hive-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Steve Scaffidi (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HIVE-12875) Verify sem.getInputs() and sem.getOutputs()
Date Mon, 07 Mar 2016 20:36:40 GMT

    [ https://issues.apache.org/jira/browse/HIVE-12875?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15183652#comment-15183652
] 

Steve Scaffidi commented on HIVE-12875:
---------------------------------------

Just adding some info so other people don't have to go through all the effort I did to find
this JIRA. Hopefully it will make it easier to find when you google "CVE-2015-7521"

* The bug this issue fixes was reported as CVE-2015-7521 which I found out about at the following:
** hive-user mailing list: http://mail-archives.apache.org/mod_mbox/hive-user/201601.mbox/%3C20160128205008.2154F185EB@minotaur.apache.org%3E
** bugtraq: http://seclists.org/bugtraq/2016/Jan/157
** redhat cve page: https://access.redhat.com/security/cve/cve-2015-7521
** http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7521
** https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7521 http://seclists.org/bugtraq/2016/Jan/157


* A workaround jar and source are available here: http://apache.org/dist/hive/hive-parent-auth-hook/

* The git commit of this fix is here: https://git-wip-us.apache.org/repos/asf?p=hive.git;a=commit;h=98f933f269e6b528ef84912b3d701ca3272ec04b


> Verify sem.getInputs() and sem.getOutputs()
> -------------------------------------------
>
>                 Key: HIVE-12875
>                 URL: https://issues.apache.org/jira/browse/HIVE-12875
>             Project: Hive
>          Issue Type: Bug
>            Reporter: Sushanth Sowmyan
>            Assignee: Sushanth Sowmyan
>             Fix For: 1.3.0, 2.0.0, 1.0.2, 1.2.2, 1.1.2, 2.1.0
>
>         Attachments: HIVE-12875.patch
>
>
> For every partition entity object present in sem.getInputs() and sem.getOutputs(), we
must verify the appropriate Table in the list of Entities.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message