java-sig-commits March 2019

java-sig-commits@lists.fedoraproject.org

1 participants
183 discussions

[Bug 1663907] New: CVE-2018-20535 nasm: Use-after-free at asm/preproc.c resulting in a denial of service
by bugzilla＠redhat.com 27 Nov '19

27 Nov '19

https://bugzilla.redhat.com/show_bug.cgi?id=1663907 Bug ID: 1663907 Summary: CVE-2018-20535 nasm: Use-after-free at asm/preproc.c resulting in a denial of service Product: Security Response Hardware: All OS: Linux Status: NEW Whiteboard: impact=low,public=20181118,reported=20181228,source=cv e,cvss3=3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A :L,cwe=CWE-416,fedora-all/nasm=affected,rhel-5/nasm=ne w,rhel-6/nasm=new,rhel-7/nasm=new,rhel-8/nasm=new Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team(a)redhat.com Reporter: anemec(a)redhat.com CC: dominik(a)greysector.net, java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, nickc(a)redhat.com Target Milestone: --- Classification: Other A use-after-free vulnerability was found in nasm. A specially crafted file could cause the application to crash. Upstream issue: https://bugzilla.nasm.us/show_bug.cgi?id=3392530 -- You are receiving this mail because: You are on the CC list for the bug.

1 6

[Bug 1663906] New: CVE-2018-1000886 nasm: Buffer overflow in asm/stdscan.c:130 resulting in a denial of service
by bugzilla＠redhat.com 27 Nov '19

27 Nov '19

https://bugzilla.redhat.com/show_bug.cgi?id=1663906 Bug ID: 1663906 Summary: CVE-2018-1000886 nasm: Buffer overflow in asm/stdscan.c:130 resulting in a denial of service Product: Security Response Hardware: All OS: Linux Status: NEW Whiteboard: impact=low,public=20180906,reported=20181221,source=cv e,cvss3=3.3/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A :L,cwe=CWE-122,fedora-all/nasm=affected,rhel-5/nasm=ne w,rhel-6/nasm=new,rhel-7/nasm=new,rhel-8/nasm=new Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team(a)redhat.com Reporter: anemec(a)redhat.com CC: dominik(a)greysector.net, java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, nickc(a)redhat.com Target Milestone: --- Classification: Other A buffer overflow vulnerability was found in nasm. A specially crafted file could trigger endless macro generation and cause the application to crash. Upstream issue: https://bugzilla.nasm.us/show_bug.cgi?id=3392514 -- You are receiving this mail because: You are on the CC list for the bug.

1 6

[Bug 1663909] New: CVE-2018-1000886 CVE-2018-20535 CVE-2018-20538 nasm: various flaws [fedora-all]
by bugzilla＠redhat.com 27 Nov '19

27 Nov '19

https://bugzilla.redhat.com/show_bug.cgi?id=1663909 Bug ID: 1663909 Summary: CVE-2018-1000886 CVE-2018-20535 CVE-2018-20538 nasm: various flaws [fedora-all] Product: Fedora Version: 29 Status: NEW Component: nasm Keywords: Security, SecurityTracking Severity: low Priority: low Assignee: mizdebsk(a)redhat.com Reporter: anemec(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: dominik(a)greysector.net, java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug.

1 7

[Bug 1670704] New: CVE-2019-7147 nasm: Buffer over-read in function crc64ib in crc64.c resulting in denial of service.
by bugzilla＠redhat.com 27 Nov '19

27 Nov '19

https://bugzilla.redhat.com/show_bug.cgi?id=1670704 Bug ID: 1670704 Summary: CVE-2019-7147 nasm: Buffer over-read in function crc64ib in crc64.c resulting in denial of service. Product: Security Response Hardware: All OS: Linux Status: NEW Whiteboard: impact=moderate,public=20190101,reported=20190129,sour ce=cve,cvss3=6.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/ I:N/A:H,cwe=CWE-400,fedora-all/nasm=affected,rhel-5/na sm=new,rhel-6/nasm=new,rhel-7/nasm=new,rhel-8/nasm=new Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: darunesh(a)redhat.com CC: dominik(a)greysector.net, java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, nickc(a)redhat.com Target Milestone: --- Classification: Other A buffer over-read exists in the function crc64ib in crc64.c in nasmlib in Netwide Assembler (NASM) 2.14rc16. A crafted asm input can cause segmentation faults, leading to denial-of-service. References: https://bugzilla.nasm.us/show_bug.cgi?id=3392544 -- You are receiving this mail because: You are on the CC list for the bug.

1 8

[Bug 1670705] New: CVE-2019-7147 nasm: Buffer over-read in function crc64ib in crc64.c resulting in denial of service. [fedora-all]
by bugzilla＠redhat.com 27 Nov '19

27 Nov '19

https://bugzilla.redhat.com/show_bug.cgi?id=1670705 Bug ID: 1670705 Summary: CVE-2019-7147 nasm: Buffer over-read in function crc64ib in crc64.c resulting in denial of service. [fedora-all] Product: Fedora Version: 29 Status: NEW Component: nasm Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: mizdebsk(a)redhat.com Reporter: darunesh(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: dominik(a)greysector.net, java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug.

