Thank you Rob On Wed, Dec 16, 2015 at 3:50 PM, Rob Godfrey <rob.j.godf...@gmail.com> wrote:
> No - the code-bases for Java and C++ are completely distinct, so it > normally makes no sense to talk about whether a CVE affects both products. > Each product should be tested separately for security issues. Looking at > the details of the particular CVE you referenced, the Java code does not > use asserts, and invalid protocols sequences will generate exceptions which > will cause the Connection to be closed, but will not bring down the broker. > > -- Rob > > On 16 December 2015 at 23:40, rammohan ganapavarapu < > rammohanga...@gmail.com > > wrote: > > > Rob, > > > > Thank you for quick reply, do we have any doc which says java broker is > > unaffected just in case if any one asks for any documents related to it? > > > > Ram > > > > On Wed, Dec 16, 2015 at 3:31 PM, Rob Godfrey <rob.j.godf...@gmail.com> > > wrote: > > > > > As per my previous mail - no, that CVE is specific to the C++ broker. > The > > > Java Broker is unaffected. > > > > > > -- Rob > > > > > > On 16 December 2015 at 23:29, rammohan ganapavarapu < > > > rammohanga...@gmail.com > > > > wrote: > > > > > > > Hi, > > > > > > > > Does CVE-2015-0203 ( > > https://bugzilla.redhat.com/show_bug.cgi?id=1181721) > > > > affect 0.28 Java broker? > > > > > > > > Thanks, > > > > Ram > > > > > > > > > >