Uploaded image for project: 'Bigtop'
  1. Bigtop
  2. BIGTOP-3671

Add a patch for CVE-2021-22569 to bigtop_toolchain

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 3.1.0
    • toolchain
    • None

    Description

      PR#9371 of protobuf is the fix for vulnerability of protobuf-java. apurtell provided us a backported patch for protobuf-2.5.0. Users can locally install patched protobuf-java from the source code set up by bigtop_toolchain (under /usr/src/protobuf-2.5.0/java) for their own build.

      Using patched protobuf-java for packaging is out of the scope of this issue. We are using only protoc and protobuf-java is pulled from public Maven repos now. It may be addressed in follow-up JIRAs.

      Attachments

        Issue Links

          links to

          Web Link GitHub pull request #888

          Activity

            People

              iwasakims Masatake Iwasaki
              iwasakims Masatake Iwasaki
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 40m
                  40m