java-sig-commits October 2019

java-sig-commits@lists.fedoraproject.org

1 participants
502 discussions

[Bug 1703402] New: CVE-2019-2692 mysql-connector-java: privilege escalation in MySQL connector
by bugzilla＠redhat.com 16 Dec '20

16 Dec '20

https://bugzilla.redhat.com/show_bug.cgi?id=1703402 Bug ID: 1703402 Summary: CVE-2019-2692 mysql-connector-java: privilege escalation in MySQL connector Product: Security Response Hardware: All OS: Linux Status: NEW Whiteboard: impact=moderate,public=20190423,reported=20190424,sour ce=cve,cvss3=6.3/CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/ I:H/A:H,cwe=CWE-843,fedora-all/mysql-connector-java=no taffected,openshift-enterprise-3/mysql-connector-java= new,fsw-6/mysql-connector-java=new,fuse-7/mysql-connec tor-java=new,rhel-6/mysql-connector-java=new,rhel-7/my sql-connector-java=new,rhn_satellite_6/mysql-connector -java=new Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: darunesh(a)redhat.com CC: ahardin(a)redhat.com, aileenc(a)redhat.com, bbuckingham(a)redhat.com, bcourt(a)redhat.com, bkearney(a)redhat.com, bleanhar(a)redhat.com, btotty(a)redhat.com, ccoleman(a)redhat.com, chazlett(a)redhat.com, databases-maint(a)redhat.com, dedgar(a)redhat.com, eparis(a)redhat.com, gvarsami(a)redhat.com, hhorak(a)redhat.com, hhudgeon(a)redhat.com, janstey(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, jcoleman(a)redhat.com, jgoulding(a)redhat.com, jjanco(a)redhat.com, jochrist(a)redhat.com, jokerman(a)redhat.com, kconner(a)redhat.com, ldimaggi(a)redhat.com, mchappel(a)redhat.com, mmccune(a)redhat.com, mmuzila(a)redhat.com, mschorm(a)redhat.com, nwallace(a)redhat.com, puntogil(a)libero.it, rchan(a)redhat.com, rjerrido(a)redhat.com, rwagner(a)redhat.com, steve.traylen(a)cern.ch, tcunning(a)redhat.com, tkirby(a)redhat.com, xjakub(a)fi.muni.cz Target Milestone: --- Classification: Other Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. Reference: http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html -- You are receiving this mail because: You are on the CC list for the bug.

1 10

[Bug 1758992] New: CVE-2019-16370 gradle: PGP signing plugin security bypass
by bugzilla＠redhat.com 30 Nov '20

30 Nov '20

https://bugzilla.redhat.com/show_bug.cgi?id=1758992 Bug ID: 1758992 Summary: CVE-2019-16370 gradle: PGP signing plugin security bypass Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: darunesh(a)redhat.com CC: csutherl(a)redhat.com, dan(a)danieljamesscott.org, decathorpe(a)gmail.com, gzaronik(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, jclere(a)redhat.com, jjelen(a)redhat.com, lgao(a)redhat.com, lkundrak(a)v3.sk, mbabacek(a)redhat.com, mizdebsk(a)redhat.com, msimacek(a)redhat.com, myarboro(a)redhat.com, twalsh(a)redhat.com, weli(a)redhat.com Target Milestone: --- Classification: Other The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900. Reference: https://github.com/gradle/gradle/commit/425b2b7a50cd84106a77cdf1ab665c89c6b… https://github.com/gradle/gradle/pull/10543 -- You are receiving this mail because: You are on the CC list for the bug.

1 6

[Bug 1758994] New: CVE-2019-16370 gradle: PGP signing plugin security bypass [epel-6]
by bugzilla＠redhat.com 30 Nov '20

30 Nov '20

https://bugzilla.redhat.com/show_bug.cgi?id=1758994 Bug ID: 1758994 Summary: CVE-2019-16370 gradle: PGP signing plugin security bypass [epel-6] Product: Fedora EPEL Version: el6 Status: NEW Component: gradle Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: mizdebsk(a)redhat.com Reporter: darunesh(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: dan(a)danieljamesscott.org, java-sig-commits(a)lists.fedoraproject.org, lkundrak(a)v3.sk, mizdebsk(a)redhat.com, msimacek(a)redhat.com Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of epel-6. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. -- You are receiving this mail because: You are on the CC list for the bug.

