323] New: CVE-2023-28709 tomcat: Fix for CVE-2023-24998 was incomplete [epel-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2210323 Bug ID: 2210323 Summary: CVE-2023-28709 tomcat: Fix for CVE-2023-24998 was incomplete [epel-all] Product: Fedora EPEL Version: epel8 Status: NEW Component: tomcat Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: csutherl(a)redhat.com Reporter: pdelbell(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: alee(a)redhat.com, csutherl(a)redhat.com, gzaronikas(a)gmail.com, huwang(a)redhat.com, ivan.afonichev(a)gmail.com, java-sig-commits(a)lists.fedoraproject.org Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2210321 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2210323

11 months

1
3
0 / 0

[Bug 2181441] New: CVE-2023-28708 tomcat: not including the secure attribute causes information disclosure [epel-8]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2181441 Bug ID: 2181441 Summary: CVE-2023-28708 tomcat: not including the secure attribute causes information disclosure [epel-8] Product: Fedora EPEL Version: epel8 Status: NEW Component: tomcat Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: csutherl(a)redhat.com Reporter: saroy(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: alee(a)redhat.com, csutherl(a)redhat.com, gzaronikas(a)gmail.com, huwang(a)redhat.com, ivan.afonichev(a)gmail.com, java-sig-commits(a)lists.fedoraproject.org Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2180856 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2181441

11 months

1
3
0 / 0

[Bug 2168636] New: Remove tomcat from epel9

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2168636 Bug ID: 2168636 Summary: Remove tomcat from epel9 Product: Fedora EPEL Version: epel9 Status: NEW Component: tomcat Assignee: csutherl(a)redhat.com Reporter: rhel-process-autobot(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: alee(a)redhat.com, csutherl(a)redhat.com, gzaronikas(a)gmail.com, huwang(a)redhat.com, ivan.afonichev(a)gmail.com, java-sig-commits(a)lists.fedoraproject.org Target Milestone: --- Classification: Fedora -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2168636

11 months, 1 week

1
8
0 / 0

[Bug 2170293] New: Remove tomcat from epel8

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2170293 Bug ID: 2170293 Summary: Remove tomcat from epel8 Product: Fedora EPEL Version: epel8 Status: NEW Component: tomcat Assignee: csutherl(a)redhat.com Reporter: rhel-process-autobot(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: alee(a)redhat.com, csutherl(a)redhat.com, gzaronikas(a)gmail.com, huwang(a)redhat.com, ivan.afonichev(a)gmail.com, java-sig-commits(a)lists.fedoraproject.org Target Milestone: --- Classification: Fedora -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2170293

11 months, 1 week

1
8
0 / 0

[Bug 2131538] New: objectweb-asm-9.4 is available

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2131538 Bug ID: 2131538 Summary: objectweb-asm-9.4 is available Product: Fedora Version: rawhide Status: NEW Component: objectweb-asm Keywords: FutureFeature, Triaged Assignee: mizdebsk(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: dwalluck(a)redhat.com, fnasser(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, jerboaa(a)gmail.com, mizdebsk(a)redhat.com Target Milestone: --- Classification: Fedora Releases retrieved: 9.4 Upstream release that is considered latest: 9.4 Current version/release in rawhide: 9.3-3.fc38 URL: http://asm.ow2.org/ Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release... Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/7177/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/objectweb-asm -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2131538

11 months, 1 week

1
2
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

java-sig-commits June 2023