[Bug 1165554] New: Request to retire perl-ZMQ-LibZMQ3
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1165554
Bug ID: 1165554
Summary: Request to retire perl-ZMQ-LibZMQ3
Product: Fedora
Version: rawhide
Component: perl-ZMQ-LibZMQ3
Assignee: jose.p.oliveira.oss(a)gmail.com
Reporter: tomspur(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: jose.p.oliveira.oss(a)gmail.com,
perl-devel(a)lists.fedoraproject.org
Blocks: 1045884
When czmq has been rebuild against zeromq-4 in bug #1165553, this is the last
package, that depends on zeromq3.
Would it be possible to retire this package and add a perl-ZMQ-LibZMQ4 package,
if needed? Maybe it is also possible to just use the perl-ZMQ-LibZMQ (which
should always be build against the latest version of zeromq)?
I'd like to retire zeromq3 as soon as the depending packages have been ported
to zeromq-4.
Current dependencies of this packages are:
repoquery --disablerepo \* --enablerepo rawhide --repoid=rawhide --whatrequires
perl-ZMQ-LibZMQ3
amavisd-new-zeromq-0:2.10.1-1.fc22.noarch
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1045884
[Bug 1045884] [Tracking ticket] - Update to ZeroMQ v4
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=5L0pKAtPzG&a=cc_unsubscribe
7 years, 1 month
[Bug 1165555] New: Request to retire perl-ZMQ-LibZMQ3
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1165555
Bug ID: 1165555
Summary: Request to retire perl-ZMQ-LibZMQ3
Product: Fedora
Version: rawhide
Component: perl-ZMQ-LibZMQ2
Assignee: jose.p.oliveira.oss(a)gmail.com
Reporter: tomspur(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: extras-qa(a)fedoraproject.org,
jose.p.oliveira.oss(a)gmail.com,
perl-devel(a)lists.fedoraproject.org
Blocks: 1045884
+++ This bug was initially created as a clone of Bug #1165554 and adjusted to
match perl-ZMQ-LibZMQ2 +++
I'd like to retire zeromq2 once all packages that depend on it have been ported
to zeromq-4.
Would it be possible to retire this package and add a perl-ZMQ-LibZMQ4 package,
if needed? Maybe it is also possible to just use the perl-ZMQ-LibZMQ (which
should always be build against the latest version of zeromq)?
Current dependencies of this packages are:
repoquery --disablerepo \* --enablerepo rawhide --repoid=rawhide --whatrequires
perl-ZMQ-LibZMQ2
[empty]
-> None found.
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1045884
[Bug 1045884] [Tracking ticket] - Update to ZeroMQ v4
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=wsJb1YatwE&a=cc_unsubscribe
7 years, 1 month
[Bug 347901] New: Port perl-IO-Socket-SSL to use NSS library for cryptography
by Red Hat Bugzilla
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/show_bug.cgi?id=347901
Summary: Port perl-IO-Socket-SSL to use NSS library for
cryptography
Product: Fedora
Version: devel
Platform: All
OS/Version: Linux
Status: NEW
Severity: medium
Priority: medium
Component: perl-IO-Socket-SSL
AssignedTo: wtogami(a)redhat.com
ReportedBy: pvrabec(a)redhat.com
QAContact: extras-qa(a)fedoraproject.org
CC: fedora-perl-devel-
list@redhat.com,jpo@di.uminho.pt,tmraz(a)redhat.com
perl-IO-Socket-SSL should be ported to use NSS library for cryptography.
See the tracking bug for details and links on how it could be done.
