java-sig-commits June 2019

java-sig-commits@lists.fedoraproject.org

1 participants
279 discussions

[Bug 1663016] New: OpenNLP 1.9.1 available
by bugzilla＠redhat.com 24 Nov '20

24 Nov '20

https://bugzilla.redhat.com/show_bug.cgi?id=1663016 Bug ID: 1663016 Summary: OpenNLP 1.9.1 available Product: Fedora Version: 29 Hardware: x86_64 OS: Linux Status: NEW Component: opennlp Severity: low Assignee: puntogil(a)libero.it Reporter: edgar.hoch(a)ims.uni-stuttgart.de QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, puntogil(a)libero.it Target Milestone: --- Classification: Fedora Created attachment 1518001 --> https://bugzilla.redhat.com/attachment.cgi?id=1518001&action=edit opennlp.spec for 1.9.1 Description of problem: OpenNLP package distributed by Fedora 29 is more that four years old. Current OpenNLP version is 1.9.1. I have used the spec file of opennlp-1.5.3-7.fc29 and modified it until mock creates packages for version 1.9.1. It may be that it can be more optimized. It would be nice if someone could check it and creates updated packages for the public. Version-Release number of selected component (if applicable): opennlp-1.5.3-7.fc29.noarch -- You are receiving this mail because: You are on the CC list for the bug.

1 5

[Bug 1701227] New: jenkins: FTBFS in Fedora rawhide
by bugzilla＠redhat.com 24 Nov '20

24 Nov '20

https://bugzilla.redhat.com/show_bug.cgi?id=1701227 Bug ID: 1701227 Summary: jenkins: FTBFS in Fedora rawhide Product: Fedora Version: rawhide URL: http://apps.fedoraproject.org/koschei/package/jenkins Status: NEW Component: jenkins Assignee: msrb(a)redhat.com Reporter: mizdebsk(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, msrb(a)redhat.com Blocks: 1700317 (F31FTBFS) Target Milestone: --- Classification: Fedora Description of problem: Package jenkins fails to build from source in Fedora rawhide. Version-Release number of selected component (if applicable): 1.651.3-10.fc30 Steps to Reproduce: koji build --scratch f31 jenkins-1.651.3-10.fc30.src.rpm Additional info: This package is tracked by Koschei. See: http://apps.fedoraproject.org/koschei/package/jenkins Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=1700317 [Bug 1700317] Fedora 31 FTBFS Tracker -- You are receiving this mail because: You are on the CC list for the bug.

1 18

[Bug 1710259] New: os-maven-plugin-1.6.2 is available
by bugzilla＠redhat.com 04 Sep '20

04 Sep '20

https://bugzilla.redhat.com/show_bug.cgi?id=1710259 Bug ID: 1710259 Summary: os-maven-plugin-1.6.2 is available Product: Fedora Version: rawhide Status: NEW Component: os-maven-plugin Keywords: FutureFeature, Triaged Assignee: decathorpe(a)gmail.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: ctubbsii(a)fedoraproject.org, decathorpe(a)gmail.com, java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, stewardship-sig(a)lists.fedoraproject.org Target Milestone: --- Classification: Fedora Latest upstream release: 1.6.2 Current version/release in rawhide: 1.2.3-11.fc30 URL: https://github.com/trustin/os-maven-plugin/ Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/8999/ -- You are receiving this mail because: You are on the CC list for the bug.

1 3

[Bug 1699692] New: apache-commons-lang3-3.9 is available
by bugzilla＠redhat.com 18 Aug '20

18 Aug '20

https://bugzilla.redhat.com/show_bug.cgi?id=1699692 Bug ID: 1699692 Summary: apache-commons-lang3-3.9 is available Product: Fedora Version: rawhide Status: NEW Component: apache-commons-lang3 Keywords: FutureFeature, Triaged Assignee: stuart(a)gathman.org Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, stuart(a)gathman.org Target Milestone: --- Classification: Fedora Latest upstream release: 3.9 Current version/release in rawhide: 3.8.1-3.fc30 URL: http://archive.apache.org/dist/commons/lang/source/ Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/76/ -- You are receiving this mail because: You are on the CC list for the bug.

1 6

[Bug 1709770] New: apache-ivy-2.5.0-rc1 is available
by bugzilla＠redhat.com 16 Aug '20

16 Aug '20

https://bugzilla.redhat.com/show_bug.cgi?id=1709770 Bug ID: 1709770 Summary: apache-ivy-2.5.0-rc1 is available Product: Fedora Version: rawhide Status: NEW Component: apache-ivy Keywords: FutureFeature, Triaged Assignee: stewardship-sig(a)lists.fedoraproject.org Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: java-sig-commits(a)lists.fedoraproject.org, jjelen(a)redhat.com, lkundrak(a)v3.sk, mizdebsk(a)redhat.com, stewardship-sig(a)lists.fedoraproject.org Target Milestone: --- Classification: Fedora Latest upstream release: 2.5.0-rc1 Current version/release in rawhide: 2.4.0-16.fc30 URL: http://ant.apache.org/ivy/ Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/14014/ -- You are receiving this mail because: You are on the CC list for the bug.