1 7

[Bug 1689874] New: CVE-2019-1003029 jenkins-script-security-plugin: jenkins-plugin-script-security: sandbox bypass in script security plugin [fedora-all]
by bugzilla＠redhat.com 27 Nov '19

27 Nov '19

https://bugzilla.redhat.com/show_bug.cgi?id=1689874 Bug ID: 1689874 Summary: CVE-2019-1003029 jenkins-script-security-plugin: jenkins-plugin-script-security: sandbox bypass in script security plugin [fedora-all] Product: Fedora Version: 29 Status: NEW Component: jenkins-script-security-plugin Keywords: Security, SecurityTracking Severity: high Priority: high Assignee: msrb(a)redhat.com Reporter: darunesh(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, msrb(a)redhat.com Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug.

1 4

[Bug 1670291] New: groovy-sandbox: jenkins-plugin-workflow-cps: Sandbox Bypass in Groovy Plugin (SECURITY-1293) [fedora-all]
by bugzilla＠redhat.com 27 Nov '19

27 Nov '19

https://bugzilla.redhat.com/show_bug.cgi?id=1670291 Bug ID: 1670291 Summary: groovy-sandbox: jenkins-plugin-workflow-cps: Sandbox Bypass in Groovy Plugin (SECURITY-1293) [fedora-all] Product: Fedora Version: 29 Status: NEW Component: groovy-sandbox Keywords: Security, SecurityTracking Severity: high Priority: high Assignee: msrb(a)redhat.com Reporter: sfowler(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, msrb(a)redhat.com Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug.

1 7

[Bug 1685179] New: CVE-2019-0200 qpid-java: Malformed AMQP 0-8 to 0-10 commands resulting in a Denial of Service
by bugzilla＠redhat.com 27 Nov '19

27 Nov '19

https://bugzilla.redhat.com/show_bug.cgi?id=1685179 Bug ID: 1685179 Summary: CVE-2019-0200 qpid-java: Malformed AMQP 0-8 to 0-10 commands resulting in a Denial of Service Product: Security Response Hardware: All OS: Linux Status: NEW Whiteboard: impact=important,public=20190301,reported=20190301,sou rce=oss-security,cvss3=7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI: N/S:U/C:N/I:N/A:H,cwe=CWE-20,fedora-all/qpid-java=affe cted,mrg-m-3/qpid-java=notaffected Component: vulnerability Keywords: Security Severity: high Priority: high Assignee: security-response-team(a)redhat.com Reporter: anemec(a)redhat.com CC: esammons(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, jross(a)redhat.com, mcressma(a)redhat.com, messaging-bugs(a)redhat.com, puntogil(a)libero.it, rrajasek(a)redhat.com Target Milestone: --- Classification: Other A Denial of Service vulnerability was found in Apache Qpid Broker-J versions 6.0.0-7.0.6 (inclusive) and 7.1.0 which allows an unauthenticated attacker to crash the broker instance by sending specially crafted commands using AMQP protocol versions below 1.0 (AMQP 0-8, 0-9, 0-91 and 0-10). Upstream issue: https://issues.apache.org/jira/browse/QPID-8273 References: https://seclists.org/oss-sec/2019/q1/152 -- You are receiving this mail because: You are on the CC list for the bug.

1 2

[Bug 1685180] New: CVE-2019-0200 qpid-java: Malformed AMQP 0-8 to 0-10 commands resulting in a Denial of Service [fedora-all]
by bugzilla＠redhat.com 27 Nov '19

27 Nov '19

https://bugzilla.redhat.com/show_bug.cgi?id=1685180 Bug ID: 1685180 Summary: CVE-2019-0200 qpid-java: Malformed AMQP 0-8 to 0-10 commands resulting in a Denial of Service [fedora-all] Product: Fedora Version: 29 Status: NEW Component: qpid-java Keywords: Security, SecurityTracking Severity: high Priority: high Assignee: puntogil(a)libero.it Reporter: anemec(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, puntogil(a)libero.it Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug.

1 3

[Bug 1684557] New: CVE-2019-1003024 jenkins-script-security-plugin: jenkins-plugin-script-security: Sandbox Bypass in Script Security Plugin (SECURITY-1320) [fedora-all]
by bugzilla＠redhat.com 27 Nov '19

27 Nov '19

https://bugzilla.redhat.com/show_bug.cgi?id=1684557 Bug ID: 1684557 Summary: CVE-2019-1003024 jenkins-script-security-plugin: jenkins-plugin-script-security: Sandbox Bypass in Script Security Plugin (SECURITY-1320) [fedora-all] Product: Fedora Version: 29 Status: NEW Component: jenkins-script-security-plugin Keywords: Security, SecurityTracking Severity: high Priority: high Assignee: msrb(a)redhat.com Reporter: anemec(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, msrb(a)redhat.com Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of fedora-all. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. -- You are receiving this mail because: You are on the CC list for the bug.

1 5

← Newer
1
2
3
4
5
6
7
...
19
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

java-sig-commits March 2019