Control port users, take note.
-------- Forwarded Message -------- Subject: [NOTICE]: Apache Thrift Security Vulnerability CVE-2016-5397 Date: Fri, 13 Jan 2017 12:16:04 -0500 From: Jake Farrell <jfarr...@apache.org> Reply-To: u...@thrift.apache.org, jfarr...@apache.org To: u...@thrift.apache.org <u...@thrift.apache.org>, d...@thrift.apache.org <d...@thrift.apache.org> CVE-2016-5397 A security vulnerability was discovered in the Apache Thrift Go client library, CVE-2016-5397. It was determined that the Apache Thrift Go client library exposed the potential during code generation for command injection due to using an external formatting tool. This has been traced and resolved in THRIFT-3893 [2]. Vendor: The Apache Software Foundation Versions Affected: All Apache Thrift versions 0.9.3 and older may be affected Mitigation: Upgrading to the latest Apache Thrift 0.10.0 release Resolution: The issue was resolved by removing the relevant calls to the external formatting tool, gofmt, since it is not required for core Apache Thrift code functionality. -Jake Farrell [1]: CVE-2016-5397 [2]: https://issues.apache.org/jira/browse/THRIFT-3893 _______________________________________________ Discuss-gnuradio mailing list Discuss-gnuradio@gnu.org https://lists.gnu.org/mailman/listinfo/discuss-gnuradio
