[
https://issues.apache.org/jira/browse/KUDU-3494?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17745376#comment-17745376
]
ASF subversion and git services commented on KUDU-3494:
-------------------------------------------------------
Commit 68009e8ab4c685ac90309ed010301ca97d961a83 in kudu's branch
refs/heads/master from Alexey Serbin
[ https://gitbox.apache.org/repos/asf?p=kudu.git;h=68009e8ab ]
KUDU-3494 upgrade protobuf up to 3.21.12
This is to address a vulnerability in protobuf 3.19.3 [1][2]
[1] https://nvd.nist.gov/vuln/detail/CVE-2022-3509
[2] https://nvd.nist.gov/vuln/detail/CVE-2022-3510
Change-Id: I4a7c69e3eeae1afbddccb2867ecd40e04807a139
Reviewed-on: http://gerrit.cloudera.org:8080/20233
Tested-by: Kudu Jenkins
Reviewed-by: Yingchun Lai <[email protected]>
> Protobuf CVE CVE-2022-3510
> --------------------------
>
> Key: KUDU-3494
> URL: https://issues.apache.org/jira/browse/KUDU-3494
> Project: Kudu
> Issue Type: Bug
> Affects Versions: 1.16.0
> Reporter: Colm O hEigeartaigh
> Priority: Major
> Fix For: 1.17.0, 1.16.1
>
>
> There is a CVE in protobuf 3.19.3
> [https://github.com/apache/kudu/blob/5659541d15c5490d25ca207c4f63b249986fbfe6/java/gradle/dependencies.gradle#L54]
> [https://nvd.nist.gov/vuln/detail/CVE-2022-3509]
> [https://nvd.nist.gov/vuln/detail/CVE-2022-3510]
> Please update to 3.19.6.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
