[Bug 1751976] New: Non-responsive maintainer check for vakwetu

[Red Hat Bugzilla] Your...

[Bug 1372117] CVE-2016-6345...

bugzilla＠redhat.com

Friday, 13 September 2019 Fri, 13 Sep '19

5:46 a.m.

https://bugzilla.redhat.com/show_bug.cgi?id=1751976 Bug ID: 1751976 Summary: Non-responsive maintainer check for vakwetu Product: Fedora Version: rawhide Hardware: All OS: Linux Status: NEW Component: resteasy Severity: medium Priority: medium Assignee: alee(a)redhat.com Reporter: mhroncok(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: alee(a)redhat.com, ascheel(a)redhat.com, dingyichen(a)gmail.com, dmoluguw(a)redhat.com, edewata(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, puntogil(a)libero.it, weli(a)redhat.com Target Milestone: --- Classification: Fedora This bug is part of the non-responsive maintainer procedure for vakwetu, following https://docs.fedoraproject.org/en-US/fesco/Policy_for_nonresponsive_packa.... Please respond if you are still active in Fedora and want to maintain resteasy. -- You are receiving this mail because: You are on the CC list for the bug.

Show replies by date

bugzilla＠redhat.com

Friday, 13 September Fri, 13 Sep

5:48 a.m.

New subject: [Bug 1751976] Non-responsive maintainer check for vakwetu

https://bugzilla.redhat.com/show_bug.cgi?id=1751976 Miro Hrončok <mhroncok(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1736585, 1372118, 1372122, | |1372125, 1372130, 1404912, | |1456313, 1471273, 1471275, | |1471277, 1471279, 1480769, | |1481780, 1539175, 1590941 Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1372118 [Bug 1372118] CVE-2016-6345 RESTEasy: Insufficient use of random values in RESTEasy async jobs could lead to loss of data confidentiality [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1372122 [Bug 1372122] CVE-2016-6346 RESTEasy: Abuse of GZIPInterceptor in RESTEasy can lead to denial of service attack [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1372125 [Bug 1372125] CVE-2016-6347 RESTEasy: Use of the default exception handler in RESTEasy can lead to reflected XSS attack [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1372130 [Bug 1372130] CVE-2016-6348 RESTEasy: Use of JacksonJsonpInterceptor in RESTEasy can lead to Cross Site Script Inclusion attack [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1404912 [Bug 1404912] CVE-2016-9606 Resteasy: Yaml unmarshalling vulnerable to RCE [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1456313 [Bug 1456313] CVE-2016-6346 RESTEasy: Abuse of GZIPInterceptor in RESTEasy can lead to denial of service attack [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1471273 [Bug 1471273] CVE-2016-6345 RESTEasy: Insufficient use of random values in RESTEasy async jobs could lead to loss of data confidentiality [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1471275 [Bug 1471275] CVE-2016-6346 RESTEasy: Abuse of GZIPInterceptor in RESTEasy can lead to denial of service attack [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1471277 [Bug 1471277] CVE-2016-6347 RESTEasy: Use of the default exception handler in RESTEasy can lead to reflected XSS attack [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1471279 [Bug 1471279] CVE-2016-6348 RESTEasy: Use of JacksonJsonpInterceptor in RESTEasy can lead to Cross Site Script Inclusion attack [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1480769 [Bug 1480769] CVE-2016-6345 RESTEasy: Insufficient use of random values in RESTEasy async jobs could lead to loss of data confidentiality [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1481780 [Bug 1481780] CVE-2016-6348 RESTEasy: Use of JacksonJsonpInterceptor in RESTEasy can lead to Cross Site Script Inclusion attack [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1539175 [Bug 1539175] CVE-2018-1051 resteasy: Unsafe unmarshalling in YamlProvider allows code execution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1590941 [Bug 1590941] CVE-2016-6347 RESTEasy: Use of the default exception handler in RESTEasy can lead to reflected XSS attack [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1736585 [Bug 1736585] resteasy: FTBFS in Fedora rawhide/f31 -- You are receiving this mail because: You are on the CC list for the bug.

bugzilla＠redhat.com

1:12 p.m.

