https://bugzilla.redhat.com/show_bug.cgi?id=1719748
Bug ID: 1719748
Summary: jetty-9.4.19.v20190610 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: jetty
Keywords: FutureFeature, Triaged
Assignee: mat.booth(a)redhat.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: eclipse-sig(a)lists.fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
jjohnstn(a)redhat.com, krzysztof.daniel(a)gmail.com,
mat.booth(a)redhat.com, mizdebsk(a)redhat.com,
sochotni(a)redhat.com
Target Milestone: ---
Classification: Fedora
Latest upstream release: 9.4.19.v20190610
Current version/release in rawhide: 9.4.18-2.v20190429.fc31
URL: http://www.eclipse.org/jetty
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from anitya:
https://release-monitoring.org/project/1447/
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1902826
Bug ID: 1902826
Summary: CVE-2020-27218 jetty: buffer not correctly recycled in
Gzip Request inflation
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: abenaiss(a)redhat.com, aboyko(a)redhat.com,
aileenc(a)redhat.com, akoufoud(a)redhat.com,
alazarot(a)redhat.com, almorale(a)redhat.com,
anstephe(a)redhat.com, aos-bugs(a)redhat.com,
ataylor(a)redhat.com, bmontgom(a)redhat.com,
btofel(a)redhat.com, chazlett(a)redhat.com,
drieden(a)redhat.com,
eclipse-sig(a)lists.fedoraproject.org,
eparis(a)redhat.com, etirelli(a)redhat.com,
ganandan(a)redhat.com, ggaughan(a)redhat.com,
gmalinko(a)redhat.com, gvarsami(a)redhat.com,
ibek(a)redhat.com, janstey(a)redhat.com,
java-maint(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jburrell(a)redhat.com, jcoleman(a)redhat.com,
jjohnstn(a)redhat.com, jochrist(a)redhat.com,
jokerman(a)redhat.com, jstastny(a)redhat.com,
jwon(a)redhat.com, kconner(a)redhat.com,
krathod(a)redhat.com, krzysztof.daniel(a)gmail.com,
kverlaen(a)redhat.com, ldimaggi(a)redhat.com,
mat.booth(a)redhat.com, mizdebsk(a)redhat.com,
mnovotny(a)redhat.com, nstielau(a)redhat.com,
nwallace(a)redhat.com, pbhattac(a)redhat.com,
pdrozd(a)redhat.com, pjindal(a)redhat.com,
rrajasek(a)redhat.com, rsynek(a)redhat.com,
rwagner(a)redhat.com, sdaley(a)redhat.com,
sd-operator-metering(a)redhat.com, sochotni(a)redhat.com,
sponnaga(a)redhat.com, sthorger(a)redhat.com,
tcunning(a)redhat.com, tkirby(a)redhat.com,
vbobade(a)redhat.com
Target Milestone: ---
Classification: Other
In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to
10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation
is enabled and requests from different clients are multiplexed onto a single
connection, and if an attacker can send a request with a body that is received
entirely but not consumed by the application, then a subsequent request on the
same connection will see that body prepended to its body. The attacker will not
see any data but may inject data into the body of the subsequent request.
References:
https://bugs.eclipse.org/bugs/show_bug.cgi?id=568892https://github.com/eclipse/jetty.project/security/advisories/GHSA-86wm-rrjm…
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1900374
Bug ID: 1900374
Summary: M2E plugin stop works after upgrade
Product: Fedora
Version: 33
Hardware: x86_64
OS: Linux
Status: NEW
Component: eclipse-m2e-core
Severity: urgent
Assignee: mat.booth(a)redhat.com
Reporter: danielsun3164(a)gmail.com
QA Contact: extras-qa(a)fedoraproject.org
CC: eclipse-sig(a)lists.fedoraproject.org, gerard(a)ryan.lt,
mat.booth(a)redhat.com, mizdebsk(a)redhat.com
Target Milestone: ---
Classification: Fedora
Created attachment 1732101
--> https://bugzilla.redhat.com/attachment.cgi?id=1732101&action=edit
.metadata/.log in new workspace
Description of problem:
I upgraded several eclipse packages today and M2E plugin stopped works.
