[jira] [Commented] (TEZ-4469) Upgrade jettison to 1.5.3 to fix CVE-2022-40150

Bilwa S T (Jira) Fri, 17 Feb 2023 01:16:44 -0800


    [ 
https://issues.apache.org/jira/browse/TEZ-4469?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17690279#comment-17690279
 ]


Bilwa S T commented on TEZ-4469:
--------------------------------

CVE-2022-40150 is undergoing reanalysis and also in the report it says 1.5.1 is 
not vulnerable to it. So correct CVE for this would be CVE-2022-45685 and 
CVE-2022-45693. 

> Upgrade jettison to 1.5.3 to fix CVE-2022-40150
> -----------------------------------------------
>
>                 Key: TEZ-4469
>                 URL: https://issues.apache.org/jira/browse/TEZ-4469
>             Project: Apache Tez
>          Issue Type: Bug
>            Reporter: Bilwa S T
>            Assignee: Devaspati Krishnatri
>            Priority: Major
>             Fix For: 0.10.3
>
>          Time Spent: 0.5h
>  Remaining Estimate: 0h
>




--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (TEZ-4469) Upgrade jettison to 1.5.3 to fix CVE-2022-40150

Reply via email to