[ovirt-users] Re: CVE-2024-1597

2024-02-21 Thread Jean-Louis Dupond via Users 

The fix got merged into the 42.2.x branch:
https://github.com/pgjdbc/pgjdbc/commits/release/42.2/

So guess we just need to bump the dep in the pom.
But as far as I see the code doesn't use the PreferQueryMode flag, so 
we're save.


Jean-Louis

On 21/02/2024 09:30, Fabrice Bacchella via Users wrote:
I think there is a typo in the announcement. 42.2.8 is 4 year old, 
42.2.28 was issued this night. That’s suspicious.


Le 21 févr. 2024 à 09:24, Sandro Bonazzola  a 
écrit :


I'm not an expert on this topic, but according engine's pom we are 
using 42.2.27 which doesn't seem to be in the list of the affected 
version on https://github.com/advisories/GHSA-xfg6-62px-cxc2


Il giorno mer 21 feb 2024 alle ore 09:09 Fabrice Bacchella via Users 
 ha scritto:


Does oVirt is exposed to CVE-2024-1597 ?

To be exposed, the jdbc driver needs to be used with
PreferQueryMode=SIMPLE. Is that the situation ?
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct:
https://www.ovirt.org/community/about/community-guidelines/
List Archives:

https://lists.ovirt.org/archives/list/users@ovirt.org/message/MORV4QFHRUUKWEWTXSLUWKADCF7YTYW6/



--
Sandro Bonazzola
MANAGER, SOFTWARE ENGINEERING
Red Hat In-Vehicle Operating System

Red Hat EMEA 

 

*Red Hat respects your work life balance. Therefore there is no need 
to answer this email out of your office hours.

*
*

*



___
Users mailing list --users@ovirt.org
To unsubscribe send an email tousers-le...@ovirt.org
Privacy Statement:https://www.ovirt.org/privacy-policy.html
oVirt Code of 
Conduct:https://www.ovirt.org/community/about/community-guidelines/
List 
Archives:https://lists.ovirt.org/archives/list/users@ovirt.org/message/U6RRN65LSS3NOMSR2LLT5QJAN3NNK2OA/___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/T3IH3NCYFWXFMZDDYIRQE2ALOGPG6HNQ/

[ovirt-users] Re: CVE-2024-1597

2024-02-21 Thread Fabrice Bacchella via Users 
I think there is a typo in the announcement. 42.2.8 is 4 year old, 42.2.28 was 
issued this night. That’s suspicious.

> Le 21 févr. 2024 à 09:24, Sandro Bonazzola  a écrit :
> 
> I'm not an expert on this topic, but according engine's pom we are using 
> 42.2.27 which doesn't seem to be in the list of the affected version on 
> https://github.com/advisories/GHSA-xfg6-62px-cxc2
> 
> Il giorno mer 21 feb 2024 alle ore 09:09 Fabrice Bacchella via Users 
> mailto:users@ovirt.org>> ha scritto:
>> Does oVirt is exposed to CVE-2024-1597 ?
>> 
>> To be exposed, the jdbc driver needs to be used with PreferQueryMode=SIMPLE. 
>> Is that the situation ?
>> ___
>> Users mailing list -- users@ovirt.org 
>> To unsubscribe send an email to users-le...@ovirt.org 
>> 
>> Privacy Statement: https://www.ovirt.org/privacy-policy.html
>> oVirt Code of Conduct: 
>> https://www.ovirt.org/community/about/community-guidelines/
>> List Archives: 
>> https://lists.ovirt.org/archives/list/users@ovirt.org/message/MORV4QFHRUUKWEWTXSLUWKADCF7YTYW6/
> 
> 
> --
> Sandro Bonazzola
> MANAGER, SOFTWARE ENGINEERING
> Red Hat In-Vehicle Operating System
> Red Hat EMEA 
>  
> Red Hat respects your work life balance. Therefore there is no need to answer 
> this email out of your office hours.
> 
> 

___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/U6RRN65LSS3NOMSR2LLT5QJAN3NNK2OA/

[ovirt-users] Re: CVE-2024-1597

2024-02-21 Thread Sandro Bonazzola 
I'm not an expert on this topic, but according engine's pom we are using
42.2.27 which doesn't seem to be in the list of the affected version on
https://github.com/advisories/GHSA-xfg6-62px-cxc2

Il giorno mer 21 feb 2024 alle ore 09:09 Fabrice Bacchella via Users <
users@ovirt.org> ha scritto:

> Does oVirt is exposed to CVE-2024-1597 ?
>
> To be exposed, the jdbc driver needs to be used with
> PreferQueryMode=SIMPLE. Is that the situation ?
> ___
> Users mailing list -- users@ovirt.org
> To unsubscribe send an email to users-le...@ovirt.org
> Privacy Statement: https://www.ovirt.org/privacy-policy.html
> oVirt Code of Conduct:
> https://www.ovirt.org/community/about/community-guidelines/
> List Archives:
> https://lists.ovirt.org/archives/list/users@ovirt.org/message/MORV4QFHRUUKWEWTXSLUWKADCF7YTYW6/
>


-- 

Sandro Bonazzola

MANAGER, SOFTWARE ENGINEERING

Red Hat In-Vehicle Operating System

Red Hat EMEA 


*Red Hat respects your work life balance. Therefore there is no need to
answer this email out of your office hours.*
___
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
https://www.ovirt.org/community/about/community-guidelines/
List Archives: 
https://lists.ovirt.org/archives/list/users@ovirt.org/message/XKKKU2QK5GXYOLBBYLI3ZHSGTPL53O6B/