[cassandra] branch cassandra-3.0 updated: Suppress CVE-2023-34455, CVE-2023-34454, CVE-2023-34453

Mon, 26 Jun 2023 04:11:45 -0700 

This is an automated email from the ASF dual-hosted git repository.

brandonwilliams pushed a commit to branch cassandra-3.0
in repository https://gitbox.apache.org/repos/asf/cassandra.git


The following commit(s) were added to refs/heads/cassandra-3.0 by this push:
     new d99bccd649 Suppress CVE-2023-34455, CVE-2023-34454, CVE-2023-34453
d99bccd649 is described below

commit d99bccd6493ceb7aed4e05b05f81913ea876d855
Author: Brandon Williams <brandonwilli...@apache.org>
AuthorDate: Thu Jun 22 11:55:09 2023 -0500

    Suppress CVE-2023-34455, CVE-2023-34454, CVE-2023-34453
    
    Patch by brandonwilliams; reviewed by bereng for CASSANDRA-18608
---
 .build/dependency-check-suppressions.xml | 7 +++++++
 CHANGES.txt                              | 1 +
 2 files changed, 8 insertions(+)

diff --git a/.build/dependency-check-suppressions.xml 
b/.build/dependency-check-suppressions.xml
index 02dbb8dd92..08bf3f7236 100644
--- a/.build/dependency-check-suppressions.xml
+++ b/.build/dependency-check-suppressions.xml
@@ -20,6 +20,13 @@
   https://jeremylong.github.io/DependencyCheck/general/suppression.html
 -->
 <suppressions 
xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd";>
+    <suppress>
+        <!--  https://issues.apache.org/jira/browse/CASSANDRA-18608 -->
+        <packageUrl 
regex="true">^pkg:maven/org\.xerial\.snappy/snappy\-java@.*$</packageUrl>
+        <cve>CVE-2023-34453</cve>
+        <cve>CVE-2023-34454</cve>
+        <cve>CVE-2023-34455</cve>
+    </suppress>
     <suppress>
         <!--  https://issues.apache.org/jira/browse/CASSANDRA-16150 -->
         <packageUrl 
regex="true">^pkg:maven/org\.yaml/snakeyaml@.*$</packageUrl>
diff --git a/CHANGES.txt b/CHANGES.txt
index 6e0853c3a4..43b4cc40fb 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -1,4 +1,5 @@
 3.0.30
+ * Suppress CVE-2023-34455, CVE-2023-34454, CVE-2023-34453 (CASSANDRA-18608)
  * Backport CASSANDRA-10508: Remove hard-coded SSL cipher suites 
(CASSANDRA-18575)
  * Suppress CVE-2023-2976 (CASSANDRA-18562)
  * Remove dh_python use in Debian packaging (CASSANDRA-18558)


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org

Reply via email to