[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [birt-report-engine-dev] Vulnerabilities in Eclipse BIRT jars

Hi Paul,

Thanks for looking into this.
--   I am using OWASP Dependency Check tool for testing the vulnerabilities.
--   Yes, I scanned BIRT 4.3.2 and 4.4 also but the results are same for these jars.

BR,
Ruchika


On Fri, Jun 27, 2014 at 3:52 AM, Paul Clenahan <PClenahan@xxxxxxxxxxx> wrote:

Hi Ruchika,

 

We are looking into this. A couple of quick questions:

 

-          What testing tool are you using?

-          BIRT 3.7.2 is an older BIRT release. Have you tested with BIRT 4.3.2 or 4.4?

 

Thanks.

 

Paul.

 

From: birt-report-engine-dev-bounces@xxxxxxxxxxx [mailto:birt-report-engine-dev-bounces@xxxxxxxxxxx] On Behalf Of Ruchika Mahajan
Sent: Monday, June 23, 2014 10:45 PM
To: birt-report-engine-dev@xxxxxxxxxxx
Subject: [birt-report-engine-dev] Vulnerabilities in Eclipse BIRT jars

 

Hi,

 

I am using Eclipse BIRT 3.7.2 runtime environment. While scanning its libraries, came across many high vulnerabilities in below three jars.

 

org.eclipse.datatools.enablement.ibm.db2.luw.dbdefinition_1.0.4.v201107221502.jar

org.eclipse.datatools.enablement.ibm.db2.luw_1.0.2.v201107221502.jar

Issues(CVE-2008-4692,CVE-2007-3676,CVE-2007-2582,CVE-2012-3324,CVE-2008-0699,CVE-2008-1998,CVE-2007-5652,CVE-2011-0731,CVE-2008-3958,CVE-2007-5090)

org.eclipse.datatools.enablement.mysql_1.0.2.v201109022323.jar

(Issues: CVE-2004-0836,CVE-2008-0226,CVE-2004-0835,CVE-2001-1454,CVE-2001-1274,CVE-2001-1275)

 

I scanned the latest version of BIRT 4.3.2 also but results are same. Please let me know do we have fix for any of these problems for these jars.

 

Thanks in Advance!

Ruchika


_______________________________________________
birt-report-engine-dev mailing list
birt-report-engine-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/birt-report-engine-dev