Security issues with BIRT
<p>Good day. Recently, I've notice that the following JAR APIs embedded into the BIRT framework have security vulnerabilities and exposures opened against them.<br><br>
Do you have any plan to address these security issues? Thanks a lot in advance.<br>
</p>
<div><strong>axis.jar</strong></div>
<div>CVE-2012-5784</div>
<div>CVE-2014-3596</div>
<div> </div>
<div><strong>derby.jar</strong></div>
<div>CVE-2009-4269</div>
<div>CVE-2015-1832</div>
<div> </div>
<div><strong>org.apache.batik.css_1.6.0.v201011041432.jar</strong></div>
<div>CVE-2015-0250</div>
<div> </div>
<div><strong>org.apache.batik.pdf_1.6.0.v201105071520.jar</strong></div>
<div>CVE-2015-0250</div>
<div> </div>
<div><strong>org.apache.poi_3.9.0.v201303080712.jar</strong></div>
<div>CVE-2014-3529</div>
<div>CVE-2014-3574</div>
<div>CVE-2014-9527</div>
<div>CVE-2016-5000</div>
<div>CVE-2017-5644</div>
<div> </div>
<div><strong>org.eclipse.birt.report.data.oda.excel_4.4.1.v201408290142.jar: poi-ooxml-3.9-20121203.jar </strong></div>
<div>CVE-2014-3529</div>
<div>CVE-2014-3574</div>
<div>CVE-2014-9527</div>
<div>CVE-2016-5000</div>
<div>CVE-2017-5644</div>
<div> </div>
<div><strong>poi-ooxml-3.9-20121203.jar </strong></div>
<div>CVE-2014-3529</div>
<div>CVE-2014-3574</div>
<div>CVE-2014-9527</div>
<div>CVE-2016-5000</div>
<div>CVE-2017-5644</div>
<p><br>
</p>
Do you have any plan to address these security issues? Thanks a lot in advance.<br>
</p>
<div><strong>axis.jar</strong></div>
<div>CVE-2012-5784</div>
<div>CVE-2014-3596</div>
<div> </div>
<div><strong>derby.jar</strong></div>
<div>CVE-2009-4269</div>
<div>CVE-2015-1832</div>
<div> </div>
<div><strong>org.apache.batik.css_1.6.0.v201011041432.jar</strong></div>
<div>CVE-2015-0250</div>
<div> </div>
<div><strong>org.apache.batik.pdf_1.6.0.v201105071520.jar</strong></div>
<div>CVE-2015-0250</div>
<div> </div>
<div><strong>org.apache.poi_3.9.0.v201303080712.jar</strong></div>
<div>CVE-2014-3529</div>
<div>CVE-2014-3574</div>
<div>CVE-2014-9527</div>
<div>CVE-2016-5000</div>
<div>CVE-2017-5644</div>
<div> </div>
<div><strong>org.eclipse.birt.report.data.oda.excel_4.4.1.v201408290142.jar: poi-ooxml-3.9-20121203.jar </strong></div>
<div>CVE-2014-3529</div>
<div>CVE-2014-3574</div>
<div>CVE-2014-9527</div>
<div>CVE-2016-5000</div>
<div>CVE-2017-5644</div>
<div> </div>
<div><strong>poi-ooxml-3.9-20121203.jar </strong></div>
<div>CVE-2014-3529</div>
<div>CVE-2014-3574</div>
<div>CVE-2014-9527</div>
<div>CVE-2016-5000</div>
<div>CVE-2017-5644</div>
<p><br>
</p>
0
Comments
-
<p>Hi Marcelo, the way to communicate to the BIRT development team is through Eclipse Bugzilla <a data-ipb='nomediaparse' href='https://bugs.eclipse.org/bugs/enter_bug.cgi?product=BIRT'>https://bugs.eclipse.org/bugs/enter_bug.cgi?product=BIRT</a></p>
<p> </p>
<p>I did a quick search in Bugzilla and can see most of the vulnerabilities listed above have been reported for POI, Batik, and Axis. If there are vulnerabilities with Derby that effect you and other BIRT users, please report it in Bugzilla.</p>
<p> </p>
<p><a data-ipb='nomediaparse' href='https://bugs.eclipse.org/bugs/show_bug.cgi?id=480067'>https://bugs.eclipse.org/bugs/show_bug.cgi?id=480067</a></p>
<p><a data-ipb='nomediaparse' href='https://bugs.eclipse.org/bugs/show_bug.cgi?id=517094'>https://bugs.eclipse.org/bugs/show_bug.cgi?id=517094</a></p>
<p><a data-ipb='nomediaparse' href='https://bugs.eclipse.org/bugs/show_bug.cgi?id=452427'>https://bugs.eclipse.org/bugs/show_bug.cgi?id=452427</a></p>
<p> </p>
<p>In Bugzilla, you can vote up the priority of a bug, add additional details, and add yourself to the CC list to get notified whenever that bug changes.</p>
Warning No formatter is installed for the format ipb0 -
<p>Thanks for the prompt reply. I've opened the bug report:<br><br><a data-ipb='nomediaparse' href='https://bugs.eclipse.org/bugs/show_bug.cgi?id=517472'>https://bugs.eclipse.org/bugs/show_bug.cgi?id=517472</a></p>
<p> </p>
<p>As this is security related issue, do you know how this request can be expedited / prioritized? </p>
<p> </p>
<p>Thanks in advance.</p>
0
Categories
- All Categories
- 108 Developer Announcements
- 53 Articles
- 106 General Questions
- 144 IM Services
- 43 OpenText Hackathon
- 32 Developer Tools
- 20.6K Analytics
- 4.1K AppWorks
- 8.9K Extended ECM
- 899 Cloud Fax and Notifications
- 77 Digital Asset Management
- 9.3K Documentum
- 29 eDOCS
- 120 Exstream
- 39.8K TeamSite
- 1.7K Web Experience Management