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
7 years, 4 months
[Bug 1166064] New: CVE-2012-6662 jquery-ui: XSS vulnerability in default content in Tooltip widget
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1166064
Bug ID: 1166064
Summary: CVE-2012-6662 jquery-ui: XSS vulnerability in default
content in Tooltip widget
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: vkaigoro(a)redhat.com
CC: abaron(a)redhat.com, abokovoy(a)redhat.com,
andrew(a)topdog.za.net, andrewniemants(a)gmail.com,
aortega(a)redhat.com, apatters(a)redhat.com,
apevec(a)redhat.com, athmanem(a)gmail.com,
ayoung(a)redhat.com, bazanluis20(a)gmail.com,
bkabrda(a)redhat.com, bkearney(a)redhat.com,
bleanhar(a)redhat.com, brett.lentz(a)gmail.com,
bruno(a)wolff.to, casper(a)casperlefantom.net,
cbillett(a)redhat.com, ccoleman(a)redhat.com,
chat-to-me(a)raveit.de, chkr(a)plauener.de,
chrisw(a)redhat.com, comzeradd(a)fedoraproject.org,
cpelland(a)redhat.com, croberts(a)redhat.com,
dajohnso(a)redhat.com, dallan(a)redhat.com, dan(a)danny.cz,
david.r(a)ultracar.co.uk, dclarizi(a)redhat.com,
devrim(a)gunduz.org, dmcphers(a)redhat.com,
dridi.boukelmoune(a)gmail.com, echevemaster(a)gmail.com,
emmanuel(a)seyman.fr, erlang(a)lists.fedoraproject.org,
extras-orphan(a)fedoraproject.org, fabio(a)locati.cc,
fdc(a)fcami.net, fedora(a)famillecollet.com,
frankly3d(a)gmail.com, gbailey(a)lxpro.com,
gkotton(a)redhat.com, gmccullo(a)redhat.com,
herrold(a)owlriver.com, hhorak(a)redhat.com,
hobbes1069(a)gmail.com, home(a)trarbentley.net,
i(a)cicku.me, i(a)stingr.net, ian(a)ianweller.org,
iarnell(a)gmail.com, ipa-maint(a)redhat.com,
ivaxer(a)gmail.com, jamielinux(a)fedoraproject.org,
jaswinder(a)kernel.org, jdetiber(a)redhat.com,
jdornak(a)redhat.com, jhardy(a)redhat.com,
jialiu(a)redhat.com, jimi(a)sngx.net, jkeck(a)redhat.com,
jmlich(a)redhat.com, jochen(a)herr-schmitt.de,
joelsmith(a)redhat.com, jokajak(a)fedoraproject.org,
jokerman(a)redhat.com, jonathansteffan(a)gmail.com,
jorton(a)redhat.com, jprause(a)redhat.com,
jrafanie(a)redhat.com, jsmith.fedora(a)gmail.com,
jstribny(a)redhat.com, jvlcek(a)redhat.com,
karlthered(a)gmail.com, katello-bugs(a)redhat.com,
kevin(a)scrye.com, kseifried(a)redhat.com,
ktdreyer(a)ktdreyer.com, kwizart(a)gmail.com,
leigh123linux(a)googlemail.com, lemenkov(a)gmail.com,
lhh(a)redhat.com, limburgher(a)gmail.com,
lmacken(a)redhat.com, lmeyer(a)redhat.com,
loganjerry(a)gmail.com, lpeer(a)redhat.com, luto(a)mit.edu,
markmc(a)redhat.com, matt(a)cs.wisc.edu,
mbarnes(a)redhat.com, mburns(a)redhat.com,
mcepl(a)redhat.com, mclasen(a)redhat.com,
metherid(a)gmail.com, mhroncok(a)redhat.com,
michel(a)michel-slm.name, mike(a)cchtml.com,
miketwebster(a)gmail.com, mkosek(a)redhat.com,
mmaslano(a)redhat.com, mmccomas(a)redhat.com,
mmccune(a)redhat.com, mmcgrath(a)redhat.com,
mrunge(a)redhat.com, nelsonab(a)red-tux.net,
nonamedotc(a)gmail.com, nushio(a)fedoraproject.org,
obarenbo(a)redhat.com, oliver(a)linux-kernel.at,
