March 2024 - java-sig-commits - Fedora Mailing-Lists

[Bug 2272176] New: icu4j-75-rc is available

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2272176 Bug ID: 2272176 Summary: icu4j-75-rc is available Product: Fedora Version: rawhide Status: NEW Component: icu4j Keywords: FutureFeature, Triaged Assignee: loganjerry(a)gmail.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, loganjerry(a)gmail.com, mizdebsk(a)redhat.com Target Milestone: --- Classification: Fedora Releases retrieved: 75-rc Upstream release that is considered latest: 75-rc Current version/release in rawhide: 74.2-4.fc41 URL: https://icu.unicode.org/ Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release... Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/234727/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/icu4j -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2272176 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...

2 weeks

1
4
0 / 0

[Bug 2270042] New: F41FailsToInstall: pdfbox-debugger, pdfbox-tools, preflight

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2270042 Bug ID: 2270042 Summary: F41FailsToInstall: pdfbox-debugger, pdfbox-tools, preflight Product: Fedora Version: rawhide Status: NEW Component: pdfbox Assignee: jvanek(a)redhat.com Reporter: fti-bugs(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: didiksupriadi41(a)gmail.com, java-sig-commits(a)lists.fedoraproject.org, jvanek(a)redhat.com, puntogil(a)libero.it, sergio(a)serjux.com Blocks: 2260877 (F41FailsToInstall,RAWHIDEFailsToInstall) Target Milestone: --- Classification: Fedora Hello, Please note that this comment was generated automatically by https://pagure.io/releng/blob/main/f/scripts/ftbfs-fti/follow-policy.py If you feel that this output has mistakes, please open an issue at https://pagure.io/releng/ Your package (pdfbox) Fails To Install in Fedora 41: can't install pdfbox-debugger: - nothing provides mvn(org.bouncycastle:bcpkix-jdk15on) needed by pdfbox-debugger-2.0.29-5.fc41.noarch - nothing provides mvn(org.bouncycastle:bcprov-jdk15on) needed by pdfbox-debugger-2.0.29-5.fc41.noarch - nothing provides mvn(org.bouncycastle:bcmail-jdk15on) needed by pdfbox-debugger-2.0.29-5.fc41.noarch can't install pdfbox-tools: - nothing provides mvn(org.bouncycastle:bcpkix-jdk15on) needed by pdfbox-tools-2.0.29-5.fc41.noarch - nothing provides mvn(org.bouncycastle:bcprov-jdk15on) needed by pdfbox-tools-2.0.29-5.fc41.noarch - nothing provides mvn(org.bouncycastle:bcmail-jdk15on) needed by pdfbox-tools-2.0.29-5.fc41.noarch can't install preflight: - nothing provides mvn(org.bouncycastle:bcpkix-jdk15on) needed by preflight-2.0.29-5.fc41.noarch - nothing provides mvn(org.bouncycastle:bcprov-jdk15on) needed by preflight-2.0.29-5.fc41.noarch - nothing provides mvn(org.bouncycastle:bcmail-jdk15on) needed by preflight-2.0.29-5.fc41.noarch If you know about this problem and are planning on fixing it, please acknowledge so by setting the bug status to ASSIGNED. If you don't have time to maintain this package, consider orphaning it, so maintainers of dependent packages realize the problem. If you don't react accordingly to the policy for FTBFS/FTI bugs (https://docs.fedoraproject.org/en-US/fesco/Fails_to_build_from_source_Fai...), your package may be orphaned in 8+ weeks. P.S. The data was generated solely from koji buildroot, so it might be newer than the latest compose or the content on mirrors. To reproduce, use the koji/local repo only, e.g. in mock: $ mock -r fedora-41-x86_64 --config-opts mirrored=False install pdfbox-debugger pdfbox-tools preflight P.P.S. If this bug has been reported in the middle of upgrading multiple dependent packages, please consider using side tags: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/#updating-inter... Thanks! Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=2260877 [Bug 2260877] Fedora 41 Fails To install Tracker -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2270042 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...

2 weeks, 4 days

1
6
0 / 0

[Bug 2137095] New: plexus-utils-3.5.0 is available

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2137095 Bug ID: 2137095 Summary: plexus-utils-3.5.0 is available Product: Fedora Version: rawhide Status: NEW Component: plexus-utils Keywords: FutureFeature, Triaged Assignee: mizdebsk(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: fnasser(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com Target Milestone: --- Classification: Fedora Releases retrieved: 3.5.0 Upstream release that is considered latest: 3.5.0 Current version/release in rawhide: 3.4.2-1.fc38 URL: https://codehaus-plexus.github.io/plexus-utils/ Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release... Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/6072/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/plexus-utils -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2137095

3 weeks, 5 days

1
4
0 / 0

[Bug 2271115] New: TRIAGE CVE-2024-22029 tomcat: apache tomcat: local privilege escalation via default tomcat group [fedora-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2271115 Bug ID: 2271115 Summary: TRIAGE CVE-2024-22029 tomcat: apache tomcat: local privilege escalation via default tomcat group [fedora-all] Product: Fedora Version: 39 Status: NEW Component: tomcat Keywords: Security, SecurityTracking Severity: high Priority: high Assignee: huwang(a)redhat.com Reporter: rgatica(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: alee(a)redhat.com, csutherl(a)redhat.com, gzaronikas(a)gmail.com, huwang(a)redhat.com, ivan.afonichev(a)gmail.com, java-sig-commits(a)lists.fedoraproject.org, szappis(a)redhat.com Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2271114 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2271115 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...

