Hi Ruchika,
We are looking into this. A couple of quick questions:
-
What testing tool are you using?
-
BIRT 3.7.2 is an older BIRT release. Have you tested with BIRT 4.3.2 or 4.4?
Thanks.
Paul.
From: birt-report-engine-dev-bounces@xxxxxxxxxxx [mailto:birt-report-engine-dev-bounces@xxxxxxxxxxx]
On Behalf Of Ruchika Mahajan
Sent: Monday, June 23, 2014 10:45 PM
To: birt-report-engine-dev@xxxxxxxxxxx
Subject: [birt-report-engine-dev] Vulnerabilities in Eclipse BIRT jars
I am using Eclipse BIRT 3.7.2 runtime environment. While scanning its libraries, came across many high vulnerabilities in below three jars.
org.eclipse.datatools.enablement.ibm.db2.luw.dbdefinition_1.0.4.v201107221502.jar
org.eclipse.datatools.enablement.ibm.db2.luw_1.0.2.v201107221502.jar
Issues(CVE-2008-4692,CVE-2007-3676,CVE-2007-2582,CVE-2012-3324,CVE-2008-0699,CVE-2008-1998,CVE-2007-5652,CVE-2011-0731,CVE-2008-3958,CVE-2007-5090)
org.eclipse.datatools.enablement.mysql_1.0.2.v201109022323.jar
(Issues: CVE-2004-0836,CVE-2008-0226,CVE-2004-0835,CVE-2001-1454,CVE-2001-1274,CVE-2001-1275)
I scanned the latest version of BIRT 4.3.2 also but results are same. Please let me know do we have fix for any of these problems for these jars.
|