You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@orc.apache.org by om...@apache.org on 2018/05/18 16:42:01 UTC

orc git commit: Update known issues for older releases and add more details to security page.

Repository: orc
Updated Branches:
  refs/heads/master 5b5c0d5bb -> 2c7bf9ae2


Update known issues for older releases and add more details to security page.

Signed-off-by: Owen O'Malley <om...@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/orc/repo
Commit: http://git-wip-us.apache.org/repos/asf/orc/commit/2c7bf9ae
Tree: http://git-wip-us.apache.org/repos/asf/orc/tree/2c7bf9ae
Diff: http://git-wip-us.apache.org/repos/asf/orc/diff/2c7bf9ae

Branch: refs/heads/master
Commit: 2c7bf9ae25ab5065fdb537f2ae81c118d5099007
Parents: 5b5c0d5
Author: Owen O'Malley <om...@apache.org>
Authored: Fri May 18 09:35:27 2018 -0700
Committer: Owen O'Malley <om...@apache.org>
Committed: Fri May 18 09:41:31 2018 -0700

----------------------------------------------------------------------
 site/_data/releases.yml | 17 +++++++++++++++--
 site/security/index.md  |  5 ++++-
 2 files changed, 19 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/orc/blob/2c7bf9ae/site/_data/releases.yml
----------------------------------------------------------------------
diff --git a/site/_data/releases.yml b/site/_data/releases.yml
index e0a3dd7..594abd7 100644
--- a/site/_data/releases.yml
+++ b/site/_data/releases.yml
@@ -34,7 +34,7 @@
   sha256: 4c32e30a2b93953c287fb6879894bec20c59c79617e5a8a103a76d8dd2a5ee89
   known-issues:
     CVE-2018-8015: ORC files with malformed types cause stack overflow.
-    ORC-40: Predicate push down is not implemented in C++.
+    ORC-285: Empty vector batches of floats or doubles cause EOFException
 
 1.4.1:
   date: 2017-10-16
@@ -44,7 +44,7 @@
   sha256: bf9f107c61ecd6a9f08f439ad6a3870fbabbfeb1b68d9430b1258e5df03a5bb2
   known-issues:
     CVE-2018-8015: ORC files with malformed types cause stack overflow.
-    ORC-40: Predicate push down is not implemented in C++.
+    ORC-285: Empty vector batches of floats or doubles cause EOFException
 
 1.4.0:
   date: 2017-05-08
@@ -54,6 +54,7 @@
   sha256: 0f96b2096dd053b6e7559472c7eff8061f8e4459f914adf6c81c3d1eb83d3b0f
   known-issues:
     CVE-2018-8015: ORC files with malformed types cause stack overflow.
+    ORC-285: Empty vector batches of floats or doubles cause EOFException
 
 1.3.4:
   date: 2017-10-16
@@ -63,6 +64,7 @@
   sha256: 55269430aea7b825e9bd67a75d41c808dd649bda962c6a040ef9137ddfe993c0
   known-issues:
     CVE-2018-8015: ORC files with malformed types cause stack overflow.
+    ORC-285: Empty vector batches of floats or doubles cause EOFException
 
 1.3.3:
   date: 2017-02-21
@@ -72,6 +74,7 @@
   sha256: 48cf9f47ab13f4baeb1770d8f773ae69712ce1c3a1010b2515dfcc22c5b6acf9
   known-issues:
     CVE-2018-8015: ORC files with malformed types cause stack overflow.
+    ORC-285: Empty vector batches of floats or doubles cause EOFException
 
 1.3.2:
   date: 2017-02-13
@@ -81,6 +84,7 @@
   sha256: 929b70f63e2caf3e1566911c72fac23209319e76631c3cd072117cb195e473a0
   known-issues:
     CVE-2018-8015: ORC files with malformed types cause stack overflow.
+    ORC-285: Empty vector batches of floats or doubles cause EOFException
 
