https://bugzilla.redhat.com/show_bug.cgi?id=1775293
Bug ID: 1775293
Summary: cve jackson-databind: default typing leads to code
execution
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: high
Priority: high
Assignee: security-response-team(a)redhat.com
Reporter: darunesh(a)redhat.com
CC: aboyko(a)redhat.com, aileenc(a)redhat.com,
akoufoud(a)redhat.com, alazarot(a)redhat.com,
almorale(a)redhat.com, anstephe(a)redhat.com,
asoldano(a)redhat.com, atangrin(a)redhat.com,
ataylor(a)redhat.com, avibelli(a)redhat.com,
bbaranow(a)redhat.com, bbuckingham(a)redhat.com,
bcourt(a)redhat.com, bgeorges(a)redhat.com,
bkearney(a)redhat.com, bmaxwell(a)redhat.com,
bmontgom(a)redhat.com, brian.stansberry(a)redhat.com,
btotty(a)redhat.com, cbyrne(a)redhat.com,
cdewolf(a)redhat.com, chazlett(a)redhat.com,
cmacedo(a)redhat.com, darran.lofthouse(a)redhat.com,
decathorpe(a)gmail.com, dffrench(a)redhat.com,
dkreling(a)redhat.com, dosoudil(a)redhat.com,
drieden(a)redhat.com, drusso(a)redhat.com,
eparis(a)redhat.com, etirelli(a)redhat.com,
ganandan(a)redhat.com, ggaughan(a)redhat.com,
hhorak(a)redhat.com, hhudgeon(a)redhat.com,
ibek(a)redhat.com, iweiss(a)redhat.com,
janstey(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jawilson(a)redhat.com, jbalunas(a)redhat.com,
jburrell(a)redhat.com, jmadigan(a)redhat.com,
jochrist(a)redhat.com, jokerman(a)redhat.com,
jorton(a)redhat.com, jpallich(a)redhat.com,
jperkins(a)redhat.com, jshepherd(a)redhat.com,
jstastny(a)redhat.com, krathod(a)redhat.com,
kverlaen(a)redhat.com, kwills(a)redhat.com,
lef(a)fedoraproject.org, lgao(a)redhat.com,
lthon(a)redhat.com, lzap(a)redhat.com,
mat.booth(a)redhat.com, mmccune(a)redhat.com,
mnovotny(a)redhat.com, msochure(a)redhat.com,
msvehla(a)redhat.com, mszynkie(a)redhat.com,
ngough(a)redhat.com, nstielau(a)redhat.com,
nwallace(a)redhat.com, paradhya(a)redhat.com,
pdrozd(a)redhat.com, pgallagh(a)redhat.com,
pmackay(a)redhat.com, psotirop(a)redhat.com,
puntogil(a)libero.it, pwright(a)redhat.com,
rchan(a)redhat.com, rguimara(a)redhat.com,
rhcs-maint(a)redhat.com, rjerrido(a)redhat.com,
rrajasek(a)redhat.com, rruss(a)redhat.com,
rsvoboda(a)redhat.com, rsynek(a)redhat.com,
sdaley(a)redhat.com, smaestri(a)redhat.com,
sokeeffe(a)redhat.com, sponnaga(a)redhat.com,
stewardship-sig(a)lists.fedoraproject.org,
sthorger(a)redhat.com, swoodman(a)redhat.com,
tbrisker(a)redhat.com, tom.jenkinson(a)redhat.com,
trepel(a)redhat.com, trogers(a)redhat.com,
twalsh(a)redhat.com
Target Milestone: ---
Classification: Other
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0
through 2.9.10. When Default Typing is enabled (either globally or for a
specific property) for an externally exposed JSON endpoint and the service has
the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker
can provide a JNDI service to access, it is possible to make the service
execute a malicious payload.
