https://bugzilla.redhat.com/show_bug.cgi?id=1381310
Bug ID: 1381310
Summary: glassfish-servlet-api: 4.0.0-b01 is available
Product: Fedora
Version: rawhide
Component: glassfish-servlet-api
Assignee: davidx(a)fedoraproject.org
Reporter: puntogil(a)libero.it
QA Contact: extras-qa(a)fedoraproject.org
CC: davidx(a)fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
puntogil(a)libero.it
Upstream released axiom 4.0.0-b01.
Currently, we still have version 3.1.0-11.fc25 in Rawhide.
URL: https://svn.java.net/svn/glassfish~svn/tags/javax.servlet-api-4.0.0-b01
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1395997
Bug ID: 1395997
Summary: jenkins-extras-memory-monitor: FTBFS in Fedora Rawhide
Product: Fedora
Version: rawhide
Component: jenkins-extras-memory-monitor
Assignee: msrb(a)redhat.com
Reporter: mizdebsk(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, msrb(a)redhat.com
Description of problem:
Package jenkins-extras-memory-monitor fails to build from source in Fedora
Rawhide.
The build uses deprecated "attached" goal of maven-assembly-plugin, which was
removed in version 3.0.0. See:
https://maven.apache.org/components/plugins-archives/maven-assembly-plugin-…
Version-Release number of selected component (if applicable):
1.9-3.fc24
Steps to Reproduce:
koji build --scratch f26 jenkins-extras-memory-monitor-1.9-3.fc24.src.rpm
Additional info:
This package is tracked by Koschei. See:
http://apps.fedoraproject.org/koschei/package/jenkins-extras-memory-monitor
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1397462
Bug ID: 1397462
Summary: littleproxy-1.1.0 is available
Product: Fedora
Version: rawhide
Component: littleproxy
Assignee: puntogil(a)libero.it
Reporter: puntogil(a)libero.it
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
puntogil(a)libero.it
Latest upstream release: 1.1.0
Current version/release in rawhide: 0.5.3-3.fc25
URL: https://github.com/adamfisk/LittleProxy/tags
gradle 3.1 BuildRequires
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1298915
Bug ID: 1298915
Summary: fop-2.1 is available
Product: Fedora
Version: rawhide
Component: fop
Keywords: FutureFeature, Triaged
Assignee: r.landmann(a)redhat.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: c.david86(a)gmail.com,
java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, msimacek(a)redhat.com,
msrb(a)redhat.com, rhbugs(a)n-dimensional.de,
r.landmann(a)redhat.com
Latest upstream release: 2.1
Current version/release in rawhide: 2.0-2.fc24
URL: http://archive.apache.org/dist/xmlgraphics/fop/source/
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1238245
Bug ID: 1238245
Summary: maven-ear-plugin-2.10.1 is available
Product: Fedora
Version: rawhide
Component: maven-ear-plugin
Keywords: FutureFeature, Triaged
Assignee: huwang(a)redhat.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: huwang(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org
Latest upstream release: 2.10.1
Current version/release in rawhide: 2.10-2.fc23
URL: http://repo2.maven.org/maven2/org/apache/maven/plugins/maven-ear-plugin/
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=noRQkekdeg&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1291292
Bug ID: 1291292
Summary: CVE-2015-5254 activemq: unsafe deserialization
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: high
Priority: high
Assignee: security-response-team(a)redhat.com
Reporter: mprpic(a)redhat.com
CC: abhgupta(a)redhat.com, agrimm(a)redhat.com,
aileenc(a)redhat.com, ccoleman(a)redhat.com,
chazlett(a)redhat.com, dmcphers(a)redhat.com,
gvarsami(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jcoleman(a)redhat.com, jialiu(a)redhat.com,
joelsmith(a)redhat.com, jokerman(a)redhat.com,
kconner(a)redhat.com, kseifried(a)redhat.com,
ldimaggi(a)redhat.com, lmeyer(a)redhat.com,
mmccomas(a)redhat.com, nwallace(a)redhat.com,
pavelp(a)redhat.com, puntogil(a)libero.it,
rwagner(a)redhat.com,
soa-p-jira(a)post-office.corp.redhat.com, s(a)shk.io,
tcunning(a)redhat.com, tdawson(a)redhat.com,
tiwillia(a)redhat.com, tkirby(a)redhat.com
JMS Object messages depends on Java Serialization for marshaling/unmashaling of
the message payload. There are a couple of places inside the broker where
deserialization can occur, like web console or stomp object message
transformation. As deserialization of untrusted data can leaed to security
flaws as demonstrated in various reports, this leaves the broker vunerable to
this attack vector. Additionally, applications that consume ObjectMessage type
of messages can be vunerable as they deserlize objects on
ObjectMessage.getObject() calls.
This issue was fixed upstream in Apache ActiveMQ 5.13.0. Additionally, when
using ObjectMessage message type, you need to explicitly list trusted packages.
To see how to do that, please take a look at:
http://activemq.apache.org/objectmessage.html
External References:
http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcem…
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=gmTDQZJf60&a=cc_unsubscribe
https://bugzilla.redhat.com/show_bug.cgi?id=1340386
Bug ID: 1340386
Summary: CVE-2016-4434 tika: XML External Entity vulnerability
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: high
Priority: high
Assignee: security-response-team(a)redhat.com
Reporter: anemec(a)redhat.com
CC: alazarot(a)redhat.com, aszczucz(a)redhat.com,
bdawidow(a)redhat.com, bgollahe(a)redhat.com,
bkearney(a)redhat.com, brms-jira(a)redhat.com,
chazlett(a)redhat.com, epp-bugs(a)redhat.com,
etirelli(a)redhat.com, felias(a)redhat.com,
hchiorea(a)redhat.com, hfnukal(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jcoleman(a)redhat.com, jolee(a)redhat.com,
jpallich(a)redhat.com, kanderso(a)redhat.com,
lpetrovi(a)redhat.com, mbaluch(a)redhat.com,
meissner(a)suse.de, mweiler(a)redhat.com,
mwinkler(a)redhat.com, nwallace(a)redhat.com,
ohudlick(a)redhat.com, pavelp(a)redhat.com,
puntogil(a)libero.it, rrajasek(a)redhat.com,
rzhang(a)redhat.com, rzima(a)redhat.com, taw(a)redhat.com,
theute(a)redhat.com, thomas(a)suse.de,
tkasparek(a)redhat.com, tkirby(a)redhat.com,
tlestach(a)redhat.com, vhalbert(a)redhat.com
Apache Tika parses XML within numerous file formats. In some instances, such
as spreadsheets in OOXML files, XMP in PDF, and other file formats, the
initialization of the XML parser or the choice of handlers did not protect
against XML External Entity (XXE) vulnerabilities.
References:
http://seclists.org/oss-sec/2016/q2/413
--
You are receiving this mail because:
You are on the CC list for the bug.