4 weeks, 1 day

1
3
0 / 0

[Bug 2272126] New: apache-commons-io-2.16.0 is available

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2272126 Bug ID: 2272126 Summary: apache-commons-io-2.16.0 is available Product: Fedora Version: rawhide Status: NEW Component: apache-commons-io Keywords: FutureFeature, Triaged Assignee: mizdebsk(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, SpikeFedora(a)gmail.com, stuart(a)gathman.org Target Milestone: --- Classification: Fedora Releases retrieved: 2.16.0 Upstream release that is considered latest: 2.16.0 Current version/release in rawhide: 2.13.0-8.fc41 URL: http://www.apache.org/dist/commons/io/source/ Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release... Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/72/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/apache-commons-io -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2272126 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...

1 month

1
1
0 / 0

[Bug 2272330] New: CVE-2022-1471 snakeyaml: Constructor Deserialization Remote Code Execution [fedora-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2272330 Bug ID: 2272330 Summary: CVE-2022-1471 snakeyaml: Constructor Deserialization Remote Code Execution [fedora-all] Product: Fedora Version: 39 Status: NEW Component: snakeyaml Keywords: Security, SecurityTracking Severity: high Priority: high Assignee: jerboaa(a)gmail.com Reporter: ntait(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: fedoraproject.org(a)bluhm-de.com, java-sig-commits(a)lists.fedoraproject.org, jerboaa(a)gmail.com, mizdebsk(a)redhat.com, mo(a)morsi.org Target Milestone: --- Classification: Fedora More information about this security flaw is available in the following bug: http://bugzilla.redhat.com/show_bug.cgi?id=2150009 Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2272330 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-...

1 month

1
4
0 / 0

[Bug 2035087] New: CVE-2021-45257 nasm: Infinite loop via the gpaste_tokens function

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2035087 Bug ID: 2035087 Summary: CVE-2021-45257 nasm: Infinite loop via the gpaste_tokens function Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team(a)redhat.com Reporter: psampaio(a)redhat.com CC: dominik(a)greysector.net, java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, nickc(a)redhat.com, pbonzini(a)redhat.com Target Milestone: --- Classification: Other An infinite loop vulnerability exists in nasm 2.16rc0 via the gpaste_tokens function. References: https://bugzilla.nasm.us/show_bug.cgi?id=3392790 -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2035087

1 month

1
11
0 / 0

[Bug 2035088] New: CVE-2021-45257 nasm: Infinite loop via the gpaste_tokens function [fedora-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2035088 Bug ID: 2035088 Summary: CVE-2021-45257 nasm: Infinite loop via the gpaste_tokens function [fedora-all] Product: Fedora Version: 35 Status: NEW Component: nasm Keywords: Security, SecurityTracking Severity: low Priority: low Assignee: dominik(a)greysector.net Reporter: psampaio(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: dominik(a)greysector.net, java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, pbonzini(a)redhat.com Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2035088

1 month

1
6
0 / 0

[Bug 2035084] New: CVE-2021-45256 nasm: Null pointer dereference via asm/preproc.c

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2035084 Bug ID: 2035084 Summary: CVE-2021-45256 nasm: Null pointer dereference via asm/preproc.c Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team(a)redhat.com Reporter: psampaio(a)redhat.com CC: dominik(a)greysector.net, java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, nickc(a)redhat.com, pbonzini(a)redhat.com Target Milestone: --- Classification: Other A Null Pointer Dereference vulnerability existfs in nasm 2.16rc0 via asm/preproc.c. References: https://bugzilla.nasm.us/show_bug.cgi?id=3392789 -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2035084

1 month

1
10
0 / 0

[Bug 2035086] New: CVE-2021-45256 nasm: Null pointer dereference via asm/preproc.c [fedora-all]

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2035086 Bug ID: 2035086 Summary: CVE-2021-45256 nasm: Null pointer dereference via asm/preproc.c [fedora-all] Product: Fedora Version: 35 Status: NEW Component: nasm Keywords: Security, SecurityTracking Severity: low Priority: low Assignee: dominik(a)greysector.net Reporter: psampaio(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: dominik(a)greysector.net, java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, pbonzini(a)redhat.com Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2035086

1 month

1
6
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

java-sig-commits March 2024