New subject: [Bug 1751976] Non-responsive maintainer check for vakwetu

https://bugzilla.redhat.com/show_bug.cgi?id=1751976 --- Comment #1 from Dinesh Prasanth <dmoluguw(a)redhat.com> --- As a member of the Dogtag team, I'm responding on behalf of @vakwetu. We will be taking over this package and will be responsible to fix the CVEs. Please do not retire resteasy. -- You are receiving this mail because: You are on the CC list for the bug.

bugzilla＠redhat.com

3:21 p.m.

New subject: [Bug 1751976] Non-responsive maintainer check for vakwetu

https://bugzilla.redhat.com/show_bug.cgi?id=1751976 --- Comment #2 from Miro Hrončok <mhroncok(a)redhat.com> --- Nobody's retiring anything. What is your time frame? Some of the security bugs are 3 years old. Could you please assing the package to somebody who will be actually working on it? -- You are receiving this mail because: You are on the CC list for the bug.

bugzilla＠redhat.com

3:22 p.m.

New subject: [Bug 1751976] Non-responsive maintainer check for vakwetu

https://bugzilla.redhat.com/show_bug.cgi?id=1751976 --- Comment #3 from Miro Hrončok <mhroncok(a)redhat.com> ---

...

Could you please assing the package to somebody who will be actually working on it?

Taking that back, I see now that the package is assigned to you. -- You are receiving this mail because: You are on the CC list for the bug.

bugzilla＠redhat.com

Monday, 16 September Mon, 16 Sep

2:27 p.m.

New subject: [Bug 1751976] Non-responsive maintainer check for vakwetu

https://bugzilla.redhat.com/show_bug.cgi?id=1751976 --- Comment #4 from Alex Scheel <ascheel(a)redhat.com> --- Miro, I'll be updating resteasy next month in F29-rawhide. I'm not sure what version we'll rebase to, we'll have to see what Dogtag works with. We can go at least to 3.0.26, which to my knowledge fixes all CVEs that I'm aware of. Should I take the assignee of this bug too, or just the FTBFS+CVE bugs? -- You are receiving this mail because: You are on the CC list for the bug.

bugzilla＠redhat.com

3:16 p.m.

New subject: [Bug 1751976] Non-responsive maintainer check for vakwetu

https://bugzilla.redhat.com/show_bug.cgi?id=1751976 --- Comment #5 from Miro Hrončok <mhroncok(a)redhat.com> --- Whatever works for you the best. -- You are receiving this mail because: You are on the CC list for the bug.

bugzilla＠redhat.com

Monday, 21 October Mon, 21 Oct

1:53 p.m.

New subject: [Bug 1751976] Non-responsive maintainer check for vakwetu

https://bugzilla.redhat.com/show_bug.cgi?id=1751976 Bug 1751976 depends on bug 1736585, which changed state. Bug 1736585 Summary: resteasy: FTBFS in Fedora rawhide/f31 https://bugzilla.redhat.com/show_bug.cgi?id=1736585 What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |CLOSED Resolution|--- |CURRENTRELEASE -- You are receiving this mail because: You are on the CC list for the bug.

bugzilla＠redhat.com

2:01 p.m.

New subject: [Bug 1751976] Non-responsive maintainer check for vakwetu

https://bugzilla.redhat.com/show_bug.cgi?id=1751976 --- Comment #6 from Dinesh Prasanth <dmoluguw(a)redhat.com> --- Greetings everyone! we have rebased resteasy to 3.0.26. We have placed the updates on bodhi too. F30: https://bodhi.fedoraproject.org/updates/FEDORA-2019-6cb9165980 F31: https://bodhi.fedoraproject.org/updates/FEDORA-2019-636c9ead78 F32/rawhide: https://bodhi.fedoraproject.org/updates/FEDORA-2019-9cf340d96e So, closing this bug as CURRENTRELEASE. Feel free to modify the fields if necessary :) -- You are receiving this mail because: You are on the CC list for the bug.

bugzilla＠redhat.com

2:01 p.m.