Version-Release number of selected component (if applicable):
$ rpm -q eclipse-platform eclipse-m2e-core lucene
eclipse-platform-4.17-3.fc33.x86_64
eclipse-m2e-core-1.16.2-1.fc33.noarch
lucene-8.6.3-1.fc33.noarch
How reproducible:
Everytime
Steps to Reproduce:
1. Open eclipse in a new workspace
2. Create a new Maven Project
Actual results:
A dialog as following was displayed:
title: Multiple problems have occurred
Message: The selected wizard could not be started.
Problem Opening Wizard
(Details:
The selected wizard could not be started.
Plug-in org.eclipse.m2e.core.ui was unable to load class
org.eclipse.m2e.core.ui.internal.wizards.MavenProjectWizard.
An error occurred while automatically activating bundle org.eclipse.m2e.core.ui
(5821).)
Updaing Maven Dependencies
(Details:
An internal error occurred during: "Updating Maven Dependencies".
org/eclipse/m2e/core/internal/embedder/MavenExecutionContext)
Expected results:
M2E plugin should works without errors.
Additional info:
Openning an existing workspace with maven project got the same "Updaing Maven
Dependencies" error.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1889417
Bug ID: 1889417
Summary: Eclipse Repository loader constraint violation after
adding JBoss Developer Tools 4.16
Product: Fedora
Version: 33
Status: NEW
Component: eclipse-m2e-core
Assignee: mat.booth(a)redhat.com
Reporter: shihping.chan(a)gmail.com
QA Contact: extras-qa(a)fedoraproject.org
CC: eclipse-sig(a)lists.fedoraproject.org, gerard(a)ryan.lt,
mat.booth(a)redhat.com, mizdebsk(a)redhat.com
Target Milestone: ---
Classification: Fedora
Description of problem:
After adding the rest of JBoss Developer Tools 4.16.0 to a relatively clean
eclipse
get
An internal error occurred during: "Repository registry initialization".
loader constraint violation: when resolving interface method
'org.apache.maven.index.context.IndexingContext
org.apache.maven.index.NexusIndexer.addIndexingContextForced(java.lang.String,
java.lang.String, java.io.File, org.apache.lucene.store.Directory,
java.lang.String, java.lang.String, java.util.List)' the class loader
org.eclipse.osgi.internal.loader.EquinoxClassLoader @ca944c6 of the current
class, org/eclipse/m2e/core/internal/index/nexus/NexusIndexManager, and the
class loader org.eclipse.osgi.internal.loader.EquinoxClassLoader @34e347a5 for
the method's defining class, org/apache/maven/index/NexusIndexer, have
different Class objects for the type org/apache/lucene/store/Directory used in
the signature (org.eclipse.m2e.core.internal.index.nexus.NexusIndexManager is
in unnamed module of loader org.eclipse.osgi.internal.loader.EquinoxClassLoader
@ca944c6, parent loader 'platform'; org.apache.maven.index.NexusIndexer is in
unnamed module of loader org.eclipse.osgi.internal.loader.EquinoxClassLoader
@34e347a5, parent loader 'platform')
Version-Release number of selected component (if applicable):
eclipse-emf-core-2.22.0-2.fc33.noarch
eclipse-usage-4.16.0-2.fc33.noarch
eclipse-swt-4.16-13.fc33.x86_64
eclipse-m2e-workspace-0.4.0-16.fc33.noarch
eclipse-equinox-osgi-4.16-13.fc33.x86_64
eclipse-ecf-core-3.14.8-5.fc33.noarch
eclipse-platform-4.16-13.fc33.x86_64
eclipse-jdt-4.16-13.fc33.noarch
eclipse-emf-runtime-2.22.0-2.fc33.noarch
eclipse-gef-3.11.0-13.fc33.noarch
eclipse-webtools-common-3.18.0-5.fc33.noarch
eclipse-p2-discovery-4.16-13.fc33.noarch
eclipse-webtools-servertools-3.18.0-5.fc33.noarch
eclipse-emf-xsd-2.22.0-2.fc33.noarch
eclipse-webtools-sourceediting-3.18.0-5.fc33.noarch
eclipse-m2e-core-1.16.1-2.fc33.noarch
eclipse-mpc-1.8.3-2.fc33.noarch
eclipse-pydev-7.7.0-1.fc33.x86_64
How reproducible:
Always
Steps to Reproduce:
1. Remove ~/.eclipse
2. Note: part of JBoss Developer Tools 4.16.0 comes installed
3. Got to Marketplace, install every feature of 4.16.0.
Actual results:
On restart the following mesage
An internal error occurred during: "Repository registry initialization".