 1.3.1:
   date: 2017-02-03
@@ -91,6 +95,7 @@
   known-issues:
     CVE-2018-8015: ORC files with malformed types cause stack overflow.
     ORC-135: Predicate push down is incorrect on timestamps when moved between timezones
+    ORC-285: Empty vector batches of floats or doubles cause EOFException
 
 1.3.0:
   date: 2017-01-23
@@ -100,6 +105,7 @@
   sha256: d19a5b5cc1df5797e4595ba76b52a3bc5481fba3ca9fcc437e073b002970aebb
   known-issues:
     ORC-135: Predicate push down is incorrect on timestamps when moved between timezones
+    ORC-285: Empty vector batches of floats or doubles cause EOFException
 
 1.2.3:
   date: 2016-12-12
@@ -110,6 +116,7 @@
   known-issues:
     CVE-2018-8015: ORC files with malformed types cause stack overflow.
     ORC-135: Predicate push down is incorrect on timestamps when moved between timezones
+    ORC-285: Empty vector batches of floats or doubles cause EOFException
 
 1.2.2:
   date: 2016-12-01
@@ -120,6 +127,7 @@
   known-issues:
     CVE-2018-8015: ORC files with malformed types cause stack overflow.
     ORC-135: Predicate push down is incorrect on timestamps when moved between timezones
+    ORC-285: Empty vector batches of floats or doubles cause EOFException
 
 1.2.1:
   date: 2016-10-05
@@ -130,6 +138,7 @@
   known-issues:
     CVE-2018-8015: ORC files with malformed types cause stack overflow.
     ORC-135: Predicate push down is incorrect on timestamps when moved between timezones
+    ORC-285: Empty vector batches of floats or doubles cause EOFException
 
 1.2.0:
   date: 2016-08-25
@@ -141,6 +150,7 @@
     CVE-2018-8015: ORC files with malformed types cause stack overflow.
     ORC-101: Bloom filters for string and decimal use inconsistent encoding
     ORC-135: Predicate push down is incorrect on timestamps when moved between timezones
+    ORC-285: Empty vector batches of floats or doubles cause EOFException
 
 1.1.2:
   date: 2016-07-08
@@ -153,6 +163,7 @@
     HIVE-14214: Schema evolution and predicate pushdown don't work together.
     ORC-101: Bloom filters for string and decimal use inconsistent encoding
     ORC-135: Predicate push down is incorrect on timestamps when moved between timezones
+    ORC-285: Empty vector batches of floats or doubles cause EOFException
 
 1.1.1:
   date: 2016-06-13
@@ -165,6 +176,7 @@
     HIVE-14214: Schema evolution and predicate pushdown don't work together.
     ORC-101: Bloom filters for string and decimal use inconsistent encoding
     ORC-135: Predicate push down is incorrect on timestamps when moved between timezones
+    ORC-285: Empty vector batches of floats or doubles cause EOFException
 
 1.1.0:
   date: 2016-06-10
@@ -177,6 +189,7 @@
     HIVE-14214: Schema evolution and predicate pushdown don't work together.
     ORC-101: Bloom filters for string and decimal use inconsistent encoding
     ORC-135: Predicate push down is incorrect on timestamps when moved between timezones
+    ORC-285: Empty vector batches of floats or doubles cause EOFException
 
 1.0.0:
   date: 2016-01-25

http://git-wip-us.apache.org/repos/asf/orc/blob/2c7bf9ae/site/security/index.md
----------------------------------------------------------------------
diff --git a/site/security/index.md b/site/security/index.md
index 69d94ae..497d1fc 100644
--- a/site/security/index.md
+++ b/site/security/index.md
@@ -38,7 +38,10 @@ An overview of the vulnerability handling process is:
 * The reporter sends email to the project privately.
 * The project works privately with the reporter to resolve the vulnerability.
 * The project releases a new version that includes the fix.
-* The vulnerability is publically announced via a [CVE](https://cve.mitre.org/).
+* The vulnerability is publically announced via a [CVE](https://cve.mitre.org/) to the mailing lists and the original reporter.
+
+The full process can be found on the
+[Apache Security Process](https://www.apache.org/security/committers.html#vulnerability-handling) page.
 
 ## Fixed CVEs