drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in eclipse-m2e-core
Name: |
Zwei Probleme in eclipse-m2e-core |
|
ID: |
FEDORA-2020-cf8ef2f333 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 32 |
|
Datum: |
Mo, 31. August 2020, 23:47 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17638
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17566 |
|
Applikationen: |
eclipse-m2e-core |
|
Originalnachricht |
------------------------------------------------------------------------------- - Fedora Update Notification FEDORA-2020-cf8ef2f333 2020-08-31 15:48:37.485399 ------------------------------------------------------------------------------- -
Name : eclipse-m2e-core Product : Fedora 32 Version : 1.16.1 Release : 1.fc32 URL : https://eclipse.org/m2e/ Summary : Maven integration for Eclipse Description : The goal of the m2ec project is to provide a first-class Apache Maven support in the Eclipse IDE, making it easier to edit Maven's pom.xml, run a build from the IDE and much more. For Java developers, the very tight integration with JDT greatly simplifies the consumption of Java artifacts either being hosted on open source repositories such as Maven Central, or in your in-house Maven repository.
m2e is also a platform that let others provide better integration with additional Maven plugins (e.g. Android, web development, etc.), and facilitates the distribution of those extensions through the m2e marketplace.
------------------------------------------------------------------------------- - Update Information:
Updates to the latest upstream release of Eclipse. See the upstream release notes for details: https://www.eclipse.org/eclipseide/2020-06/noteworthy/ Also contains security fixes for CVE-2019-17566 and CVE-2019-17638. ------------------------------------------------------------------------------- - ChangeLog:
* Fri Aug 14 2020 Mat Booth <mat.booth@redhat.com> - 1.16.1-1 - Update to latest upstream release * Thu Aug 6 2020 Mat Booth <mat.booth@redhat.com> - 1.16.0-7 - Fix broken requires * Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 1.16.0-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild * Thu Jul 16 2020 Mat Booth <mat.booth@redhat.com> - 1.16.0-5 - Remove explicit BR on javax.annotation-api, since Eclipse platform will pull in either the javax or jakarta version as required * Mon Jul 13 2020 Jiri Vanek <jvanek@redhat.com> - 1.16.0-4 - Rebuilt for JDK-11, see https://fedoraproject.org/wiki/Changes/Java11 * Mon Jul 13 2020 Mat Booth <mat.booth@redhat.com> - 1.16.0-3 - Patch out dep on aether and obsolete javadoc package * Fri Jul 10 2020 Jiri Vanek <jvanek@redhat.com> - 1.16.0-2 - Rebuilt for JDK-11, see https://fedoraproject.org/wiki/Changes/Java11 * Thu Jun 25 2020 Mat Booth <mat.booth@redhat.com> - 1.16.0-1 - Update to latest upstream release * Wed Apr 1 2020 Mat Booth <mat.booth@redhat.com> - 1.15.0-3 - Add patch to fix NoClassDefFoundErrors * Wed Mar 25 2020 Mat Booth <mat.booth@redhat.com> - 1.15.0-2 - Improve archetype patch * Sun Mar 22 2020 Mat Booth <mat.booth@redhat.com> - 1.15.0-1 - Update to latest upstream release * Tue Jan 7 2020 Mat Booth <mat.booth@redhat.com> - 1.14.0-2 - Correctly obsolete tests * Fri Dec 20 2019 Mat Booth <mat.booth@redhat.com> - 1.14.0-1 - Update to latest upstream release - Don't build and ship tests * Thu Aug 1 2019 Mat Booth <mat.booth@redhat.com> - 1.11.0-8 - Rebuild against new maven-archetype and regenerate runtime requires * Tue Jul 2 2019 Mat Booth <mat.booth@redhat.com> - 1.11.0-7 - Re-generate OSGi BRs * Mon Jul 1 2019 Mat Booth <mat.booth@redhat.com> - 1.11.0-6 - Drop hard requirement on xbean, not really needed by maven * Fri Jun 21 2019 Mat Booth <mat.booth@redhat.com> - 1.11.0-5 - Backport fix to correct 'Failed to evaluate: ReferenceExpression' errors in log * Tue Jun 18 2019 Mat Booth <mat.booth@redhat.com> - 1.11.0-4 - Rebuild against maven-indexer 6.0 * Wed Jun 12 2019 Mat Booth <mat.booth@redhat.com> - 1.11.0-3 - Add obsoletes for eclipse-m2e-sourcelookup * Wed Jun 12 2019 Mat Booth <mat.booth@redhat.com> - 1.11.0-2 - Fix build against modularised maven-resolver ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #1848617 - CVE-2019-17566 batik: SSRF via "xlink:href" https://bugzilla.redhat.com/show_bug.cgi?id=1848617 [ 2 ] Bug #1864680 - CVE-2019-17638 jetty: double release of resource can lead to information disclosure https://bugzilla.redhat.com/show_bug.cgi?id=1864680 ------------------------------------------------------------------------------- -
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-cf8ef2f333' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
|
|
|
|