[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE-2023-40272: Apache Airflow Spark Provider Arbitrary File Read via JDBC
From: Seth Arnold <seth.arnold () canonical ! com>
Date: 2023-08-18 0:20:43
Message-ID: 20230818002043.GA2155861 () millbarge
[Download RAW message or body]
On Thu, Aug 17, 2023 at 01:07:16PM +0000, Elad Kalif wrote:
> https://airflow.apache.org/
> https://www.cve.org/CVERecord?id=CVE-2023-40272
hello Elad, thanks for contacting the oss-security mail list about this
security issue in an Apache project.
I'd like to suggest that your email would be far more useful if it
included details like a direct link to a patch in a source control
system or attached the patch directly.
It is also helpful to know when a flaw was introduced, if this information
is already known.
This particular email has very few details and no references for a fix so
it is very difficult for anyone to take concrete actions.
Here's two recent postings that are far easier for downstream distributors
and consumers alike to use:
https://www.openwall.com/lists/oss-security/2023/04/04/1
https://www.openwall.com/lists/oss-security/2023/03/21/3
I'd like to encourage Apache to use these as inspiration for future
oss-security postings.
Thanks
["signature.asc" (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic