Fedora Linux 8733 Published by

An eclipse-m2e-core security update has been released for Fedora 32.



SECURITY: Fedora 32 Update: eclipse-m2e-core-1.16.1-1.fc32


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2020-cf8ef2f333
2020-08-31 15:48:37.485399
--------------------------------------------------------------------------------

Name : eclipse-m2e-core
Product : Fedora 32
Version : 1.16.1
Release : 1.fc32
URL :   https://eclipse.org/m2e/
Summary : Maven integration for Eclipse
Description :
The goal of the m2ec project is to provide a first-class Apache Maven support
in the Eclipse IDE, making it easier to edit Maven's pom.xml, run a build from
the IDE and much more. For Java developers, the very tight integration with JDT
greatly simplifies the consumption of Java artifacts either being hosted on open
source repositories such as Maven Central, or in your in-house Maven repository.

m2e is also a platform that let others provide better integration with
additional Maven plugins (e.g. Android, web development, etc.), and facilitates
the distribution of those extensions through the m2e marketplace.

--------------------------------------------------------------------------------
Update Information:

Updates to the latest upstream release of Eclipse. See the upstream release
notes for details:   https://www.eclipse.org/eclipseide/2020-06/noteworthy/ Also
contains security fixes for CVE-2019-17566 and CVE-2019-17638.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Aug 14 2020 Mat Booth - 1.16.1-1
- Update to latest upstream release
* Thu Aug 6 2020 Mat Booth - 1.16.0-7
- Fix broken requires
* Mon Jul 27 2020 Fedora Release Engineering - 1.16.0-6
- Rebuilt for   https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Thu Jul 16 2020 Mat Booth - 1.16.0-5
- Remove explicit BR on javax.annotation-api, since Eclipse platform will pull
in either the javax or jakarta version as required
* Mon Jul 13 2020 Jiri Vanek - 1.16.0-4
- Rebuilt for JDK-11, see   https://fedoraproject.org/wiki/Changes/Java11
* Mon Jul 13 2020 Mat Booth - 1.16.0-3
- Patch out dep on aether and obsolete javadoc package
* Fri Jul 10 2020 Jiri Vanek - 1.16.0-2
- Rebuilt for JDK-11, see   https://fedoraproject.org/wiki/Changes/Java11
* Thu Jun 25 2020 Mat Booth - 1.16.0-1
- Update to latest upstream release
* Wed Apr 1 2020 Mat Booth - 1.15.0-3
- Add patch to fix NoClassDefFoundErrors
* Wed Mar 25 2020 Mat Booth - 1.15.0-2
- Improve archetype patch
* Sun Mar 22 2020 Mat Booth - 1.15.0-1
- Update to latest upstream release
* Tue Jan 7 2020 Mat Booth - 1.14.0-2
- Correctly obsolete tests
* Fri Dec 20 2019 Mat Booth - 1.14.0-1
- Update to latest upstream release
- Don't build and ship tests
* Thu Aug 1 2019 Mat Booth - 1.11.0-8
- Rebuild against new maven-archetype and regenerate runtime requires
* Tue Jul 2 2019 Mat Booth - 1.11.0-7
- Re-generate OSGi BRs
* Mon Jul 1 2019 Mat Booth - 1.11.0-6
- Drop hard requirement on xbean, not really needed by maven
* Fri Jun 21 2019 Mat Booth - 1.11.0-5
- Backport fix to correct 'Failed to evaluate: ReferenceExpression' errors in
log
* Tue Jun 18 2019 Mat Booth - 1.11.0-4
- Rebuild against maven-indexer 6.0
* Wed Jun 12 2019 Mat Booth - 1.11.0-3
- Add obsoletes for eclipse-m2e-sourcelookup
* Wed Jun 12 2019 Mat Booth - 1.11.0-2
- Fix build against modularised maven-resolver
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #1848617 - CVE-2019-17566 batik: SSRF via "xlink:href"
  https://bugzilla.redhat.com/show_bug.cgi?id=1848617
[ 2 ] Bug #1864680 - CVE-2019-17638 jetty: double release of resource can lead to information disclosure
  https://bugzilla.redhat.com/show_bug.cgi?id=1864680
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-cf8ef2f333' at the command
line. For more information, refer to the dnf documentation available at
  http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
  https://fedoraproject.org/keys