loader constraint violation: when resolving interface method
'org.apache.maven.index.context.IndexingContext
org.apache.maven.index.NexusIndexer.addIndexingContextForced(java.lang.String,
java.lang.String, java.io.File, org.apache.lucene.store.Directory,
java.lang.String, java.lang.String, java.util.List)' the class loader
org.eclipse.osgi.internal.loader.EquinoxClassLoader @ca944c6 of the current
class, org/eclipse/m2e/core/internal/index/nexus/NexusIndexManager, and the
class loader org.eclipse.osgi.internal.loader.EquinoxClassLoader @34e347a5 for
the method's defining class, org/apache/maven/index/NexusIndexer, have
different Class objects for the type org/apache/lucene/store/Directory used in
the signature (org.eclipse.m2e.core.internal.index.nexus.NexusIndexManager is
in unnamed module of loader org.eclipse.osgi.internal.loader.EquinoxClassLoader
@ca944c6, parent loader 'platform'; org.apache.maven.index.NexusIndexer is in
unnamed module of loader org.eclipse.osgi.internal.loader.EquinoxClassLoader
@34e347a5, parent loader 'platform')
Expected results:
Features are added with no errors
Additional info:
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1891132
Bug ID: 1891132
Summary: CVE-2020-27216 jetty: local temporary directory
hijacking vulnerability
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: abenaiss(a)redhat.com, aboyko(a)redhat.com,
aileenc(a)redhat.com, akoufoud(a)redhat.com,
alazarot(a)redhat.com, almorale(a)redhat.com,
anstephe(a)redhat.com, aos-bugs(a)redhat.com,
ataylor(a)redhat.com, bmontgom(a)redhat.com,
chazlett(a)redhat.com, drieden(a)redhat.com,
eclipse-sig(a)lists.fedoraproject.org,
eparis(a)redhat.com, etirelli(a)redhat.com,
ganandan(a)redhat.com, ggaughan(a)redhat.com,
gmalinko(a)redhat.com, gvarsami(a)redhat.com,
ibek(a)redhat.com, janstey(a)redhat.com,
java-maint(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jburrell(a)redhat.com, jcoleman(a)redhat.com,
jjohnstn(a)redhat.com, jochrist(a)redhat.com,
jokerman(a)redhat.com, jstastny(a)redhat.com,
jwon(a)redhat.com, kconner(a)redhat.com,
krathod(a)redhat.com, krzysztof.daniel(a)gmail.com,
kverlaen(a)redhat.com, ldimaggi(a)redhat.com,
mat.booth(a)redhat.com, mizdebsk(a)redhat.com,
mnovotny(a)redhat.com, nstielau(a)redhat.com,
nwallace(a)redhat.com, pbhattac(a)redhat.com,
pdrozd(a)redhat.com, pjindal(a)redhat.com,
rrajasek(a)redhat.com, rsynek(a)redhat.com,
rwagner(a)redhat.com, sdaley(a)redhat.com,
sochotni(a)redhat.com, sponnaga(a)redhat.com,
sthorger(a)redhat.com, tcunning(a)redhat.com,
tkirby(a)redhat.com, vbobade(a)redhat.com
Target Milestone: ---
Classification: Other
In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru
10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the
system's temporary directory is shared between all users on that system. A
collocated user can observe the process of creating a temporary sub directory
in the shared temporary directory and race to complete the creation of the
temporary subdirectory. If the attacker wins the race then they will have read
and write permission to the subdirectory used to unpack web applications,
including their WEB-INF/lib jar files and JSP files. If any code is ever
executed out of this temporary directory, this can lead to a local privilege
escalation vulnerability.
References:
https://bugs.eclipse.org/bugs/show_bug.cgi?id=567921https://github.com/eclipse/jetty.project/security/advisories/GHSA-g3wg-6mcf…
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1857369
Bug ID: 1857369
Summary: CVE-2019-17637 eclipse-webtools: XML external entity
vulnerability in DTD Parser/Validator
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: psampaio(a)redhat.com
CC: eclipse-sig(a)lists.fedoraproject.org, gerard(a)ryan.lt,
mat.booth(a)redhat.com
Target Milestone: ---
Classification: Other
In all versions of Eclipse Web Tools Platform through release 3.18 (2020-06),
XML and DTD files referring to external entities could be exploited to send the
contents of local files to a remote server when edited or validated, even when
external entity resolution is disabled in the user preferences.
