https://bugzilla.redhat.com/show_bug.cgi?id=1884425
Bug ID: 1884425
Summary: jackson-core-2.11.3 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: jackson-core
Keywords: FutureFeature, Triaged
Assignee: java-maint-sig(a)lists.fedoraproject.org
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: decathorpe(a)gmail.com,
java-maint-sig(a)lists.fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
puntogil(a)libero.it, roman(a)fenkhuber.at
Target Milestone: ---
Classification: Fedora
Latest upstream release: 2.11.3
Current version/release in rawhide: 2.11.2-1.fc33
URL: https://github.com/FasterXML/jackson-core
Please consult the package updates policy before you issue an update to a
stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from anitya:
https://release-monitoring.org/project/10962/
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1884424
Bug ID: 1884424
Summary: jackson-annotations-2.11.3 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: jackson-annotations
Keywords: FutureFeature, Triaged
Assignee: java-maint-sig(a)lists.fedoraproject.org
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: decathorpe(a)gmail.com,
java-maint-sig(a)lists.fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
lef(a)fedoraproject.org, puntogil(a)libero.it
Target Milestone: ---
Classification: Fedora
Latest upstream release: 2.11.3
Current version/release in rawhide: 2.11.2-1.fc33
URL: https://github.com/FasterXML/jackson-annotations
Please consult the package updates policy before you issue an update to a
stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from anitya:
https://release-monitoring.org/project/89327/
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2022974
Bug ID: 2022974
Summary: qdox-2.0.1 is available
Product: Fedora
Version: rawhide
Status: NEW
Component: qdox
Keywords: FutureFeature, Triaged
Assignee: mizdebsk(a)redhat.com
Reporter: upstream-release-monitoring(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: akurtako(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
mizdebsk(a)redhat.com
Target Milestone: ---
Classification: Fedora
Latest upstream release: 2.0.1
Current version/release in rawhide: 2.0.0-6.fc35
URL: https://github.com/paul-hammant/qdox
Please consult the package updates policy before you issue an update to a
stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/
More information about the service that created this bug can be found at:
https://fedoraproject.org/wiki/Upstream_release_monitoring
Please keep in mind that with any upstream change, there may also be packaging
changes that need to be made. Specifically, please remember that it is your
responsibility to review the new version to ensure that the licensing is still
correct and that no non-free or legally problematic items have been added
upstream.
Based on the information from anitya:
https://release-monitoring.org/project/12832/
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2022974
https://bugzilla.redhat.com/show_bug.cgi?id=1982336
Bug ID: 1982336
Summary: CVE-2021-36373 ant: excessive memory allocation when
reading a specially crafted TAR archive
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: abenaiss(a)redhat.com, aileenc(a)redhat.com,
akoufoud(a)redhat.com, alazarot(a)redhat.com,
almorale(a)redhat.com, anstephe(a)redhat.com,
aos-bugs(a)redhat.com, asoldano(a)redhat.com,
atangrin(a)redhat.com, bbaranow(a)redhat.com,
bibryam(a)redhat.com, bmaxwell(a)redhat.com,
bmontgom(a)redhat.com, brian.stansberry(a)redhat.com,
cdewolf(a)redhat.com, chazlett(a)redhat.com,
darran.lofthouse(a)redhat.com, dkreling(a)redhat.com,
dosoudil(a)redhat.com, drieden(a)redhat.com,
eleandro(a)redhat.com, eparis(a)redhat.com,
etirelli(a)redhat.com, fjuma(a)redhat.com,
ggaughan(a)redhat.com, gmalinko(a)redhat.com,
