You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@kafka.apache.org by Swathi Mocharla <sw...@gmail.com> on 2022/09/26 08:09:11 UTC

PR for CVE-2022-34917

Hi,
CVE: https://nvd.nist.gov/vuln/detail/CVE-2022-34917
Could you please help with the PR that fixed this vulnerability? We are
looking to apply the patch that fixes this and we are unable to find it.
Thanks,
Swathi

Re: PR for CVE-2022-34917

Posted by Tom Bentley <tb...@redhat.com>.

Hi Swathi,

In this case the PR reviews happened on a private repo because the CVE
wasn't public at that time. On the 3.3 branches you can look at/cherry-pick
commits 015d7aede6cbd350d56d75006930dd2bf89a4a5a and
b2b928338c7226b41a73786df27a2127eaa32ab2.

Kind regards,

Tom

On Mon, 26 Sept 2022 at 15:19, Swathi Mocharla <sw...@gmail.com>
wrote:

> Hi,
> CVE: https://nvd.nist.gov/vuln/detail/CVE-2022-34917
> Could you please help with the PR that fixed this vulnerability? We are
> looking to apply the patch that fixes this and we are unable to find it.
> Thanks,
> Swathi
>

Re: PR for CVE-2022-34917

Posted by Manikumar <ma...@gmail.com>.

https://issues.apache.org/jira/browse/KAFKA-14063?focusedCommentId=17608137&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-17608137

On Mon, Sep 26, 2022 at 7:42 PM Swathi Mocharla
<sw...@gmail.com> wrote:
>
> Hi,
> CVE: https://nvd.nist.gov/vuln/detail/CVE-2022-34917
> Could you please help with the PR that fixed this vulnerability? We are
> looking to apply the patch that fixes this and we are unable to find it.
> Thanks,
> Swathi