apo_1 Posted October 31, 2017 Share Posted October 31, 2017 I am looking for more information about three recently published security vulnerabilities namely CVE-2017-14941, CVE-2017-5528, CVE-2017-5529. I would like to know in which version they were fixed and if a patch exists that could be applied to earlier version. So far I haven't found any details about the aforementioned CVE that would allow us to fix the issue. I am grateful for any hints. Thanks in advance Link to comment Share on other sites More sharing options...
elizam Posted November 1, 2017 Share Posted November 1, 2017 All I can tell you is to look at the Tibco security advisory page: https://www.tibco.com/services/support/advisoriesIf you have a commercial license with support, contact support. Otherwise, if you go to the page for a specific vulnerability, you will see a link to a FAQ, and in that FAQ, there is a link to a form that you can fill out. Link to comment Share on other sites More sharing options...
apo_1 Posted November 1, 2017 Author Share Posted November 1, 2017 Thanks for your reply. We do not have a commercial license because we ship jasperreports in Debian GNU/Linux based on its free software license. I have read the advisories but they only recommend to upgrade to the latest version. What I am looking for is a patch or the exact commit that fixed the issue, so that we can backport the fix to earlier versions. Upgrading to the latest version is the least preferred option because it might break reverse-depencies. There is also a chance that older versions are not even affected but without more information about this vulnerability we basically remain in the dark.For instance Tomcat [1] has a security page that links to the exact commits which addressed security vulnerabilities. We had hoped Jasperreports would provide the same kind of information.[1] https://tomcat.apache.org/security-7.html#Apache_Tomcat_7.x_vulnerabilities Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now