the CVE notice that went out in our board report was correct, CVE-2015-3254. Please disregard CVE-2015-1774, not sure where that came in from
-Jake On Wed, Dec 9, 2015 at 5:23 AM, Mark Thomas <[email protected]> wrote: > Both the Subject and the heading in the body of this message do not > agree with the CVE referenced in the main text. > > A correction needs to be issued. > > Mark > > On 02/12/2015 02:28, Jake Farrell wrote: > > CVE-2015-1774 > > > > A security vulnerability was discovered in the Apache Thrift client > > libraries, > > CVE-2015-3254. It was determined that in some cases a remote user could > > cause unlimited recursion when the skip() function was called within the > > server. > > This has being addressed in the Apache Thrift 0.9.3 release and was > > tracked in > > THRIFT-3231 [2]. > > > > Vendor: The Apache Software Foundation > > > > Versions Affected: All Apache Thrift versions 0.9.2 and older may be > > affected > > > > Mitigation: Upgrading to the latest 0.9.3 release > > > > > > -Jake Farrell > > > > [1]: CVE-2015-3254 > > [2]: https://issues.apache.org/jira/browse/THRIFT-3231 > >