gvarsami(a)redhat.com, hbraun(a)redhat.com,
ibek(a)redhat.com, iweiss(a)redhat.com,
janstey(a)redhat.com, jaromir.capik(a)email.cz,
java-maint-sig(a)lists.fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
jburrell(a)redhat.com, jcoleman(a)redhat.com,
jochrist(a)redhat.com, jokerman(a)redhat.com,
jolee(a)redhat.com, jpallich(a)redhat.com,
jperkins(a)redhat.com, jrokos(a)redhat.com,
jschatte(a)redhat.com, jstastny(a)redhat.com,
jwon(a)redhat.com, kconner(a)redhat.com,
krathod(a)redhat.com, kverlaen(a)redhat.com,
kwills(a)redhat.com, ldimaggi(a)redhat.com,
lgao(a)redhat.com, loleary(a)redhat.com,
mizdebsk(a)redhat.com, mnovotny(a)redhat.com,
msochure(a)redhat.com, msrb(a)redhat.com,
msvehla(a)redhat.com, nstielau(a)redhat.com,
nwallace(a)redhat.com, pantinor(a)redhat.com,
pbhattac(a)redhat.com, pjindal(a)redhat.com,
pmackay(a)redhat.com, rguimara(a)redhat.com,
rrajasek(a)redhat.com, rstancel(a)redhat.com,
rsvoboda(a)redhat.com, rwagner(a)redhat.com,
sd-operator-metering(a)redhat.com, smaestri(a)redhat.com,
spinder(a)redhat.com, sponnaga(a)redhat.com,
tcunning(a)redhat.com, tflannag(a)redhat.com,
theute(a)redhat.com, tkirby(a)redhat.com,
tom.jenkinson(a)redhat.com, tzimanyi(a)redhat.com,
vbobade(a)redhat.com, yborgess(a)redhat.com
Target Milestone: ---
Classification: Other
When reading a specially crafted TAR archive an Apache Ant build can be made to
allocate large amounts of memory that finally leads to an out of memory error,
even for small inputs. This can be used to disrupt builds using Apache Ant.
Apache Ant prior to 1.9.16 and 1.10.11 were affected.
Reference:
https://lists.apache.org/thread.html/r54afdab05e01de970649c2d91a993f68a6b00…
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1981903
Bug ID: 1981903
Summary: CVE-2021-35517 apache-commons-compress: excessive
memory allocation when reading a specially crafted TAR
archive
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: dblechte(a)redhat.com, dfediuck(a)redhat.com,
eedri(a)redhat.com, hhorak(a)redhat.com,
java-maint-sig(a)lists.fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
jorton(a)redhat.com, mgoldboi(a)redhat.com,
michal.skrivanek(a)redhat.com, mizdebsk(a)redhat.com,
mkoncek(a)redhat.com, sbonazzo(a)redhat.com,
sherold(a)redhat.com, SpikeFedora(a)gmail.com,
yturgema(a)redhat.com
Target Milestone: ---
Classification: Other
When reading a specially crafted TAR archive, Compress can be made to allocate
large amounts of memory that finally leads to an out of memory error even for
very small inputs. This could be used to mount a denial of service attack
against services that use Compress' tar package.
References:
https://commons.apache.org/proper/commons-compress/security-reports.htmlhttps://lists.apache.org/thread.html/r605d906b710b95f1bbe0036a53ac6968f667f…http://www.openwall.com/lists/oss-security/2021/07/13/3
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1981909
Bug ID: 1981909
Summary: CVE-2021-36090 apache-commons-compress: excessive
memory allocation when reading a specially crafted ZIP
archive
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: dblechte(a)redhat.com, dfediuck(a)redhat.com,
eedri(a)redhat.com, hhorak(a)redhat.com,
java-maint-sig(a)lists.fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
jorton(a)redhat.com, mgoldboi(a)redhat.com,
michal.skrivanek(a)redhat.com, mizdebsk(a)redhat.com,
mkoncek(a)redhat.com, sbonazzo(a)redhat.com,
sherold(a)redhat.com, SpikeFedora(a)gmail.com,
yturgema(a)redhat.com
Target Milestone: ---
Classification: Other
When reading a specially crafted ZIP archive, Compress can be made to allocate
large amounts of memory that finally leads to an out of memory error even for
very small inputs. This could be used to mount a denial of service attack
against services that use Compress' zip package.
