https://bugzilla.redhat.com/show_bug.cgi?id=1439284
Bug ID: 1439284
Summary: Jenkins is build with dom4j 1.6.1-27 but 2.0.0-1 is
installed
Product: Fedora
Version: rawhide
Component: jenkins
Severity: urgent
Assignee: msrb(a)redhat.com
Reporter: dhill(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, msrb(a)redhat.com
Description of problem:
Jenkins is build with dom4j 1.6.1-27 but 2.0.0-1 is installed
Version-Release number of selected component (if applicable):
How reproducible:
Always
Steps to Reproduce:
1. Update to latest dom4j
2.
3.
Actual results:
Breaks jenkins
Expected results:
Doesn't break jenkins.
Additional info:
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1451202
Bug ID: 1451202
Summary: Please add logrotate file to Jenkins
Product: Fedora
Version: rawhide
Component: jenkins
Severity: low
Assignee: msrb(a)redhat.com
Reporter: metonymy(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, msrb(a)redhat.com
Please add the logrotate from ansible to the jenkins package.
For details see: https://pagure.io/fedora-infrastructure/issue/6010
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1468722
Bug ID: 1468722
Summary: Latest jenkins update breaks jenkins startup
Product: Fedora
Version: rawhide
Component: jenkins
Severity: low
Assignee: msrb(a)redhat.com
Reporter: dhill(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, msrb(a)redhat.com
Description of problem:
Latest jenkins update breaks jenkins startup and deleting the broken symlink
/usr/share/jenkins/webroot/WEB-INF/lib/jnr-posix.jar solves the issue:
java.io.FileNotFoundException:
/usr/share/jenkins/webroot/WEB-INF/lib/jnr-posix.jar (No such file or
directory)
at java.io.FileInputStream.open0(Native Method)
at java.io.FileInputStream.open(FileInputStream.java:195)
at java.io.FileInputStream.<init>(FileInputStream.java:138)
at
org.eclipse.jetty.util.resource.FileResource.getInputStream(FileResource.java:286)
at org.eclipse.jetty.webapp.JarScanner.matched(JarScanner.java:151)
at
org.eclipse.jetty.util.PatternMatcher.matchPatterns(PatternMatcher.java:100)
at org.eclipse.jetty.util.PatternMatcher.match(PatternMatcher.java:82)
at org.eclipse.jetty.webapp.JarScanner.scan(JarScanner.java:84)
at
org.eclipse.jetty.webapp.MetaInfConfiguration.preConfigure(MetaInfConfiguration.java:84)
at
org.eclipse.jetty.webapp.WebAppContext.preConfigure(WebAppContext.java:457)
at
winstone.HostConfiguration$1.preConfigure(HostConfiguration.java:166)
at
org.eclipse.jetty.webapp.WebAppContext.doStart(WebAppContext.java:493)
at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:64)
at
org.eclipse.jetty.server.handler.HandlerWrapper.doStart(HandlerWrapper.java:95)
at org.eclipse.jetty.server.Server.doStart(Server.java:282)
at
org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:64)
at winstone.Launcher.<init>(Launcher.java:152)
at winstone.Launcher.main(Launcher.java:352)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at Main._main(Main.java:290)
at Main.main(Main.java:104)
Version-Release number of selected component (if applicable):
How reproducible:
Don't know
Steps to Reproduce:
1. Update
2.
3.
Actual results:
Jenkins didn't restart
Expected results:
Jenkins should restart
Additional info:
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1444418
Bug ID: 1444418
Summary: CVE-2017-3586 CVE-2017-3589 mysql-connector-java:
various flaws [fedora-all]
Product: Fedora
Version: 25
Component: mysql-connector-java
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: puntogil(a)libero.it
Reporter: amaris(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: hhorak(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
puntogil(a)libero.it, xjakub(a)fi.muni.cz
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1515065
Bug ID: 1515065
Summary: jenkins: Arbitrary shell command execution on master
by users with Agent-related permissions (SECURITY-478)
[fedora-all]
Product: Fedora
Version: 27
Component: jenkins
Keywords: Security, SecurityTracking
Severity: high
Priority: high
Assignee: msrb(a)redhat.com
Reporter: mknowles(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, msrb(a)redhat.com
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1516794
Bug ID: 1516794
Summary: CVE-2017-1000391 CVE-2017-1000392 jenkins: various
flaws [fedora-all]
Product: Fedora
Version: 27
Component: jenkins
Keywords: Security, SecurityTracking
Severity: low
Priority: low
Assignee: msrb(a)redhat.com
Reporter: anemec(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, msrb(a)redhat.com
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1516989
Bug ID: 1516989
Summary: CVE-2017-5532 CVE-2017-5533 jasperreports: various
flaws [fedora-all]
Product: Fedora
Version: 27
Component: jasperreports
Keywords: Security, SecurityTracking
Severity: high
Priority: high
Assignee: puntogil(a)libero.it
Reporter: psampaio(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
lef(a)fedoraproject.org, puntogil(a)libero.it
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1522903
Bug ID: 1522903
Summary: jenkins: Stored XSS vulnerability in tool names
exploitable by administrators (SECURITY-624)
[fedora-all]
Product: Fedora
Version: 27
Component: jenkins
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: msrb(a)redhat.com
Reporter: amaris(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, msrb(a)redhat.com
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1524541
Bug ID: 1524541
Summary: CVE-2017-17383 jenkins: XSS via a crafted tool name in
a job configuration form [fedora-all]
Product: Fedora
Version: 27
Component: jenkins
Keywords: Security, SecurityTracking
Severity: low
Priority: low
Assignee: msrb(a)redhat.com
Reporter: anemec(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, msrb(a)redhat.com
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1524586
Bug ID: 1524586
Summary: CVE-2016-4216 xmpcore: XXE resulting in information
disclosure [fedora-all]
Product: Fedora
Version: 27
Component: xmpcore
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: puntogil(a)libero.it
Reporter: anemec(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: cedric.olivier(a)free.fr,
java-sig-commits(a)lists.fedoraproject.org,
puntogil(a)libero.it
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
--
You are receiving this mail because:
You are on the CC list for the bug.