Reference:
https://github.com/FasterXML/jackson-databind/issues/2498
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1718627
Bug ID: 1718627
Summary: jenkins-ssh-slaves-plugin-1.30.0 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: jenkins-ssh-slaves-plugin
Keywords: FutureFeature, Triaged
Assignee: msrb(a)redhat.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, msrb(a)redhat.com
Target Milestone: ---
Classification: Fedora
Latest upstream release: 1.30.0
Current version/release in rawhide: 1.10-3.fc24
URL: https://wiki.jenkins-ci.org/display/JENKINS/SSH+Slaves+plugin
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from anitya:
https://release-monitoring.org/project/6320/
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1715359
Bug ID: 1715359
Summary: jenkins-antisamy-markup-formatter-plugin-1.5 is
available
Product: Fedora
Version: rawhide
Status: NEW
Component: jenkins-antisamy-markup-formatter-plugin
Keywords: FutureFeature, Triaged
Assignee: msrb(a)redhat.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, msrb(a)redhat.com
Target Milestone: ---
Classification: Fedora
Latest upstream release: 1.5
Current version/release in rawhide: 1.3-2.fc24
URL: https://github.com/jenkinsci/antisamy-markup-formatter-plugin
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from anitya:
https://release-monitoring.org/project/6336/
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1686872
Bug ID: 1686872
Summary: jenkins-ssh-credentials-plugin-1.15 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: jenkins-ssh-credentials-plugin
Keywords: FutureFeature, Triaged
Assignee: msrb(a)redhat.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, msrb(a)redhat.com
Target Milestone: ---
Classification: Fedora
Latest upstream release: 1.15
Current version/release in rawhide: 1.11-4.fc24
URL: https://wiki.jenkins-ci.org/display/JENKINS/SSH+Credentials+Plugin
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from anitya:
https://release-monitoring.org/project/6328/
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1686062
Bug ID: 1686062
Summary: jenkins-matrix-project-plugin-1.14 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: jenkins-matrix-project-plugin
Keywords: FutureFeature, Triaged
Assignee: msrb(a)redhat.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, msrb(a)redhat.com
Target Milestone: ---
Classification: Fedora
Latest upstream release: 1.14
Current version/release in rawhide: 1.6-2.fc24
URL: https://github.com/jenkinsci/matrix-project-plugin
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from anitya:
https://release-monitoring.org/project/6112/
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1685682
Bug ID: 1685682
Summary: jenkins-javadoc-plugin-1.5 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: jenkins-javadoc-plugin
Keywords: FutureFeature, Triaged
Assignee: msrb(a)redhat.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, msrb(a)redhat.com
Target Milestone: ---
Classification: Fedora
Latest upstream release: 1.5
Current version/release in rawhide: 1.3-4.fc24
URL: https://wiki.jenkins-ci.org/display/JENKINS/Javadoc+Plugin
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from anitya:
https://release-monitoring.org/project/6314/
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1672856
Bug ID: 1672856
Summary: jenkins-ssh-cli-auth-1.5 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: jenkins-ssh-cli-auth
Keywords: FutureFeature, Triaged
Assignee: msrb(a)redhat.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, msrb(a)redhat.com
Target Milestone: ---
Classification: Fedora
Latest upstream release: 1.5
Current version/release in rawhide: 1.2-8.fc24
URL: https://github.com/jenkinsci/ssh-cli-auth-module
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from anitya:
https://release-monitoring.org/project/6321/
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1672740
Bug ID: 1672740
Summary: jenkins-sshd-2.6 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: jenkins-sshd
Keywords: FutureFeature, Triaged
Assignee: msrb(a)redhat.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com, msrb(a)redhat.com
Target Milestone: ---
Classification: Fedora
Latest upstream release: 2.6
Current version/release in rawhide: 1.6-7.fc24
URL: https://github.com/jenkinsci/sshd-module
Please consult the package updates policy before you issue an update to a
stable branch: https://fedoraproject.org/wiki/Updates_Policy
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from anitya:
https://release-monitoring.org/project/6327/
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1690417
Bug ID: 1690417
Summary: Newer version of plantuml available 1.2019.3
Product: Fedora
Version: rawhide
Hardware: All
OS: All
Status: NEW
Component: plantuml
Severity: medium
Assignee: jsafrane(a)redhat.com
Reporter: elavarde(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org,
jsafrane(a)redhat.com, puntogil(a)libero.it
Target Milestone: ---
Classification: Fedora
Description of problem:
The current packaged version of plantuml is 8033 and roughly 2 years old. Since
then there is a newer version 1.2019.3 and it would be nice to get it packaged.
Version-Release number of selected component (if applicable):
plantuml-8033-8.fc29.noarch
Additional info:
While you're packaging, two things to consider:
- the package must depend on graphviz to work (else it fails on missing `dot`)
- the Language Reference Guide should be packaged as well
--
You are receiving this mail because:
You are on the CC list for the bug.