[jira] [Commented] (PARQUET-2338) CVE-2022-25168 in hadoop-common

Steve Loughran (Jira) Mon, 21 Aug 2023 06:21:05 -0700


    [ 
https://issues.apache.org/jira/browse/PARQUET-2338?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17756912#comment-17756912
 ]


Steve Loughran commented on PARQUET-2338:
-----------------------------------------

pr #1065 did this in 53ea34ac7eb98432a72e3c37cd48e4f02baf65ea ; anything wrong 
with that commit? or is just not the right branch?

> CVE-2022-25168 in hadoop-common
> -------------------------------
>
>                 Key: PARQUET-2338
>                 URL: https://issues.apache.org/jira/browse/PARQUET-2338
>             Project: Parquet
>          Issue Type: Bug
>          Components: parquet-hadoop
>    Affects Versions: 1.13.1
>            Reporter: jincongho
>            Priority: Major
>
> [CVE-2022-25168|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25168]
>  requires updating hadoop-common to 3.2.4 or 3.3.3.
> Although `FileUtils.untar` isnt used inparquet-hadoop, will appreciate if we 
> can release a new parquet-hadoop soon with these newer version. Otherwise 
> parquet-hadoop will be flagged as security concern too.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (PARQUET-2338) CVE-2022-25168 in hadoop-common

Reply via email to