1 2

[Bug 1713468] New: CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server.
by bugzilla＠redhat.com 28 Jul '20

28 Jul '20

https://bugzilla.redhat.com/show_bug.cgi?id=1713468 Bug ID: 1713468 Summary: CVE-2019-12086 jackson-databind: polymorphic typing issue allows attacker to read arbitrary local files on the server. Product: Security Response Hardware: All OS: Linux Status: NEW Whiteboard: impact=moderate,public=20190514,reported=20190518,sour ce=cve,cvss3=7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/ I:N/A:N,cwe=CWE-502->CWE-200,fuse-6/jackson-databind=n ew,fuse-7/jackson-databind=new,eap-7/jackson-databind= new,rhdm-7/jackson-databind=new,rhpam-7/jackson-databi nd=new,rhscl-3/rh-maven35-jackson-databind=new,openshi ft-enterprise-3/jackson-databind=new,rhn_satellite_6/j ackson-databind=new,vertx-3/jackson-databind=new,rhsso -7/jackson-databind=new,rhmap-4/jackson-databind=new,b pms-6/jackson-databind=new,swarm-7/jackson-databind=ne w,amq-6/jackson-databind=new,amq-st/jackson-databind=n ew,fedora-all/jackson-databind=affected,rhel-8/pki-dep s:10.6/jackson-databind=new,openstack-10/opendaylight= new,openstack-13/opendaylight=new,openstack-14/openday light=new,openstack-8/opendaylight=new,openstack-9/ope ndaylight=new Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team(a)redhat.com Reporter: msiddiqu(a)redhat.com CC: ahardin(a)redhat.com, aileenc(a)redhat.com, akoufoud(a)redhat.com, alazarot(a)redhat.com, almorale(a)redhat.com, anstephe(a)redhat.com, ataylor(a)redhat.com, avibelli(a)redhat.com, bbuckingham(a)redhat.com, bcourt(a)redhat.com, bgeorges(a)redhat.com, bkearney(a)redhat.com, bleanhar(a)redhat.com, bmaxwell(a)redhat.com, btotty(a)redhat.com, cbyrne(a)redhat.com, ccoleman(a)redhat.com, cdewolf(a)redhat.com, chazlett(a)redhat.com, cmacedo(a)redhat.com, csutherl(a)redhat.com, darran.lofthouse(a)redhat.com, dbecker(a)redhat.com, dedgar(a)redhat.com, dffrench(a)redhat.com, dosoudil(a)redhat.com, drieden(a)redhat.com, drusso(a)redhat.com, eparis(a)redhat.com, etirelli(a)redhat.com, hhorak(a)redhat.com, hhudgeon(a)redhat.com, ibek(a)redhat.com, janstey(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, jawilson(a)redhat.com, jbalunas(a)redhat.com, jgoulding(a)redhat.com, jjoyce(a)redhat.com, jkurik(a)redhat.com, jmadigan(a)redhat.com, jochrist(a)redhat.com, jokerman(a)redhat.com, jorton(a)redhat.com, jpallich(a)redhat.com, jschluet(a)redhat.com, jshepherd(a)redhat.com, kbasil(a)redhat.com, krathod(a)redhat.com, kverlaen(a)redhat.com, lef(a)fedoraproject.org, lgao(a)redhat.com, lhh(a)redhat.com, lpeer(a)redhat.com, lpetrovi(a)redhat.com, lthon(a)redhat.com, lzap(a)redhat.com, mat.booth(a)redhat.com, mburns(a)redhat.com, mchappel(a)redhat.com, mhulan(a)redhat.com, mkolesni(a)redhat.com, mmccune(a)redhat.com, mnovotny(a)redhat.com, mszynkie(a)redhat.com, ngough(a)redhat.com, paradhya(a)redhat.com, pdrozd(a)redhat.com, pgallagh(a)redhat.com, pgier(a)redhat.com, ppenicka(a)redhat.com, psakar(a)redhat.com, pslavice(a)redhat.com, psotirop(a)redhat.com, puntogil(a)libero.it, pwright(a)redhat.com, rchan(a)redhat.com, rhcs-maint(a)redhat.com, rjerrido(a)redhat.com, rnetuka(a)redhat.com, rrajasek(a)redhat.com, rruss(a)redhat.com, rsvoboda(a)redhat.com, rsynek(a)redhat.com, sclewis(a)redhat.com, scohen(a)redhat.com, sdaley(a)redhat.com, slinaber(a)redhat.com, sthorger(a)redhat.com, tbrisker(a)redhat.com, tom.jenkinson(a)redhat.com, trepel(a)redhat.com, trogers(a)redhat.com, twalsh(a)redhat.com, vtunka(a)redhat.com Target Milestone: --- Classification: Other A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation. Upstream patch: https://github.com/FasterXML/jackson-databind/commit/dda513bd7251b4f32b7b60… Upstream issue: https://github.com/FasterXML/jackson-databind/issues/2326 References: https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.9 https://issues.jboss.org/browse/RESTEASY-2248 http://russiansecurity.expert/2016/04/20/mysql-connect-file-read/ https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-yo… -- You are receiving this mail because: You are on the CC list for the bug.

