New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix Integer overflow in Poco::UTF32Encoding #58073
Conversation
This is an automated comment for commit 341806d with description of existing statuses. It's updated for the latest CI running ❌ Click here to open a full report in a separate page Successful checks
|
@nickitat, is it possible to update the last release after merge, or create the new patch release? |
Is this a bugfix that needs to be backported? It's tagged as |
In POCO it is a security issue. I couldn't say how it affects ClickHouse, but maybe it's better to update. |
I've tested removing the following functions:
CH still builds and runs. It seems CH doesn't use these functions, so no need to backport. |
I was wrong and the code still might be used. It seems POCO code doesn't go through normal linters and doesn't declare |
Do we need just to change tag for backporting this patch, or we need to prove reachability first? |
Let me start by saying that is my opinion:
Does that make sense to you? |
Let's tag it as bugfix and mark it to be backported. A little bit later I'll try to investigate the reachability. |
Failures:
|
…408c14fe899cdbc8e4eed118fe085 Cherry pick #58073 to 23.3: Fix Integer overflow in Poco::UTF32Encoding
…408c14fe899cdbc8e4eed118fe085 Cherry pick #58073 to 23.8: Fix Integer overflow in Poco::UTF32Encoding
…408c14fe899cdbc8e4eed118fe085 Cherry pick #58073 to 23.9: Fix Integer overflow in Poco::UTF32Encoding
…7408c14fe899cdbc8e4eed118fe085 Cherry pick #58073 to 23.10: Fix Integer overflow in Poco::UTF32Encoding
…7408c14fe899cdbc8e4eed118fe085 Cherry pick #58073 to 23.11: Fix Integer overflow in Poco::UTF32Encoding
Backport #58073 to 23.11: Fix Integer overflow in Poco::UTF32Encoding
Backport #58073 to 23.9: Fix Integer overflow in Poco::UTF32Encoding
Backport #58073 to 23.10: Fix Integer overflow in Poco::UTF32Encoding
Backport #58073 to 23.8: Fix Integer overflow in Poco::UTF32Encoding
Backport #58073 to 23.3: Fix Integer overflow in Poco::UTF32Encoding
Changelog category (leave one):
Changelog entry (a user-readable short description of the changes that goes to CHANGELOG.md):
Patch from this issue.