orion(a)cora.nwra.com,
paulo.cesar.pereira.de.andrade(a)gmail.com,
pavel(a)zhukoff.net, perl-devel(a)lists.fedoraproject.org,
peter.borsa(a)gmail.com, phalliday(a)excelsiorsystems.net,
pmyers(a)redhat.com, praiskup(a)redhat.com,
promac(a)gmail.com, puiterwijk(a)redhat.com,
pviktori(a)redhat.com, pvoborni(a)redhat.com,
python-maint(a)redhat.com, rbean(a)redhat.com,
rbryant(a)redhat.com, rcritten(a)redhat.com,
relrod(a)redhat.com, rhos-maint(a)redhat.com,
rnovacek(a)redhat.com, robinlee.sysu(a)gmail.com,
satya.komaragiri(a)gmail.com, sclewis(a)redhat.com,
scott(a)foolishpride.org, sdodson(a)sdodson.com,
shawn.iwinski(a)gmail.com, smparrish(a)gmail.com,
ssorce(a)redhat.com, stickster(a)gmail.com, sven(a)lank.es,
tadej.janez(a)tadej.hicsalta.si,
tchollingsworth(a)gmail.com, thomas.moschny(a)gmx.de,
thozza(a)redhat.com, tim4dev(a)gmail.com, tjay(a)redhat.com,
tmckay(a)redhat.com, tomckay(a)redhat.com,
vanmeeuwen+fedora(a)kolabsys.com, volker27(a)gmx.at,
vondruch(a)redhat.com, vonsch(a)gmail.com,
wojdyr(a)gmail.com, wtogami(a)gmail.com,
xlecauch(a)redhat.com, yeylon(a)redhat.com,
yohangraterol92(a)gmail.com, zbyszek(a)in.waw.pl
jQuery UI 1.10.0 release fixes XSS issue [1] in jQuery Tooltip widget.
>From [1]:
...
WIDGETS
Tooltip
Fixed: XSS vulnerability in default content. (#8861, f285440)
...
The issue was initially reported in [2], and then actually fixed in [3] by
commit [4].
[1]: http://jqueryui.com/changelog/1.10.0/
[2]: http://bugs.jqueryui.com/ticket/8859
[3]: http://bugs.jqueryui.com/ticket/8861
[4]:
https://github.com/jquery/jquery-ui/commit/f2854408cce7e4b7fc6bf867676190...
--
Note: whiteboard lists quite some packages, which are known to have jQuery
embedded.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=nLGeAqRwc8&a=cc_unsubscribe
7 years, 4 months
[Bug 1166041] New: CVE-2010-5312 jquery-ui: XSS vulnerability in jQuery.ui.dialog title option
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1166041
Bug ID: 1166041
Summary: CVE-2010-5312 jquery-ui: XSS vulnerability in
jQuery.ui.dialog title option
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: vkaigoro(a)redhat.com
CC: abaron(a)redhat.com, abokovoy(a)redhat.com,
andrew(a)topdog.za.net, andrewniemants(a)gmail.com,
aortega(a)redhat.com, apatters(a)redhat.com,
apevec(a)redhat.com, athmanem(a)gmail.com,
ayoung(a)redhat.com, bazanluis20(a)gmail.com,
bkabrda(a)redhat.com, bkearney(a)redhat.com,
bleanhar(a)redhat.com, brett.lentz(a)gmail.com,
bruno(a)wolff.to, casper(a)casperlefantom.net,
cbillett(a)redhat.com, ccoleman(a)redhat.com,
chat-to-me(a)raveit.de, chkr(a)plauener.de,
chrisw(a)redhat.com, comzeradd(a)fedoraproject.org,
cpelland(a)redhat.com, croberts(a)redhat.com,
dajohnso(a)redhat.com, dallan(a)redhat.com, dan(a)danny.cz,
david.r(a)ultracar.co.uk, dclarizi(a)redhat.com,
devrim(a)gunduz.org, dmcphers(a)redhat.com,
dridi.boukelmoune(a)gmail.com, echevemaster(a)gmail.com,
emmanuel(a)seyman.fr, erlang(a)lists.fedoraproject.org,
