[
https://issues.apache.org/jira/browse/FTPSERVER-500?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17291574#comment-17291574
]
Emmanuel Lécharny commented on FTPSERVER-500:
---------------------------------------------
No. The classic answer is 'when it's ready', which means when we have time to
take care of the release.
yesterday, when I tried to build the project, I had some SSL errors, so there
is still some work to do to get the project to build...
> Security vulnerability in common/lib/log4j-1.2.17.jar
> -----------------------------------------------------
>
> Key: FTPSERVER-500
> URL: https://issues.apache.org/jira/browse/FTPSERVER-500
> Project: FtpServer
> Issue Type: Bug
> Reporter: Thomas England
> Assignee: Jonathan Valliere
> Priority: Major
> Fix For: 1.1.2
>
>
> Hi, While scanning a docker image containing apache ftp it reported that:
> /apache-ftpserver-1.1.1/common/lib/log4j-1.2.17.jar
> has the following vulnerability ranked as critical
> CVE-2019-17571
> Some further info:
> [https://nsfocusglobal.com/apache-log4j-deserialization-remote-code-execution-cve-2019-17571-vulnerability-threat-alert/]
> Output from the Grype scan
> {code:java}
> NAME INSTALLED FIXED-IN VULNERABILITY
> SEVERITY
> bash 5.0-6ubuntu1.1 CVE-2019-18276
> Low
> coreutils 8.30-3ubuntu2 CVE-2016-2781
> Low
> gpgv 2.2.19-3ubuntu2 CVE-2019-13050
> Low
> krb5-locales 1.17-6ubuntu4.1 CVE-2018-5709
> Negligible
> libapparmor1 2.13.3-7ubuntu5.1 CVE-2016-1585
> Medium
> libc-bin 2.31-0ubuntu9.1 CVE-2016-10228
> Negligible
> libc-bin 2.31-0ubuntu9.1 CVE-2020-6096
> Low
> libc-bin 2.31-0ubuntu9.1 CVE-2020-29562
> Low
> libc-bin 2.31-0ubuntu9.1 CVE-2020-27618
> Low
> libc-bin 2.31-0ubuntu9.1 CVE-2019-25013
> Low
> libc6 2.31-0ubuntu9.1 CVE-2016-10228
> Negligible
> libc6 2.31-0ubuntu9.1 CVE-2020-6096
> Low
> libc6 2.31-0ubuntu9.1 CVE-2020-29562
> Low
> libc6 2.31-0ubuntu9.1 CVE-2020-27618
> Low
> libc6 2.31-0ubuntu9.1 CVE-2019-25013
> Low
> libcairo-gobject2 1.16.0-4ubuntu1 CVE-2017-9814
> Low
> libcairo-gobject2 1.16.0-4ubuntu1 CVE-2017-7475
> Low
> libcairo-gobject2 1.16.0-4ubuntu1 CVE-2019-6462
> Low
> libcairo-gobject2 1.16.0-4ubuntu1 CVE-2019-6461
> Low
> libcairo-gobject2 1.16.0-4ubuntu1 CVE-2018-18064
> Low
> libcairo2 1.16.0-4ubuntu1 CVE-2017-9814
> Low
> libcairo2 1.16.0-4ubuntu1 CVE-2017-7475
> Low
> libcairo2 1.16.0-4ubuntu1 CVE-2019-6462
> Low
> libcairo2 1.16.0-4ubuntu1 CVE-2019-6461
> Low
> libcairo2 1.16.0-4ubuntu1 CVE-2018-18064
> Low
> libcups2 2.3.1-9ubuntu1.1 CVE-2019-8842
> Low
> libcups2 2.3.1-9ubuntu1.1 CVE-2020-10001
> Low
