[
https://issues.apache.org/jira/browse/HIVE-12875?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15183652#comment-15183652
]
Steve Scaffidi commented on HIVE-12875:
---------------------------------------
Just adding some info so other people don't have to go through all the effort I
did to find this JIRA. Hopefully it will make it easier to find when you google
"CVE-2015-7521"
* The bug this issue fixes was reported as CVE-2015-7521 which I found out
about at the following:
** hive-user mailing list:
http://mail-archives.apache.org/mod_mbox/hive-user/201601.mbox/%3c20160128205008.2154f18...@minotaur.apache.org%3E
** bugtraq: http://seclists.org/bugtraq/2016/Jan/157
** redhat cve page: https://access.redhat.com/security/cve/cve-2015-7521
** http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521
** https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7521
http://seclists.org/bugtraq/2016/Jan/157
* A workaround jar and source are available here:
http://apache.org/dist/hive/hive-parent-auth-hook/
* The git commit of this fix is here:
https://git-wip-us.apache.org/repos/asf?p=hive.git;a=commit;h=98f933f269e6b528ef84912b3d701ca3272ec04b
> Verify sem.getInputs() and sem.getOutputs()
> -------------------------------------------
>
> Key: HIVE-12875
> URL: https://issues.apache.org/jira/browse/HIVE-12875
> Project: Hive
> Issue Type: Bug
> Reporter: Sushanth Sowmyan
> Assignee: Sushanth Sowmyan
> Fix For: 1.3.0, 2.0.0, 1.0.2, 1.2.2, 1.1.2, 2.1.0
>
> Attachments: HIVE-12875.patch
>
>
> For every partition entity object present in sem.getInputs() and
> sem.getOutputs(), we must verify the appropriate Table in the list of
> Entities.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