extras-orphan(a)fedoraproject.org, fabio(a)locati.cc,
fdc(a)fcami.net, fedora(a)famillecollet.com,
frankly3d(a)gmail.com, gbailey(a)lxpro.com,
gkotton(a)redhat.com, gmccullo(a)redhat.com,
herrold(a)owlriver.com, hhorak(a)redhat.com,
hobbes1069(a)gmail.com, home(a)trarbentley.net,
i(a)cicku.me, i(a)stingr.net, ian(a)ianweller.org,
iarnell(a)gmail.com, ipa-maint(a)redhat.com,
ivaxer(a)gmail.com, jamielinux(a)fedoraproject.org,
jaswinder(a)kernel.org, jdetiber(a)redhat.com,
jdornak(a)redhat.com, jhardy(a)redhat.com,
jialiu(a)redhat.com, jimi(a)sngx.net, jkeck(a)redhat.com,
jmlich(a)redhat.com, jochen(a)herr-schmitt.de,
joelsmith(a)redhat.com, jokajak(a)fedoraproject.org,
jokerman(a)redhat.com, jonathansteffan(a)gmail.com,
jorton(a)redhat.com, jprause(a)redhat.com,
jrafanie(a)redhat.com, jsmith.fedora(a)gmail.com,
jstribny(a)redhat.com, jvlcek(a)redhat.com,
karlthered(a)gmail.com, katello-bugs(a)redhat.com,
kevin(a)scrye.com, kseifried(a)redhat.com,
ktdreyer(a)ktdreyer.com, kwizart(a)gmail.com,
leigh123linux(a)googlemail.com, lemenkov(a)gmail.com,
lhh(a)redhat.com, limburgher(a)gmail.com,
lmacken(a)redhat.com, lmeyer(a)redhat.com,
loganjerry(a)gmail.com, lpeer(a)redhat.com, luto(a)mit.edu,
markmc(a)redhat.com, matt(a)cs.wisc.edu,
mbarnes(a)redhat.com, mburns(a)redhat.com,
mcepl(a)redhat.com, mclasen(a)redhat.com,
metherid(a)gmail.com, mhroncok(a)redhat.com,
michel(a)michel-slm.name, mike(a)cchtml.com,
miketwebster(a)gmail.com, mkosek(a)redhat.com,
mmaslano(a)redhat.com, mmccomas(a)redhat.com,
mmccune(a)redhat.com, mmcgrath(a)redhat.com,
mrunge(a)redhat.com, nelsonab(a)red-tux.net,
nonamedotc(a)gmail.com, nushio(a)fedoraproject.org,
obarenbo(a)redhat.com, oliver(a)linux-kernel.at,
orion(a)cora.nwra.com,
paulo.cesar.pereira.de.andrade(a)gmail.com,
pavel(a)zhukoff.net, perl-devel(a)lists.fedoraproject.org,
peter.borsa(a)gmail.com, phalliday(a)excelsiorsystems.net,
pmyers(a)redhat.com, praiskup(a)redhat.com,
promac(a)gmail.com, puiterwijk(a)redhat.com,
pviktori(a)redhat.com, pvoborni(a)redhat.com,
python-maint(a)redhat.com, rbean(a)redhat.com,
rbryant(a)redhat.com, rcritten(a)redhat.com,
relrod(a)redhat.com, rhos-maint(a)redhat.com,
rnovacek(a)redhat.com, robinlee.sysu(a)gmail.com,
satya.komaragiri(a)gmail.com, sclewis(a)redhat.com,
scott(a)foolishpride.org, sdodson(a)sdodson.com,
shawn.iwinski(a)gmail.com, smparrish(a)gmail.com,
ssorce(a)redhat.com, stickster(a)gmail.com, sven(a)lank.es,
tadej.janez(a)tadej.hicsalta.si,
tchollingsworth(a)gmail.com, thomas.moschny(a)gmx.de,
thozza(a)redhat.com, tim4dev(a)gmail.com, tjay(a)redhat.com,
tmckay(a)redhat.com, tomckay(a)redhat.com,
vanmeeuwen+fedora(a)kolabsys.com, volker27(a)gmx.at,
vondruch(a)redhat.com, vonsch(a)gmail.com,
wojdyr(a)gmail.com, wtogami(a)gmail.com,
xlecauch(a)redhat.com, yeylon(a)redhat.com,
yohangraterol92(a)gmail.com, zbyszek(a)in.waw.pl
jQuery UI 1.10.0 release fixes XSS issue [1] in jQuery.ui.dialog title option.
