You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@pulsar.apache.org by ni...@apache.org on 2022/05/24 08:12:58 UTC

[pulsar] branch branch-2.10 updated: [owasp] add suppression for Kotlin stdlib CVE-2022-24329 - part 2 (#14715)

This is an automated email from the ASF dual-hosted git repository.

nicoloboschi pushed a commit to branch branch-2.10
in repository https://gitbox.apache.org/repos/asf/pulsar.git


The following commit(s) were added to refs/heads/branch-2.10 by this push:
     new 2939bb788f2 [owasp] add suppression for Kotlin stdlib CVE-2022-24329 - part 2 (#14715)
2939bb788f2 is described below

commit 2939bb788f2d3f3618232a6991a7da8167ee17d1
Author: Nicolò Boschi <bo...@gmail.com>
AuthorDate: Thu Mar 17 04:23:56 2022 +0100

    [owasp] add suppression for Kotlin stdlib CVE-2022-24329 - part 2 (#14715)
    
    (cherry picked from commit 828d057a0d75fe250e07a98d546843e988b1a34e)
---
 src/owasp-dependency-check-suppressions.xml | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/src/owasp-dependency-check-suppressions.xml b/src/owasp-dependency-check-suppressions.xml
index 34266915431..2c729026c27 100644
--- a/src/owasp-dependency-check-suppressions.xml
+++ b/src/owasp-dependency-check-suppressions.xml
@@ -42,6 +42,28 @@
         <vulnerabilityName regex="true">.*</vulnerabilityName>
     </suppress>
 
+    <!-- see https://github.com/apache/pulsar/pull/14629-->
+    <suppress>
+        <notes><![CDATA[
+   file name: kotlin-stdlib-common-1.4.32.jar
+   ]]></notes>
+        <sha1>ef50bfa2c0491a11dcc35d9822edbfd6170e1ea2</sha1>
+        <cpe>cpe:/a:jetbrains:kotlin</cpe>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[
+   file name: kotlin-stdlib-jdk7-1.4.32.jar
+   ]]></notes>
+        <sha1>3546900a3ebff0c43f31190baf87a9220e37b7ea</sha1>
+        <cve>CVE-2022-24329</cve>
+    </suppress>
+    <suppress>
+        <notes><![CDATA[
+   file name: kotlin-stdlib-jdk8-1.4.32.jar
+   ]]></notes>
+        <sha1>3302f9ec8a5c1ed220781dbd37770072549bd333</sha1>
+        <cve>CVE-2022-24329</cve>
+    </suppress>
     <suppress>
         <notes><![CDATA[
    file name: kotlin-stdlib-1.4.32.jar