Upstream bug:
https://bugs.eclipse.org/bugs/show_bug.cgi?id=458571
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1857370
Bug ID: 1857370
Summary: CVE-2019-17637 eclipse-webtools: XML external entity
vulnerability in DTD Parser/Validator [fedora-all]
Product: Fedora
Version: 32
Status: NEW
Component: eclipse-webtools
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: mat.booth(a)redhat.com
Reporter: psampaio(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: eclipse-sig(a)lists.fedoraproject.org, gerard(a)ryan.lt,
mat.booth(a)redhat.com
Target Milestone: ---
Classification: Fedora
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1891670
Bug ID: 1891670
Summary: Where is Eclispe WorkSpace Chose buttion
Product: Fedora
Version: 32
Hardware: All
OS: Linux
Status: NEW
Component: eclipse
Severity: high
Assignee: mat.booth(a)redhat.com
Reporter: flydove(a)qq.com
QA Contact: extras-qa(a)fedoraproject.org
CC: akurtako(a)redhat.com, andjrobins(a)gmail.com,
dbhole(a)redhat.com, ebaron(a)redhat.com,
eclipse-sig(a)lists.fedoraproject.org,
jerboaa(a)gmail.com, jjohnstn(a)redhat.com,
lef(a)fedoraproject.org, mat.booth(a)redhat.com,
rgrunber(a)redhat.com
Target Milestone: ---
Classification: Fedora
Created attachment 1724459
--> https://bugzilla.redhat.com/attachment.cgi?id=1724459&action=edit
Where is Eclispe WorkSpace Chose buttion
Where is Eclispe WorkSpace Chose buttion
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1832383
Bug ID: 1832383
Summary: Unable to build maven projects from eclipse
Product: Fedora
Version: 32
Status: NEW
Component: eclipse-m2e-core
Severity: high
Assignee: mat.booth(a)redhat.com
Reporter: danielsun3164(a)gmail.com
QA Contact: extras-qa(a)fedoraproject.org
CC: eclipse-sig(a)lists.fedoraproject.org, gerard(a)ryan.lt,
mat.booth(a)redhat.com, mizdebsk(a)redhat.com
Target Milestone: ---
Classification: Fedora
Created attachment 1685783
--> https://bugzilla.redhat.com/attachment.cgi?id=1685783&action=edit
Eclipse metadata/.log
Description of problem:
Unable to build maven projects from eclipse
Version-Release number of selected component (if applicable):
$ rpm -q eclipse-jdt eclipse-m2e-core maven-archetype-common
maven-artifact-transfer
eclipse-jdt-4.15-5.module_f32+8555+6b76193d.noarch
eclipse-m2e-core-1.15.0-3.module_f32+8482+8510b2e7.noarch
maven-archetype-common-3.1.1-1.module_f32+8422+d2b9781b.noarch
maven-artifact-transfer-0.11.0-2.fc32.noarch
How reproducible:
Everytime
Steps to Reproduce:
1. Open Eclipse.
2. Try to create a new maven project or build a existing maven project
3.
Actual results:
An error dialog will be displayed.
Expected results:
Maven projects should be builded or created successfully.
Additional info:
According to https://bugzilla.redhat.com/show_bug.cgi?id=1704981 , Update
"maven-archetype-common" from "3.1.1" to "3.1.2" could solve this problem, but
I cannot find maven-archetype-common-3.1.2 package anywhere.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1891133
Bug ID: 1891133
Summary: CVE-2020-27216 jetty: local temporary directory
hijacking vulnerability [fedora-all]
Product: Fedora
Version: 32
Status: NEW
Component: jetty
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: mat.booth(a)redhat.com
Reporter: gsuckevi(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: eclipse-sig(a)lists.fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
jjohnstn(a)redhat.com, krzysztof.daniel(a)gmail.com,
mat.booth(a)redhat.com, mizdebsk(a)redhat.com,
sochotni(a)redhat.com
Target Milestone: ---
Classification: Fedora
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.