eclipse-sig December 2021

eclipse-sig@lists.stg.fedoraproject.org

1 participants
32 discussions

[Bug 1987439] New: eclipse-gef: FTBFS in Fedora rawhide/f35
by bugzilla＠redhat.com 08 Mar '22

08 Mar '22

https://bugzilla.redhat.com/show_bug.cgi?id=1987439 Bug ID: 1987439 Summary: eclipse-gef: FTBFS in Fedora rawhide/f35 Product: Fedora Version: rawhide Status: NEW Component: eclipse-gef Assignee: akurtako(a)redhat.com Reporter: releng(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: akurtako(a)redhat.com, eclipse-sig(a)lists.fedoraproject.org, mat.booth(a)gmail.com, rgrunber(a)redhat.com Blocks: 1927309 (F35FTBFS,RAWHIDEFTBFS) Target Milestone: --- Classification: Fedora eclipse-gef failed to build from source in Fedora rawhide/f35 https://koji.fedoraproject.org/koji/taskinfo?taskID=72340539 For details on the mass rebuild see: https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild Please fix eclipse-gef at your earliest convenience and set the bug's status to ASSIGNED when you start fixing it. If the bug remains in NEW state for 8 weeks, eclipse-gef will be orphaned. Before branching of Fedora 36, eclipse-gef will be retired, if it still fails to build. For more details on the FTBFS policy, please visit: https://docs.fedoraproject.org/en-US/fesco/Fails_to_build_from_source_Fails… Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1927309 [Bug 1927309] Fedora 35 FTBFS Tracker -- You are receiving this mail because: You are on the CC list for the bug.

1 15

[Bug 1987446] New: eclipse-subclipse: FTBFS in Fedora rawhide/f35
by bugzilla＠redhat.com 08 Mar '22

08 Mar '22

https://bugzilla.redhat.com/show_bug.cgi?id=1987446 Bug ID: 1987446 Summary: eclipse-subclipse: FTBFS in Fedora rawhide/f35 Product: Fedora Version: rawhide Status: NEW Component: eclipse-subclipse Assignee: akurtako(a)redhat.com Reporter: releng(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: akurtako(a)redhat.com, eclipse-sig(a)lists.fedoraproject.org, krzysztof.daniel(a)gmail.com, mat.booth(a)gmail.com Blocks: 1927309 (F35FTBFS,RAWHIDEFTBFS) Target Milestone: --- Classification: Fedora eclipse-subclipse failed to build from source in Fedora rawhide/f35 https://koji.fedoraproject.org/koji/taskinfo?taskID=72340605 For details on the mass rebuild see: https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild Please fix eclipse-subclipse at your earliest convenience and set the bug's status to ASSIGNED when you start fixing it. If the bug remains in NEW state for 8 weeks, eclipse-subclipse will be orphaned. Before branching of Fedora 36, eclipse-subclipse will be retired, if it still fails to build. For more details on the FTBFS policy, please visit: https://docs.fedoraproject.org/en-US/fesco/Fails_to_build_from_source_Fails… Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1927309 [Bug 1927309] Fedora 35 FTBFS Tracker -- You are receiving this mail because: You are on the CC list for the bug.

1 13

[Bug 1987442] New: eclipse-license: FTBFS in Fedora rawhide/f35
by bugzilla＠redhat.com 08 Mar '22

08 Mar '22

https://bugzilla.redhat.com/show_bug.cgi?id=1987442 Bug ID: 1987442 Summary: eclipse-license: FTBFS in Fedora rawhide/f35 Product: Fedora Version: rawhide Status: NEW Component: eclipse-license Assignee: akurtako(a)redhat.com Reporter: releng(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: akurtako(a)redhat.com, eclipse-sig(a)lists.fedoraproject.org, mat.booth(a)gmail.com Blocks: 1927309 (F35FTBFS,RAWHIDEFTBFS) Target Milestone: --- Classification: Fedora eclipse-license failed to build from source in Fedora rawhide/f35 https://koji.fedoraproject.org/koji/taskinfo?taskID=72340559 For details on the mass rebuild see: https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild Please fix eclipse-license at your earliest convenience and set the bug's status to ASSIGNED when you start fixing it. If the bug remains in NEW state for 8 weeks, eclipse-license will be orphaned. Before branching of Fedora 36, eclipse-license will be retired, if it still fails to build. For more details on the FTBFS policy, please visit: https://docs.fedoraproject.org/en-US/fesco/Fails_to_build_from_source_Fails… Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1927309 [Bug 1927309] Fedora 35 FTBFS Tracker -- You are receiving this mail because: You are on the CC list for the bug.

