Skip to content

Commit

Permalink
[202012] Fix CVE-2017-1000487 security alert (#11635)
Browse files Browse the repository at this point in the history 
Why I did it
Fix CVE-2017-1000487 alert in thrift 0.14.1.
See https://nvd.nist.gov/vuln/detail/CVE-2017-1000487

How I did it
Change the version of org.codehaus.plexus:plexus-utils from 3.0.14 to 3.0.16.
  • Loading branch information
@xumia
xumia committed Aug 8, 2022
1 parent 14f93e1 commit 1c8c1a6
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 0 deletions.
1 change: 1 addition & 0 deletions src/thrift_0_13_0/Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ $(addprefix $(DEST)/, $(MAIN_TARGET)): $(DEST)/% :
patch -p1 < ../patch/0001-Remove-unneeded-packages.patch
patch -p1 < ../patch/0002-Remove-minimist-packages.patch
patch -p1 < ../patch/0003-Remove-underscore-packages.patch
patch -p1 < ../patch/0002-cve-2017-1000487.patch
DEB_BUILD_OPTIONS=nocheck dpkg-buildpackage -d -rfakeroot -b -us -uc -j$(SONIC_CONFIG_MAKE_JOBS) --admindir $(SONIC_DPKG_ADMINDIR)
popd

Expand Down
1 change: 1 addition & 0 deletions src/thrift_0_13_0/patch/0002-cve-2017-1000487.patch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
../../thrift/patch/0002-cve-2017-1000487.patch

0 comments on commit 1c8c1a6

Please sign in to comment.