> libflac8 1.3.3-1build1 CVE-2020-0499
> Low
> libgcrypt20 1.8.5-5ubuntu1 CVE-2019-12904
> Low
> libgif7 5.1.9-1 CVE-2018-11489
> Low
> libglib2.0-0 2.64.6-1~ubuntu20.04.1 CVE-2021-27218
> Medium
> libglib2.0-0 2.64.6-1~ubuntu20.04.1 CVE-2021-27219
> Medium
> libglib2.0-data 2.64.6-1~ubuntu20.04.1 CVE-2021-27218
> Medium
> libglib2.0-data 2.64.6-1~ubuntu20.04.1 CVE-2021-27219
> Medium
> libgssapi-krb5-2 1.17-6ubuntu4.1 CVE-2018-5709
> Negligible
> libjbig0 2.1-3.1build1 CVE-2017-9937
> Negligible
> libk5crypto3 1.17-6ubuntu4.1 CVE-2018-5709
> Negligible
> libkrb5-3 1.17-6ubuntu4.1 CVE-2018-5709
> Negligible
> libkrb5support0 1.17-6ubuntu4.1 CVE-2018-5709
> Negligible
> libnss3 2:3.49.1-1ubuntu1.5 CVE-2020-25648
> Low
> libpcre3 2:8.39-12build1 CVE-2017-11164
> Negligible
> libpcre3 2:8.39-12build1 CVE-2020-14155
> Negligible
> libpcre3 2:8.39-12build1 CVE-2019-20838
> Low
> libpython3.8 3.8.5-1~20.04.2 CVE-2021-3177
> Medium
> libpython3.8 3.8.5-1~20.04.2 CVE-2020-27619
> Low
> libpython3.8 3.8.5-1~20.04.2 CVE-2021-23336
> Medium
> libpython3.8-minimal 3.8.5-1~20.04.2 CVE-2021-3177
> Medium
> libpython3.8-minimal 3.8.5-1~20.04.2 CVE-2020-27619
> Low
> libpython3.8-minimal 3.8.5-1~20.04.2 CVE-2021-23336
> Medium
> libpython3.8-stdlib 3.8.5-1~20.04.2 CVE-2021-3177
> Medium
> libpython3.8-stdlib 3.8.5-1~20.04.2 CVE-2020-27619
> Low
> libpython3.8-stdlib 3.8.5-1~20.04.2 CVE-2021-23336
> Medium
> libsqlite3-0 3.31.1-4ubuntu0.2 CVE-2020-9794
> Medium
> libsqlite3-0 3.31.1-4ubuntu0.2 CVE-2020-9991
> Low
> libsqlite3-0 3.31.1-4ubuntu0.2 CVE-2020-9849
> Low
> libsystemd0 245.4-4ubuntu3.4 CVE-2018-20839
> Medium
> libtasn1-6 4.16.0-2 CVE-2018-1000654
> Negligible
> libtiff5 4.1.0+git191117-2build1 CVE-2018-10126
> Low
> libudev1 245.4-4ubuntu3.4 CVE-2018-20839
> Medium
> libwebp6 0.6.1-2 CVE-2016-9085
> Medium
> libx11-6 2:1.6.9-2ubuntu1.1 CVE-2020-25697
> Low
> libx11-data 2:1.6.9-2ubuntu1.1 CVE-2020-25697
> Low
> libx11-xcb1 2:1.6.9-2ubuntu1.1 CVE-2020-25697
> Low
> libxml2 2.9.10+dfsg-5 CVE-2020-24977
> Low
> log4j 1.2.17 GHSA-2qrg-x229-3v8q
> Medium
> log4j 1.2.17 CVE-2019-17571
> Critical
> log4j 1.2.17 CVE-2020-9488
> Low
> login 1:4.8.1-1ubuntu5.20.04 CVE-2013-4235
> Low
> passwd 1:4.8.1-1ubuntu5.20.04 CVE-2013-4235
> Low
> rt 1.8.0_282 CVE-2011-0009
> Medium
> rt 1.8.0_282 CVE-2011-1007
> Low
> rt 1.8.0_282 CVE-2011-1008
> Medium
> rt 1.8.0_282 CVE-2011-2085
> Medium
> x11-common 1:7.7+19ubuntu14 CVE-2012-1093
> Low
> xdg-user-dirs 0.17-2ubuntu1 CVE-2017-15131
> Low {code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org
