Bug 1017459

Summary: resteasy-base contains known vulnerable components
Product: Red Hat Enterprise Linux 7 Reporter: Grant Murphy <gmurphy>
Component: resteasy-baseAssignee: Ade Lee <alee>
Status: CLOSED CURRENTRELEASE QA Contact: Asha Akkiangady <aakkiang>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.0CC: jgalipea, mjc, nkinder
Target Milestone: rcKeywords: Rebase
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Rebase: Bug Fixes and Enhancements
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-06-13 11:21:14 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1017017    

Description Grant Murphy 2013-10-09 23:44:02 UTC 
The victims project maintains a database of known vulnerable components. A victims scan on resteasy-base components shows that resteasy-base-jettison-provider.jar is a known vulnerable artifact as reported in CVE 2013-0818. The details of this CVE can be found in bug #785631. 

Recommend upgrading resteasy-base to 2.3.3 or later.
Comment 2 Ade Lee 2013-10-25 02:21:40 UTC 
Rebased to 2.3.5-1

Changes committed to git:
http://brewweb.devel.redhat.com/brew/taskinfo?taskID=6465953

commit 1807c95fa96786492c2d5685671ed9ba8a4c8d9e
Author: Ade Lee <alee>
Date:   Thu Oct 24 21:49:49 2013 -0400

    Resolves: rhbz#1017459
Comment 4 Jenny Severance 2014-01-29 21:59:34 UTC 
# cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 7.0 Beta (Maipo)

# rpm -q resteasy-base
resteasy-base-2.3.5-2.el7.noarch
Comment 5 Ludek Smid 2014-06-13 11:21:14 UTC 
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.