1 5

[Bug 1756388] New: CVE-2019-15052 gradle: sends authentication credentials originally destined for the configured host
by bugzilla＠redhat.com 30 Nov '20

30 Nov '20

https://bugzilla.redhat.com/show_bug.cgi?id=1756388 Bug ID: 1756388 Summary: CVE-2019-15052 gradle: sends authentication credentials originally destined for the configured host Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: high Priority: high Assignee: security-response-team(a)redhat.com Reporter: gsuckevi(a)redhat.com CC: csutherl(a)redhat.com, dan(a)danieljamesscott.org, decathorpe(a)gmail.com, gzaronik(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, jclere(a)redhat.com, jjelen(a)redhat.com, lgao(a)redhat.com, lkundrak(a)v3.sk, mbabacek(a)redhat.com, mizdebsk(a)redhat.com, msimacek(a)redhat.com, myarboro(a)redhat.com, twalsh(a)redhat.com, weli(a)redhat.com Target Milestone: --- Classification: Other The HTTP client in Gradle before 5.6 sends authentication credentials originally destined for the configured host. If that host returns a 30x redirect, Gradle also sends those credentials to all subsequent hosts that the request redirects to. This is similar to CVE-2018-1000007. References: https://github.com/gradle/gradle/issues/10278 https://github.com/gradle/gradle/pull/10176 https://github.com/gradle/gradle/security/advisories/GHSA-4cwg-f7qc-6r95 -- You are receiving this mail because: You are on the CC list for the bug.

1 8

[Bug 1756390] New: CVE-2019-15052 gradle: sends authentication credentials originally destined for the configured host [epel-6]
by bugzilla＠redhat.com 30 Nov '20

30 Nov '20

https://bugzilla.redhat.com/show_bug.cgi?id=1756390 Bug ID: 1756390 Summary: CVE-2019-15052 gradle: sends authentication credentials originally destined for the configured host [epel-6] Product: Fedora EPEL Version: el6 Status: NEW Component: gradle Keywords: Security, SecurityTracking Severity: high Priority: high Assignee: mizdebsk(a)redhat.com Reporter: gsuckevi(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: dan(a)danieljamesscott.org, java-sig-commits(a)lists.fedoraproject.org, lkundrak(a)v3.sk, mizdebsk(a)redhat.com, msimacek(a)redhat.com Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of epel-6. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. -- You are receiving this mail because: You are on the CC list for the bug.

1 5

[Bug 1767371] New: elasticsearch dependencies
by bugzilla＠redhat.com 24 Nov '20

24 Nov '20

https://bugzilla.redhat.com/show_bug.cgi?id=1767371 Bug ID: 1767371 Summary: elasticsearch dependencies Product: Fedora Version: 31 Status: NEW Component: elasticsearch Assignee: bazanluis20(a)gmail.com Reporter: mail(a)lukaszposadowski.pl QA Contact: extras-qa(a)fedoraproject.org CC: bazanluis20(a)gmail.com, bobjensen(a)gmail.com, java-sig-commits(a)lists.fedoraproject.org, jvanek(a)redhat.com, pahan(a)hubbitus.info, zbyszek(a)in.waw.pl Target Milestone: --- Classification: Fedora Description of problem: elascticsearchpackage has unmet dependencies. Version-Release number of selected component (if applicable): elasticsearch.noarch 1.7.1-3.fc24 fedora How reproducible: Steps to Reproduce: 1. dnf install elasticsearch 2. 3. Actual results: dnf install elasticsearch Last metadata expiration check: 2:08:15 ago on Thu Oct 31 08:58:08 2019. Error: Problem: conflicting requests - nothing provides mvn(org.apache.lucene:lucene-analyzers-common:4.10.4) needed by elasticsearch-1.7.1-3.fc24.noarch - nothing provides mvn(org.apache.lucene:lucene-core:4.10.4) needed by elasticsearch-1.7.1-3.fc24.noarch - nothing provides mvn(org.apache.lucene:lucene-highlighter:4.10.4) needed by elasticsearch-1.7.1-3.fc24.noarch - nothing provides mvn(org.apache.lucene:lucene-join:4.10.4) needed by elasticsearch-1.7.1-3.fc24.noarch - nothing provides mvn(org.apache.lucene:lucene-memory:4.10.4) needed by elasticsearch-1.7.1-3.fc24.noarch - nothing provides mvn(org.apache.lucene:lucene-queries:4.10.4) needed by elasticsearch-1.7.1-3.fc24.noarch - nothing provides mvn(org.apache.lucene:lucene-queryparser:4.10.4) needed by elasticsearch-1.7.1-3.fc24.noarch - nothing provides mvn(org.apache.lucene:lucene-sandbox:4) needed by elasticsearch-1.7.1-3.fc24.noarch - nothing provides mvn(org.apache.lucene:lucene-spatial:4.10.4) needed by elasticsearch-1.7.1-3.fc24.noarch - nothing provides mvn(org.apache.lucene:lucene-suggest:4.10.4) needed by elasticsearch-1.7.1-3.fc24.noarch (try to add '--skip-broken' to skip uninstallable packages) Expected results: Additional info: -- You are receiving this mail because: You are on the CC list for the bug.

