Both the Subject and the heading in the body of this message do not agree with the CVE referenced in the main text.
A correction needs to be issued. Mark On 02/12/2015 02:28, Jake Farrell wrote: > CVE-2015-1774 > > A security vulnerability was discovered in the Apache Thrift client > libraries, > CVE-2015-3254. It was determined that in some cases a remote user could > cause unlimited recursion when the skip() function was called within the > server. > This has being addressed in the Apache Thrift 0.9.3 release and was > tracked in > THRIFT-3231 [2]. > > Vendor: The Apache Software Foundation > > Versions Affected: All Apache Thrift versions 0.9.2 and older may be > affected > > Mitigation: Upgrading to the latest 0.9.3 release > > > -Jake Farrell > > [1]: CVE-2015-3254 > [2]: https://issues.apache.org/jira/browse/THRIFT-3231