1 14

[Bug 2002524] New: Marketplace eclipse-mpc
by bugzilla＠redhat.com 17 Dec '21

17 Dec '21

https://bugzilla.redhat.com/show_bug.cgi?id=2002524 Bug ID: 2002524 Summary: Marketplace eclipse-mpc Product: Fedora Version: 34 Hardware: x86_64 OS: Linux Status: NEW Component: eclipse-mpc Severity: high Assignee: extras-orphan(a)fedoraproject.org Reporter: flydove(a)qq.com QA Contact: extras-qa(a)fedoraproject.org CC: eclipse-sig(a)lists.fedoraproject.org, extras-orphan(a)fedoraproject.org, mat.booth(a)gmail.com, rgrunber(a)redhat.com Target Milestone: --- Classification: Fedora Eclipse Marketplace is Not Found On Help Menu -- You are receiving this mail because: You are on the CC list for the bug.

1 2

[Bug 1933816] New: CVE-2020-11988 xmlgraphics-commons: SSRF due to improper input validation by the XMPParser
by bugzilla＠redhat.com 14 Dec '21

14 Dec '21

https://bugzilla.redhat.com/show_bug.cgi?id=1933816 Bug ID: 1933816 Summary: CVE-2020-11988 xmlgraphics-commons: SSRF due to improper input validation by the XMPParser Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: gsuckevi(a)redhat.com CC: aileenc(a)redhat.com, akoufoud(a)redhat.com, akurtako(a)redhat.com, alazarot(a)redhat.com, almorale(a)redhat.com, andjrobins(a)gmail.com, anstephe(a)redhat.com, bibryam(a)redhat.com, chazlett(a)redhat.com, dbhole(a)redhat.com, drieden(a)redhat.com, ebaron(a)redhat.com, eclipse-sig(a)lists.fedoraproject.org, etirelli(a)redhat.com, ganandan(a)redhat.com, ggaughan(a)redhat.com, gmalinko(a)redhat.com, hbraun(a)redhat.com, ibek(a)redhat.com, janstey(a)redhat.com, java-maint(a)redhat.com, jerboaa(a)gmail.com, jjohnstn(a)redhat.com, jkang(a)redhat.com, jochrist(a)redhat.com, jstastny(a)redhat.com, jwon(a)redhat.com, krathod(a)redhat.com, kverlaen(a)redhat.com, lef(a)fedoraproject.org, mat.booth(a)redhat.com, mcermak(a)redhat.com, mizdebsk(a)redhat.com, mnovotny(a)redhat.com, mprchlik(a)redhat.com, pantinor(a)redhat.com, patrickm(a)redhat.com, pjindal(a)redhat.com, rgrunber(a)redhat.com, rlandman(a)redhat.com, rrajasek(a)redhat.com, rsynek(a)redhat.com, sdaley(a)redhat.com, vkadlcik(a)redhat.com Target Milestone: --- Classification: Other Apache XmlGraphics Commons 2.4 is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. References: https://xmlgraphics.apache.org/security.html https://www.openwall.com/lists/oss-security/2021/02/24/1 -- You are receiving this mail because: You are on the CC list for the bug.

1 18

[Bug 1933808] New: CVE-2020-11987 batik: SSRF due to improper input validation by the NodePickerPanel
by bugzilla＠redhat.com 14 Dec '21

14 Dec '21

https://bugzilla.redhat.com/show_bug.cgi?id=1933808 Bug ID: 1933808 Summary: CVE-2020-11987 batik: SSRF due to improper input validation by the NodePickerPanel Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: gsuckevi(a)redhat.com CC: aileenc(a)redhat.com, akurtako(a)redhat.com, andjrobins(a)gmail.com, chazlett(a)redhat.com, dbhole(a)redhat.com, drieden(a)redhat.com, ebaron(a)redhat.com, eclipse-sig(a)lists.fedoraproject.org, ggaughan(a)redhat.com, gmalinko(a)redhat.com, janstey(a)redhat.com, java-maint(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, jerboaa(a)gmail.com, jjohnstn(a)redhat.com, jkang(a)redhat.com, jochrist(a)redhat.com, jvanek(a)redhat.com, jwon(a)redhat.com, lef(a)fedoraproject.org, mat.booth(a)redhat.com, mizdebsk(a)redhat.com, rgrunber(a)redhat.com Target Milestone: --- Classification: Other Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. References: https://xmlgraphics.apache.org/security.html https://www.openwall.com/lists/oss-security/2021/02/24/2 -- You are receiving this mail because: You are on the CC list for the bug.