References:
https://lists.apache.org/thread.html/rc4134026d7d7b053d4f9f2205531122732405…https://commons.apache.org/proper/commons-compress/security-reports.htmlhttp://www.openwall.com/lists/oss-security/2021/07/13/4
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1981900
Bug ID: 1981900
Summary: CVE-2021-35516 apache-commons-compress: excessive
memory allocation when reading a specially crafted 7Z
archive
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: dblechte(a)redhat.com, dfediuck(a)redhat.com,
eedri(a)redhat.com, hhorak(a)redhat.com,
java-maint-sig(a)lists.fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
jorton(a)redhat.com, mgoldboi(a)redhat.com,
michal.skrivanek(a)redhat.com, mizdebsk(a)redhat.com,
mkoncek(a)redhat.com, sbonazzo(a)redhat.com,
sherold(a)redhat.com, SpikeFedora(a)gmail.com,
yturgema(a)redhat.com
Target Milestone: ---
Classification: Other
When reading a specially crafted 7Z archive, Compress can be made to allocate
large amounts of memory that finally leads to an out of memory error even for
very small inputs. This could be used to mount a denial of service attack
against services that use Compress' sevenz package.
References:
https://commons.apache.org/proper/commons-compress/security-reports.htmlhttps://lists.apache.org/thread.html/rf68442d67eb166f4b6cf0bbbe6c7f99098c12…http://www.openwall.com/lists/oss-security/2021/07/13/2
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1981895
Bug ID: 1981895
Summary: CVE-2021-35515 apache-commons-compress: infinite loop
when reading a specially crafted 7Z archive
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: dblechte(a)redhat.com, dfediuck(a)redhat.com,
eedri(a)redhat.com, hhorak(a)redhat.com,
java-maint-sig(a)lists.fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
jorton(a)redhat.com, mgoldboi(a)redhat.com,
michal.skrivanek(a)redhat.com, mizdebsk(a)redhat.com,
mkoncek(a)redhat.com, sbonazzo(a)redhat.com,
sherold(a)redhat.com, SpikeFedora(a)gmail.com,
yturgema(a)redhat.com
Target Milestone: ---
Classification: Other
When reading a specially crafted 7Z archive, the construction of the list of
codecs that decompress an entry can result in an infinite loop. This could be
used to mount a denial of service attack against services that use Compress'
sevenz package.
References:
https://commons.apache.org/proper/commons-compress/security-reports.htmlhttps://lists.apache.org/thread.html/r19ebfd71770ec0617a9ea180e321ef927b3fe…http://www.openwall.com/lists/oss-security/2021/07/13/1
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1987678
Bug ID: 1987678
Summary: lucene: FTBFS in Fedora rawhide/f35
Product: Fedora
Version: rawhide
Status: NEW
Component: lucene
Assignee: akurtako(a)redhat.com
Reporter: releng(a)fedoraproject.org
QA Contact: extras-qa(a)fedoraproject.org
CC: akurtako(a)redhat.com, dbhole(a)redhat.com,
dchen(a)redhat.com, eclipse-sig(a)lists.fedoraproject.org,
java-sig-commits(a)lists.fedoraproject.org,
jerboaa(a)gmail.com, krzysztof.daniel(a)gmail.com,
lef(a)fedoraproject.org, rgrunber(a)redhat.com
Blocks: 1927309 (F35FTBFS,RAWHIDEFTBFS)
Target Milestone: ---
Classification: Fedora
lucene failed to build from source in Fedora rawhide/f35
https://koji.fedoraproject.org/koji/taskinfo?taskID=72400674
For details on the mass rebuild see:
https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
Please fix lucene at your earliest convenience and set the bug's status to
ASSIGNED when you start fixing it. If the bug remains in NEW state for 8 weeks,
lucene will be orphaned. Before branching of Fedora 36,
lucene will be retired, if it still fails to build.
For more details on the FTBFS policy, please visit:
https://docs.fedoraproject.org/en-US/fesco/Fails_to_build_from_source_Fails…
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1927309
[Bug 1927309] Fedora 35 FTBFS Tracker
--
You are receiving this mail because:
You are on the CC list for the bug.