[jira] [Commented] (THRIFT-5075) Backport fixes for CVE-2019-0205 to (Java) 0.9.3-1 version

Laurent Goujon (Jira) Fri, 24 Jan 2020 14:56:24 -0800


    [ 
https://issues.apache.org/jira/browse/THRIFT-5075?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17023319#comment-17023319
 ]


Laurent Goujon commented on THRIFT-5075:
----------------------------------------

I've been trying to do the backport myself (the biggest challenge being 
recreating a build environment). Here's my proposed patch: 
https://github.com/apache/thrift/pull/1993

> Backport fixes for CVE-2019-0205 to (Java) 0.9.3-1 version
> ----------------------------------------------------------
>
>                 Key: THRIFT-5075
>                 URL: https://issues.apache.org/jira/browse/THRIFT-5075
>             Project: Thrift
>          Issue Type: Bug
>            Reporter: Laurent Goujon
>            Priority: Major
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> Similar to THRIFT-4506, would it be possible to backport fixes for 
> CVE-2019-0205 to 0.9.x branch. There are still several projects still relying 
> on 0.9.3-1, and the vulnerability seems to impact them as well.
> I believe the fix for Java was part of THRIFT-4024



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (THRIFT-5075) Backport fixes for CVE-2019-0205 to (Java) 0.9.3-1 version

Reply via email to