New subject: [Bug 1751976] Non-responsive maintainer check for vakwetu

https://bugzilla.redhat.com/show_bug.cgi?id=1751976 Dinesh Prasanth <dmoluguw(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |CURRENTRELEASE Last Closed| |2019-10-21 19:01:18 -- You are receiving this mail because: You are on the CC list for the bug.

bugzilla＠redhat.com

2:29 p.m.

New subject: [Bug 1751976] Non-responsive maintainer check for vakwetu

https://bugzilla.redhat.com/show_bug.cgi?id=1751976 Bug 1751976 depends on bug 1372122, which changed state. Bug 1372122 Summary: CVE-2016-6346 RESTEasy: Abuse of GZIPInterceptor in RESTEasy can lead to denial of service attack [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1372122 What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |CURRENTRELEASE -- You are receiving this mail because: You are on the CC list for the bug.

bugzilla＠redhat.com

2:30 p.m.

New subject: [Bug 1751976] Non-responsive maintainer check for vakwetu

https://bugzilla.redhat.com/show_bug.cgi?id=1751976 Bug 1751976 depends on bug 1471275, which changed state. Bug 1471275 Summary: CVE-2016-6346 RESTEasy: Abuse of GZIPInterceptor in RESTEasy can lead to denial of service attack [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1471275 What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |DUPLICATE -- You are receiving this mail because: You are on the CC list for the bug.

bugzilla＠redhat.com

2:31 p.m.

New subject: [Bug 1751976] Non-responsive maintainer check for vakwetu

https://bugzilla.redhat.com/show_bug.cgi?id=1751976 Bug 1751976 depends on bug 1456313, which changed state. Bug 1456313 Summary: CVE-2016-6346 RESTEasy: Abuse of GZIPInterceptor in RESTEasy can lead to denial of service attack [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1456313 What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |DUPLICATE -- You are receiving this mail because: You are on the CC list for the bug.

bugzilla＠redhat.com

2:41 p.m.

New subject: [Bug 1751976] Non-responsive maintainer check for vakwetu

https://bugzilla.redhat.com/show_bug.cgi?id=1751976 Bug 1751976 depends on bug 1372125, which changed state. Bug 1372125 Summary: CVE-2016-6347 RESTEasy: Use of the default exception handler in RESTEasy can lead to reflected XSS attack [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1372125 What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |CURRENTRELEASE -- You are receiving this mail because: You are on the CC list for the bug.

bugzilla＠redhat.com

2:43 p.m.

New subject: [Bug 1751976] Non-responsive maintainer check for vakwetu

https://bugzilla.redhat.com/show_bug.cgi?id=1751976 Bug 1751976 depends on bug 1471277, which changed state. Bug 1471277 Summary: CVE-2016-6347 RESTEasy: Use of the default exception handler in RESTEasy can lead to reflected XSS attack [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1471277 What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |DUPLICATE -- You are receiving this mail because: You are on the CC list for the bug.

bugzilla＠redhat.com

2:45 p.m.

New subject: [Bug 1751976] Non-responsive maintainer check for vakwetu

https://bugzilla.redhat.com/show_bug.cgi?id=1751976 Bug 1751976 depends on bug 1590941, which changed state. Bug 1590941 Summary: CVE-2016-6347 RESTEasy: Use of the default exception handler in RESTEasy can lead to reflected XSS attack [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1590941 What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |WONTFIX -- You are receiving this mail because: You are on the CC list for the bug.

bugzilla＠redhat.com

2:49 p.m.

New subject: [Bug 1751976] Non-responsive maintainer check for vakwetu

https://bugzilla.redhat.com/show_bug.cgi?id=1751976 Bug 1751976 depends on bug 1471273, which changed state. Bug 1471273 Summary: CVE-2016-6345 RESTEasy: Insufficient use of random values in RESTEasy async jobs could lead to loss of data confidentiality [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1471273 What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |DUPLICATE -- You are receiving this mail because: You are on the CC list for the bug.

bugzilla＠redhat.com

2:50 p.m.

New subject: [Bug 1751976] Non-responsive maintainer check for vakwetu

https://bugzilla.redhat.com/show_bug.cgi?id=1751976 Bug 1751976 depends on bug 1480769, which changed state. Bug 1480769 Summary: CVE-2016-6345 RESTEasy: Insufficient use of random values in RESTEasy async jobs could lead to loss of data confidentiality [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1480769 What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |DUPLICATE -- You are receiving this mail because: You are on the CC list for the bug.

bugzilla＠redhat.com

3:12 p.m.

New subject: [Bug 1751976] Non-responsive maintainer check for vakwetu

https://bugzilla.redhat.com/show_bug.cgi?id=1751976 Bug 1751976 depends on bug 1471279, which changed state. Bug 1471279 Summary: CVE-2016-6348 RESTEasy: Use of JacksonJsonpInterceptor in RESTEasy can lead to Cross Site Script Inclusion attack [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1471279 What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |DUPLICATE -- You are receiving this mail because: You are on the CC list for the bug.

bugzilla＠redhat.com

3:12 p.m.

New subject: [Bug 1751976] Non-responsive maintainer check for vakwetu

https://bugzilla.redhat.com/show_bug.cgi?id=1751976 Bug 1751976 depends on bug 1481780, which changed state. Bug 1481780 Summary: CVE-2016-6348 RESTEasy: Use of JacksonJsonpInterceptor in RESTEasy can lead to Cross Site Script Inclusion attack [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1481780 What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |DUPLICATE -- You are receiving this mail because: You are on the CC list for the bug.

bugzilla＠redhat.com

3:16 p.m.

New subject: [Bug 1751976] Non-responsive maintainer check for vakwetu

https://bugzilla.redhat.com/show_bug.cgi?id=1751976 Bug 1751976 depends on bug 1372130, which changed state. Bug 1372130 Summary: CVE-2016-6348 RESTEasy: Use of JacksonJsonpInterceptor in RESTEasy can lead to Cross Site Script Inclusion attack [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1372130 What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |CURRENTRELEASE -- You are receiving this mail because: You are on the CC list for the bug.

bugzilla＠redhat.com

3:20 p.m.

New subject: [Bug 1751976] Non-responsive maintainer check for vakwetu

https://bugzilla.redhat.com/show_bug.cgi?id=1751976 Bug 1751976 depends on bug 1404912, which changed state. Bug 1404912 Summary: CVE-2016-9606 Resteasy: Yaml unmarshalling vulnerable to RCE [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1404912 What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |CURRENTRELEASE -- You are receiving this mail because: You are on the CC list for the bug.

bugzilla＠redhat.com

3:30 p.m.

New subject: [Bug 1751976] Non-responsive maintainer check for vakwetu

https://bugzilla.redhat.com/show_bug.cgi?id=1751976 Bug 1751976 depends on bug 1539175, which changed state. Bug 1539175 Summary: CVE-2018-1051 resteasy: Unsafe unmarshalling in YamlProvider allows code execution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1539175 What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |CURRENTRELEASE -- You are receiving this mail because: You are on the CC list for the bug.

bugzilla＠redhat.com

3:34 p.m.

New subject: [Bug 1751976] Non-responsive maintainer check for vakwetu

https://bugzilla.redhat.com/show_bug.cgi?id=1751976 Bug 1751976 depends on bug 1372118, which changed state. Bug 1372118 Summary: CVE-2016-6345 RESTEasy: Insufficient use of random values in RESTEasy async jobs could lead to loss of data confidentiality [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1372118 What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution|--- |CURRENTRELEASE -- You are receiving this mail because: You are on the CC list for the bug.

1643

days inactive

1681

days old

java-sig-commits@lists.fedoraproject.org

Manage subscription

23 comments

1 participants

tags (0)

participants (1)

bugzilla＠redhat.com

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

[Bug 1751976] New: Non-responsive maintainer check for vakwetu

[Bug 1751976] New: Non-responsive maintainer check for vakwetu​

[Bug 1751976] New: Non-responsive maintainer check for vakwetu