1 62

[Bug 1664731] New: CVE-2018-20433 c3p0: XML external entity processing in extractXmlConfigFromInputStream [epel-7]
by bugzilla＠redhat.com 05 Jul '20

05 Jul '20

https://bugzilla.redhat.com/show_bug.cgi?id=1664731 Bug ID: 1664731 Summary: CVE-2018-20433 c3p0: XML external entity processing in extractXmlConfigFromInputStream [epel-7] Product: Fedora EPEL Version: epel7 Status: NEW Component: c3p0 Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: dingyichen(a)gmail.com Reporter: anemec(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: dingyichen(a)gmail.com, java-sig-commits(a)lists.fedoraproject.org, lef(a)fedoraproject.org, mat.booth(a)redhat.com Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of epel-7. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. -- You are receiving this mail because: You are on the CC list for the bug.

1 3

[Bug 1709862] New: CVE-2019-5427 c3p0: loading XML configuration leads to denial of service [epel-7]
by bugzilla＠redhat.com 05 Jul '20

05 Jul '20

https://bugzilla.redhat.com/show_bug.cgi?id=1709862 Bug ID: 1709862 Summary: CVE-2019-5427 c3p0: loading XML configuration leads to denial of service [epel-7] Product: Fedora EPEL Version: epel7 Status: NEW Component: c3p0 Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: dingyichen(a)gmail.com Reporter: msiddiqu(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: decathorpe(a)gmail.com, dingyichen(a)gmail.com, java-sig-commits(a)lists.fedoraproject.org, lef(a)fedoraproject.org, mat.booth(a)redhat.com, stewardship-sig(a)lists.fedoraproject.org Target Milestone: --- Classification: Fedora This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of epel-7. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. -- You are receiving this mail because: You are on the CC list for the bug.

1 4

[Bug 1678877] New: slf4j-1.7.26 is available
by bugzilla＠redhat.com 08 Jun '20

08 Jun '20

https://bugzilla.redhat.com/show_bug.cgi?id=1678877 Bug ID: 1678877 Summary: slf4j-1.7.26 is available Product: Fedora Version: rawhide Status: NEW Component: slf4j Keywords: FutureFeature, Triaged Assignee: extras-orphan(a)fedoraproject.org Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: extras-orphan(a)fedoraproject.org, java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com Target Milestone: --- Classification: Fedora Latest upstream release: 1.7.26 Current version/release in rawhide: 1.7.25-6.fc30 URL: http://www.slf4j.org/download.html Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/4831/ -- You are receiving this mail because: You are on the CC list for the bug.

1 3

[Bug 1670199] New: plexus-containers-2.0.0 is available
by bugzilla＠redhat.com 08 Jun '20

08 Jun '20

https://bugzilla.redhat.com/show_bug.cgi?id=1670199 Bug ID: 1670199 Summary: plexus-containers-2.0.0 is available Product: Fedora Version: rawhide Status: NEW Component: plexus-containers Keywords: FutureFeature, Triaged Assignee: mizdebsk(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: dbhole(a)redhat.com, fnasser(a)redhat.com, java-sig-commits(a)lists.fedoraproject.org, mizdebsk(a)redhat.com, yyang(a)redhat.com Target Milestone: --- Classification: Fedora Latest upstream release: 2.0.0 Current version/release in rawhide: 1.7.1-8.fc29 URL: https://github.com/codehaus-plexus/plexus-containers Please consult the package updates policy before you issue an update to a stable branch: https://fedoraproject.org/wiki/Updates_Policy More information about the service that created this bug can be found at: https://fedoraproject.org/wiki/Upstream_release_monitoring Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from anitya: https://release-monitoring.org/project/3668/ -- You are receiving this mail because: You are on the CC list for the bug.

1 3

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

java-sig-commits June 2019