1 13

[Bug 1937440] New: CVE-2020-13936 velocity: arbitrary code execution when attacker is able to modify templates
by bugzilla＠redhat.com 02 Dec '21

02 Dec '21

https://bugzilla.redhat.com/show_bug.cgi?id=1937440 Bug ID: 1937440 Summary: CVE-2020-13936 velocity: arbitrary code execution when attacker is able to modify templates Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: high Priority: high Assignee: security-response-team(a)redhat.com Reporter: gsuckevi(a)redhat.com CC: aboyko(a)redhat.com, aileenc(a)redhat.com, akoufoud(a)redhat.com, akurtako(a)redhat.com, alazarot(a)redhat.com, almorale(a)redhat.com, andjrobins(a)gmail.com, anstephe(a)redhat.com, aos-bugs(a)redhat.com, asoldano(a)redhat.com, atangrin(a)redhat.com, ataylor(a)redhat.com, bbaranow(a)redhat.com, bibryam(a)redhat.com, bmaxwell(a)redhat.com, bmontgom(a)redhat.com, brian.stansberry(a)redhat.com, cdewolf(a)redhat.com, chazlett(a)redhat.com, darran.lofthouse(a)redhat.com, dbhole(a)redhat.com, decathorpe(a)gmail.com, devrim(a)gunduz.org, dkreling(a)redhat.com, dosoudil(a)redhat.com, drieden(a)redhat.com, ebaron(a)redhat.com, eclipse-sig(a)lists.fedoraproject.org, eleandro(a)redhat.com, eparis(a)redhat.com, etirelli(a)redhat.com, fjuma(a)redhat.com, ganandan(a)redhat.com, ggaughan(a)redhat.com, gmalinko(a)redhat.com, gvarsami(a)redhat.com, hbraun(a)redhat.com, ibek(a)redhat.com, iweiss(a)redhat.com, janstey(a)redhat.com, java-maint(a)redhat.com, java-maint-sig(a)lists.fedoraproject.org, java-sig-commits(a)lists.fedoraproject.org, jburrell(a)redhat.com, jcantril(a)redhat.com, jcoleman(a)redhat.com, jerboaa(a)gmail.com, jjohnstn(a)redhat.com, jochrist(a)redhat.com, jokerman(a)redhat.com, jolee(a)redhat.com, jperkins(a)redhat.com, jross(a)redhat.com, jschatte(a)redhat.com, jstastny(a)redhat.com, jwon(a)redhat.com, kconner(a)redhat.com, krathod(a)redhat.com, kverlaen(a)redhat.com, kwills(a)redhat.com, ldimaggi(a)redhat.com, lef(a)fedoraproject.org, lgao(a)redhat.com, loleary(a)redhat.com, mat.booth(a)redhat.com, mizdebsk(a)redhat.com, mnovotny(a)redhat.com, msochure(a)redhat.com, msvehla(a)redhat.com, nstielau(a)redhat.com, nwallace(a)redhat.com, pantinor(a)redhat.com, pjindal(a)redhat.com, pmackay(a)redhat.com, rgrunber(a)redhat.com, rguimara(a)redhat.com, rhcs-maint(a)redhat.com, rrajasek(a)redhat.com, rstancel(a)redhat.com, rsvoboda(a)redhat.com, rsynek(a)redhat.com, rwagner(a)redhat.com, sdaley(a)redhat.com, sd-operator-metering(a)redhat.com, smaestri(a)redhat.com, sochotni(a)redhat.com, spinder(a)redhat.com, sponnaga(a)redhat.com, tcunning(a)redhat.com, tflannag(a)redhat.com, theute(a)redhat.com, tkirby(a)redhat.com, tom.jenkinson(a)redhat.com, yborgess(a)redhat.com Target Milestone: --- Classification: Other An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to upload/modify velocity templates running Apache Velocity Engine versions up to 2.2. References: https://lists.apache.org/thread.html/r01043f584cbd47959fabe18fff64de940f81a… http://www.openwall.com/lists/oss-security/2021/03/10/1 -- You are receiving this mail because: You are on the CC list for the bug.

1 40

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

eclipse-sig December 2021