1 7

[Bug 1691250] New: Upgrade snmp4j to 3.0.2
by bugzilla＠redhat.com 24 Nov '20

24 Nov '20

https://bugzilla.redhat.com/show_bug.cgi?id=1691250 Bug ID: 1691250 Summary: Upgrade snmp4j to 3.0.2 Product: Fedora Version: rawhide Status: NEW Component: snmp4j Keywords: Rebase Assignee: puntogil(a)libero.it Reporter: sbonazzo(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, puntogil(a)libero.it Target Milestone: --- Classification: Fedora Fedora currently ships 2.4.1 (2015-12-30) while upstream released 3.0.2 (2018-10-10) -- You are receiving this mail because: You are on the CC list for the bug.

1 3

[Bug 1663016] New: OpenNLP 1.9.1 available
by bugzilla＠redhat.com 24 Nov '20

24 Nov '20

https://bugzilla.redhat.com/show_bug.cgi?id=1663016 Bug ID: 1663016 Summary: OpenNLP 1.9.1 available Product: Fedora Version: 29 Hardware: x86_64 OS: Linux Status: NEW Component: opennlp Severity: low Assignee: puntogil(a)libero.it Reporter: edgar.hoch(a)ims.uni-stuttgart.de QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, puntogil(a)libero.it Target Milestone: --- Classification: Fedora Created attachment 1518001 --> https://bugzilla.redhat.com/attachment.cgi?id=1518001&action=edit opennlp.spec for 1.9.1 Description of problem: OpenNLP package distributed by Fedora 29 is more that four years old. Current OpenNLP version is 1.9.1. I have used the spec file of opennlp-1.5.3-7.fc29 and modified it until mock creates packages for version 1.9.1. It may be that it can be more optimized. It would be nice if someone could check it and creates updated packages for the public. Version-Release number of selected component (if applicable): opennlp-1.5.3-7.fc29.noarch -- You are receiving this mail because: You are on the CC list for the bug.

1 5

[Bug 1737002] New: zookeeper: FTBFS in Fedora rawhide/f31
by bugzilla＠redhat.com 24 Nov '20

24 Nov '20

https://bugzilla.redhat.com/show_bug.cgi?id=1737002 Bug ID: 1737002 Summary: zookeeper: FTBFS in Fedora rawhide/f31 Product: Fedora Version: rawhide Status: NEW Component: zookeeper Assignee: tstclair(a)heptio.com Reporter: releng(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: ctubbsii(a)fedoraproject.org, java-sig-commits(a)lists.fedoraproject.org, mluscon(a)gmail.com, s(a)shk.io, tstclair(a)heptio.com Blocks: 1732841 Target Milestone: --- Classification: Fedora zookeeper failed to build from source in Fedora rawhide/f31 https://koji.fedoraproject.org/koji/taskinfo?taskID=36638240 For details on the mass rebuild see: https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild Please fix zookeeper at your earliest convenience and set the bug's status to ASSIGNED when you start fixing it. If the bug remains in NEW state for 8 weeks, zookeeper will be orphaned. Before branching of Fedora 32, zookeeper will be retired, if it still fails to build. For more details on the FTBFS policy, please visit: https://fedoraproject.org/wiki/Fails_to_build_from_source Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1732841 [Bug 1732841] (F31FTBFS) - Fedora 31 FTBFS Tracker -- You are receiving this mail because: You are on the CC list for the bug.

1 20

[Bug 1737001] New: zkclient: FTBFS in Fedora rawhide/f31
by bugzilla＠redhat.com 24 Nov '20

24 Nov '20

https://bugzilla.redhat.com/show_bug.cgi?id=1737001 Bug ID: 1737001 Summary: zkclient: FTBFS in Fedora rawhide/f31 Product: Fedora Version: rawhide Status: NEW Component: zkclient Assignee: extras-orphan(a)fedoraproject.org Reporter: releng(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: extras-orphan(a)fedoraproject.org, java-sig-commits(a)lists.fedoraproject.org, puntogil(a)libero.it Blocks: 1732841 Target Milestone: --- Classification: Fedora zkclient failed to build from source in Fedora rawhide/f31 https://koji.fedoraproject.org/koji/taskinfo?taskID=36638239 For details on the mass rebuild see: https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild Please fix zkclient at your earliest convenience and set the bug's status to ASSIGNED when you start fixing it. If the bug remains in NEW state for 8 weeks, zkclient will be orphaned. Before branching of Fedora 32, zkclient will be retired, if it still fails to build. For more details on the FTBFS policy, please visit: https://fedoraproject.org/wiki/Fails_to_build_from_source Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1732841 [Bug 1732841] (F31FTBFS) - Fedora 31 FTBFS Tracker -- You are receiving this mail because: You are on the CC list for the bug.

1 18

← Newer
1
2
3
4
5
6
7
...
51
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

java-sig-commits October 2019