March 2024 - java-sig-commits - Fedora Mailing-Lists

[Bug 2245325] New: maven-plugin-tools-3.10.1 is available

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2245325 Bug ID: 2245325 Summary: maven-plugin-tools-3.10.1 is available Product: Fedora Version: rawhide Status: NEW Component: maven-plugin-tools Keywords: FutureFeature, Triaged Assignee: mizdebsk(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com Target Milestone: --- Classification: Fedora Releases retrieved: 3.10.1 Upstream release that is considered latest: 3.10.1 Current version/release in rawhide: 3.9.0-2.fc40 URL: http://maven.apache.org/plugin-tools/index.html Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release... Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/1925/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/maven-plugin-tools -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2245325 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...

10 hours, 39 minutes

1
6
0 / 0

[Bug 2254198] New: tomcat-10.1.17 is available

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2254198 Bug ID: 2254198 Summary: tomcat-10.1.17 is available Product: Fedora Version: rawhide Status: NEW Component: tomcat Keywords: FutureFeature, Triaged Assignee: huwang(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: alee(a)redhat.com, csutherl(a)redhat.com, gzaronikas(a)gmail.com, huwang(a)redhat.com, ivan.afonichev(a)gmail.com, java-sig-commits(a)lists.fedoraproject.org Target Milestone: --- Classification: Fedora Releases retrieved: 10.1.17 Upstream release that is considered latest: 10.1.17 Current version/release in rawhide: 9.0.83-1.fc40 URL: https://tomcat.apache.org/whichversion.html Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release... Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/323798/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/tomcat -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2254198 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...

13 hours, 4 minutes

1
25
0 / 0

[Bug 2251918] New: TRIAGE CVE-2023-34055 log4j: spring-boot: org.springframework.boot:spring-boot-actuator class vulnerable to denial of service [fedora-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2251918 Bug ID: 2251918 Summary: TRIAGE CVE-2023-34055 log4j: spring-boot: org.springframework.boot:spring-boot-actuator class vulnerable to denial of service [fedora-all] Product: Fedora Version: 38 Status: NEW Component: log4j Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: paul.wouters(a)aiven.io Reporter: psampaio(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: devrim(a)gunduz.org, elijahward.dev(a)gmail.com, italo.garcia+fedora(a)aiven.io, java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, paul.wouters(a)aiven.io, rj.layco(a)gmail.com, rominf(a)aiven.io Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2251917 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2251918 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...

20 hours, 35 minutes

1
3
0 / 0

[Bug 2251284] New: TRIAGE CVE-2023-33202 apache-sshd: bc-java: Out of memory while parsing ASN.1 crafted data in org.bouncycastle.openssl.PEMParser class [fedora-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2251284 Bug ID: 2251284 Summary: TRIAGE CVE-2023-33202 apache-sshd: bc-java: Out of memory while parsing ASN.1 crafted data in org.bouncycastle.openssl.PEMParser class [fedora-all] Product: Fedora Version: 38 Status: NEW Component: apache-sshd Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: mat.booth(a)gmail.com Reporter: psampaio(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, mat.booth(a)gmail.com, msrb(a)redhat.com, puntogil(a)libero.it Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2251281 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2251284 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...

20 hours, 37 minutes

1
3
0 / 0

[Bug 2251282] New: TRIAGE CVE-2023-33202 log4j: bc-java: Out of memory while parsing ASN.1 crafted data in org.bouncycastle.openssl.PEMParser class [fedora-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2251282 Bug ID: 2251282 Summary: TRIAGE CVE-2023-33202 log4j: bc-java: Out of memory while parsing ASN.1 crafted data in org.bouncycastle.openssl.PEMParser class [fedora-all] Product: Fedora Version: 38 Status: NEW Component: log4j Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: paul.wouters(a)aiven.io Reporter: psampaio(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: devrim(a)gunduz.org, elijahward.dev(a)gmail.com, italo.garcia+fedora(a)aiven.io, java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, paul.wouters(a)aiven.io, rj.layco(a)gmail.com, rominf(a)aiven.io Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2251281 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2251282 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...

20 hours, 38 minutes

1
3
0 / 0

[Bug 2245807] New: CVE-2023-36478 jetty: hpack header values cause [fedora-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2245807 Bug ID: 2245807 Summary: CVE-2023-36478 jetty: hpack header values cause [fedora-all] Product: Fedora Version: 38 Status: NEW Component: jetty Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: mat.booth(a)gmail.com Reporter: ybuenos(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: eclipse-sig(a)lists.fedoraproject.org, java-sig-commits(a)lists.fedoraproject.org, jjohnstn(a)redhat.com, mat.booth(a)gmail.com, mizdebsk(a)redhat.com Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2243123 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2245807 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...

20 hours, 54 minutes

1
3
0 / 0

[Bug 2244893] New: CVE-2023-44981 zookeeper: Authorization Bypass in Apache ZooKeeper [fedora-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2244893 Bug ID: 2244893 Summary: CVE-2023-44981 zookeeper: Authorization Bypass in Apache ZooKeeper [fedora-all] Product: Fedora Version: 38 Status: NEW Component: zookeeper Keywords: Security, SecurityTracking Severity: high Priority: high Assignee: extras-orphan(a)fedoraproject.org Reporter: ntait(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: ctubbsii(a)fedoraproject.org, extras-orphan(a)fedoraproject.org, java-sig-commits(a)lists.fedoraproject.org Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2243436 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2244893 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...

20 hours, 55 minutes

1
3
0 / 0

[Bug 2243327] New: [Major Incident] CVE-2023-44487 jetty: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) [fedora-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2243327 Bug ID: 2243327 Summary: [Major Incident] CVE-2023-44487 jetty: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) [fedora-all] Product: Fedora Version: 38 Status: NEW Component: jetty Keywords: Security, SecurityTracking Severity: high Priority: urgent Assignee: mat.booth(a)gmail.com Reporter: askrabec(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: eclipse-sig(a)lists.fedoraproject.org, java-sig-commits(a)lists.fedoraproject.org, jjohnstn(a)redhat.com, mat.booth(a)gmail.com, mizdebsk(a)redhat.com Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2242803 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2243327 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...

21 hours

1
3
0 / 0

[Bug 2242517] New: CVE-2023-37460 plexus-archiver: Arbitrary File Creation in AbstractUnArchiver [fedora-38]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2242517 Bug ID: 2242517 Summary: CVE-2023-37460 plexus-archiver: Arbitrary File Creation in AbstractUnArchiver [fedora-38] Product: Fedora Version: 38 Status: NEW Component: plexus-archiver Keywords: Security, SecurityTracking Severity: high Priority: high Assignee: mizdebsk(a)redhat.com Reporter: ntait(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2242288 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2242517 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...

21 hours, 4 minutes

1
3
0 / 0

[Bug 2239842] New: TRIAGE-CVE-2023-36479 jetty: Improper addition of quotation marks to user inputs in CgiServlet [fedora-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2239842 Bug ID: 2239842 Summary: TRIAGE-CVE-2023-36479 jetty: Improper addition of quotation marks to user inputs in CgiServlet [fedora-all] Product: Fedora Version: 38 Status: NEW Component: jetty Keywords: Security, SecurityTracking Severity: low Priority: low Assignee: mat.booth(a)gmail.com Reporter: psampaio(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: eclipse-sig(a)lists.fedoraproject.org, java-sig-commits(a)lists.fedoraproject.org, jjohnstn(a)redhat.com, mat.booth(a)gmail.com, mizdebsk(a)redhat.com Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2239630 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2239842 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...

21 hours, 10 minutes

1
3
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

java-sig-commits March 2024