Security issues with BIRT

MarceloHC · May 26, 2017

<p>Good day. Recently, I've notice that the following JAR APIs embedded into the BIRT framework have security vulnerabilities and exposures opened against them.<br><br>
Do you have any plan to address these security issues? Thanks a lot in advance.<br>
</p>
<div><strong>axis.jar</strong></div>
<div>CVE-2012-5784</div>
<div>CVE-2014-3596</div>
<div> </div>
<div><strong>derby.jar</strong></div>
<div>CVE-2009-4269</div>
<div>CVE-2015-1832</div>
<div> </div>
<div><strong>org.apache.batik.css_1.6.0.v201011041432.jar</strong></div>
<div>CVE-2015-0250</div>
<div> </div>
<div><strong>org.apache.batik.pdf_1.6.0.v201105071520.jar</strong></div>
<div>CVE-2015-0250</div>
<div> </div>
<div><strong>org.apache.poi_3.9.0.v201303080712.jar</strong></div>
<div>CVE-2014-3529</div>
<div>CVE-2014-3574</div>
<div>CVE-2014-9527</div>
<div>CVE-2016-5000</div>
<div>CVE-2017-5644</div>
<div> </div>
<div><strong>org.eclipse.birt.report.data.oda.excel_4.4.1.v201408290142.jar: poi-ooxml-3.9-20121203.jar </strong></div>
<div>CVE-2014-3529</div>
<div>CVE-2014-3574</div>
<div>CVE-2014-9527</div>
<div>CVE-2016-5000</div>
<div>CVE-2017-5644</div>
<div> </div>
<div><strong>poi-ooxml-3.9-20121203.jar </strong></div>
<div>CVE-2014-3529</div>
<div>CVE-2014-3574</div>
<div>CVE-2014-9527</div>
<div>CVE-2016-5000</div>
<div>CVE-2017-5644</div>
<p><br>
</p>

Virgil Dodson · May 26, 2017

<p>Hi Marcelo, the way to communicate to the BIRT development team is through Eclipse Bugzilla <a data-ipb='nomediaparse' href='https://bugs.eclipse.org/bugs/enter_bug.cgi?product=BIRT'>https://bugs.eclipse.org/bugs/enter_bug.cgi?product=BIRT</a></p>
<p> </p>
<p>I did a quick search in Bugzilla and can see most of the vulnerabilities listed above have been reported for POI, Batik, and Axis. If there are vulnerabilities with Derby that effect you and other BIRT users, please report it in Bugzilla.</p>
<p> </p>
<p><a data-ipb='nomediaparse' href='https://bugs.eclipse.org/bugs/show_bug.cgi?id=480067'>https://bugs.eclipse.org/bugs/show_bug.cgi?id=480067</a></p>
<p><a data-ipb='nomediaparse' href='https://bugs.eclipse.org/bugs/show_bug.cgi?id=517094'>https://bugs.eclipse.org/bugs/show_bug.cgi?id=517094</a></p>
<p><a data-ipb='nomediaparse' href='https://bugs.eclipse.org/bugs/show_bug.cgi?id=452427'>https://bugs.eclipse.org/bugs/show_bug.cgi?id=452427</a></p>
<p> </p>
<p>In Bugzilla, you can vote up the priority of a bug, add additional details, and add yourself to the CC list to get notified whenever that bug changes.</p>

MarceloHC · May 30, 2017

<p>Thanks for the prompt reply. I've opened the bug report:<br><br><a data-ipb='nomediaparse' href='https://bugs.eclipse.org/bugs/show_bug.cgi?id=517472'>https://bugs.eclipse.org/bugs/show_bug.cgi?id=517472</a></p>
<p> </p>
<p>As this is security related issue, do you know how this request can be expedited / prioritized? </p>
<p> </p>
<p>Thanks in advance.</p>

Security issues with BIRT

Comments

Categories