From dev-return-57534-archive-asf-public=cust-asf.ponee.io@thrift.apache.org  Fri Jan 24 22:50:02 2020
Return-Path: <dev-return-57534-archive-asf-public=cust-asf.ponee.io@thrift.apache.org>
X-Original-To: archive-asf-public@cust-asf.ponee.io
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [207.244.88.153])
	by mx-eu-01.ponee.io (Postfix) with SMTP id 2583618064E
	for <archive-asf-public@cust-asf.ponee.io>; Fri, 24 Jan 2020 23:50:02 +0100 (CET)
Received: (qmail 69486 invoked by uid 500); 24 Jan 2020 22:50:01 -0000
Mailing-List: contact dev-help@thrift.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@thrift.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@thrift.apache.org>
List-Post: <mailto:dev@thrift.apache.org>
List-Id: <dev.thrift.apache.org>
Reply-To: dev@thrift.apache.org
Delivered-To: mailing list dev@thrift.apache.org
Received: (qmail 69472 invoked by uid 99); 24 Jan 2020 22:50:01 -0000
Received: from mailrelay1-us-west.apache.org (HELO mailrelay1-us-west.apache.org) (209.188.14.139)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 24 Jan 2020 22:50:01 +0000
Received: from jira-he-de.apache.org (static.172.67.40.188.clients.your-server.de [188.40.67.172])
	by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 858E0E0175
	for <dev@thrift.apache.org>; Fri, 24 Jan 2020 22:50:00 +0000 (UTC)
Received: from jira-he-de.apache.org (localhost.localdomain [127.0.0.1])
	by jira-he-de.apache.org (ASF Mail Server at jira-he-de.apache.org) with ESMTP id 044887803B7
	for <dev@thrift.apache.org>; Fri, 24 Jan 2020 22:50:00 +0000 (UTC)
Date: Fri, 24 Jan 2020 22:50:00 +0000 (UTC)
From: "Laurent Goujon (Jira)" <jira@apache.org>
To: dev@thrift.apache.org
Message-ID: <JIRA.13281501.1579906151000.46947.1579906200014@Atlassian.JIRA>
In-Reply-To: <JIRA.13281501.1579906151000@Atlassian.JIRA>
References: <JIRA.13281501.1579906151000@Atlassian.JIRA> <JIRA.13281501.1579906151379@jira-he-de>
Subject: [jira] [Created] (THRIFT-5075) Backport fixes for CVE-2019-0205 to
 (Java) 0.9.3-1 version
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394

Laurent Goujon created THRIFT-5075:
--------------------------------------

             Summary: Backport fixes for CVE-2019-0205 to (Java) 0.9.3-1 version
                 Key: THRIFT-5075
                 URL: https://issues.apache.org/jira/browse/THRIFT-5075
             Project: Thrift
          Issue Type: Bug
            Reporter: Laurent Goujon


Similar to THRIFT-4506, would it be possible to backport fixes for CVE-2019-0205 to 0.9.x branch. There are still several projects still relying on 0.9.3-1, and the vulnerability seems to impact them as well.

I believe the fix for Java was part of THRIFT-4024



--
This message was sent by Atlassian Jira
(v8.3.4#803005)