[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE-2023-40272: Apache Airflow Spark Provider Arbitrary File Read via JDBC
From:       Seth Arnold <seth.arnold () canonical ! com>
Date:       2023-08-18 0:20:43
Message-ID: 20230818002043.GA2155861 () millbarge
[Download RAW message or body]


On Thu, Aug 17, 2023 at 01:07:16PM +0000, Elad Kalif wrote:
> https://airflow.apache.org/
> https://www.cve.org/CVERecord?id=CVE-2023-40272

hello Elad, thanks for contacting the oss-security mail list about this
security issue in an Apache project.

I'd like to suggest that your email would be far more useful if it
included details like a direct link to a patch in a source control
system or attached the patch directly.

It is also helpful to know when a flaw was introduced, if this information
is already known.

This particular email has very few details and no references for a fix so
it is very difficult for anyone to take concrete actions.

Here's two recent postings that are far easier for downstream distributors
and consumers alike to use:
https://www.openwall.com/lists/oss-security/2023/04/04/1
https://www.openwall.com/lists/oss-security/2023/03/21/3

I'd like to encourage Apache to use these as inspiration for future
oss-security postings.

Thanks

["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]