>From [1]:
...
WIDGETS
Dialog
Fixed: Title XSS Vulnerability. (#6016, 7e9060c)
...
Upstream commit that fixes this:
https://github.com/jquery/jquery-ui/commit/7e9060c109b928769a664dbcc2c17b...
More info can be found in the upstream bugtracker [2].
[1]: http://jqueryui.com/changelog/1.10.0/
[2]: http://bugs.jqueryui.com/ticket/6016
--
Note: whiteboard lists quite some packages, which are known to have jQuery
embedded.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=j1lcnw4yn1&a=cc_unsubscribe
7 years, 4 months
[Bug 874942] New: Net-DNS: system configuration is used instead of user's
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=874942
Bug ID: 874942
QA Contact: extras-qa(a)fedoraproject.org
Severity: high
External Bug URL: http://rt.cpan.org/Public/
Version: rawhide
Priority: unspecified
CC: mmaslano(a)redhat.com,
perl-devel(a)lists.fedoraproject.org, psabata(a)redhat.com
Assignee: mmaslano(a)redhat.com
Summary: Net-DNS: system configuration is used instead of
user's
Regression: ---
Story Points: ---
Classification: Fedora
OS: Unspecified
Reporter: mmaslano(a)redhat.com
Type: Bug
Documentation: ---
Hardware: Unspecified
Mount Type: ---
Status: NEW
Component: perl-Net-DNS
Product: Fedora
External Bug ID: CPAN 67602
If I define my own configuration file, system files are used, which could be
security issue. Example: My configuration file is defined as: my $res =
Net::DNS::Resolver->new(config_file => '/my/dns.conf'); These files are read
even if I defined my own file: /etc/resolv.conf $HOME/.resolv.conf
./.resolv.conf Last 2 files shouldn't be read by default since it's possible
security issue - user can drop .resolv.conf pointing to malicious dns server.
This issue was found during testing spamassassin with selinux. For details see:
https://bugzilla.redhat.com/sh ow_bug.cgi?id=628866#c2
I'm reporting this error back into our bugzilla because of last comment in rt:
I think the level of this PR should be elevated to 'security'.
--
You are receiving this mail because:
You are on the CC list for the bug.
7 years, 4 months
[Bug 831716] New: Moving legacy code out of perl-JSON-RPC breaks Bugzilla
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=831716
Bug ID: 831716
QA Contact: extras-qa(a)fedoraproject.org
Severity: high
Version: 17
Priority: unspecified
CC: emmanuel.seyman(a)club-internet.fr,
perl-devel(a)lists.fedoraproject.org
Assignee: emmanuel.seyman(a)club-internet.fr
Summary: Moving legacy code out of perl-JSON-RPC breaks
Bugzilla
Regression: ---
Story Points: ---
Classification: Fedora
OS: Linux
Reporter: lpsolit(a)netscape.net
Type: Bug
Documentation: ---
Hardware: All
Mount Type: ---
Status: NEW
Component: perl-JSON-RPC
Product: Fedora
Bugzilla still uses legacy code from JSON::RPC and despite the perl-JSON-RPC
package is installed, which makes checksetup.pl happy, the JSON-RPC feature of
Bugzilla fails because it cannot find the legacy code. This also prevents
Apache from starting when mod_perl is enabled:
httpd[1938]: Can't locate JSON/RPC/Legacy/Server/CGI.pm in @INC
So the legacy code is still required by Bugzilla, and checksetup.pl and
Bugzilla re confused by this package split.
--
You are receiving this mail because:
You are on the CC list for the bug.
7 years, 4 months