Anonymous | Login
Project:
RSS
  
News | My View | View Issues | Roadmap | Summary

View Issue DetailsJump to Notes ] Issue History ] Print ]
ID
0042747
TypeCategorySeverityReproducibilityDate SubmittedLast Update
backport[Openbravo ERP] A. Platformminorhave not tried2020-01-08 15:152020-01-10 09:15
ReporteralostaleView Statuspublic 
Assigned Toalostale 
PrioritynormalResolutionfixedFixed in Version3.0PR20Q1
StatusclosedFix in branchFixed in SCM revision223d941a1d73
ProjectionnoneETAnoneTarget Version3.0PR20Q1
OSAnyDatabaseAnyJava version
OS VersionDatabase versionAnt version
Product VersionSCM revision 
Review Assigned Tocaristu
Web browser
ModulesCore
Regression level
Regression date
Regression introduced in release
Regression introduced by commit
Triggers an Emergency PackNo
Summary

0042747: CVE in quartz 2.3.1

DescriptionCurrent quartz 2.3.1 has a known vulnerability (CVE-2019-13990 [1]).

Even it is not exploitable for Openbravo as it only affects in case jobs are defined as xml files, we should get updated to the latest version.

[1] https://nvd.nist.gov/vuln/detail/2019-13990 [^]
Steps To ReproduceNot exploitable for Openbravo (see description).
Proposed SolutionUpdate to current latest version 2.3.2 which solves the issue [1].

[1] https://github.com/quartz-scheduler/quartz/issues/467 [^]
TagsNo tags attached.
Attached Files

- Relationships Relation Graph ] Dependency Graph ]
blocks defect 0042746 closedalostale CVE in quartz 2.3.1 

-  Notes
(0116754)
hgbot (developer)
2020-01-10 09:02

Repository: erp/backports/3.0PR20Q1
Changeset: 223d941a1d73e88d9df300791d5dffb083661b79
Author: Asier Lostalé <asier.lostale <at> openbravo.com>
Date: Wed Jan 08 15:20:48 2020 +0100
URL: http://code.openbravo.com/erp/backports/3.0PR20Q1/rev/223d941a1d73e88d9df300791d5dffb083661b79 [^]

fixed BUG-42747: CVE in quartz 2.3.1

  Updated quartz to 2.3.2 to solve reported CVE.

---
M legal/Licensing.txt
A lib/runtime/quartz-2.3.2.jar
R lib/runtime/quartz-2.3.1.jar
---
(0116756)
caristu (developer)
2020-01-10 09:15

Reviewed

- Issue History
Date Modified Username Field Change
2020-01-08 15:33 alostale Type defect => backport
2020-01-08 15:33 alostale Target Version => 3.0PR20Q1
2020-01-08 15:33 alostale Assigned To platform => alostale
2020-01-10 09:02 hgbot Checkin
2020-01-10 09:02 hgbot Note Added: 0116754
2020-01-10 09:02 hgbot Status scheduled => resolved
2020-01-10 09:02 hgbot Resolution open => fixed
2020-01-10 09:02 hgbot Fixed in SCM revision => http://code.openbravo.com/erp/backports/3.0PR20Q1/rev/223d941a1d73e88d9df300791d5dffb083661b79 [^]
2020-01-10 09:15 caristu Note Added: 0116756
2020-01-10 09:15 caristu Status resolved => closed
2020-01-10 09:15 caristu Fixed in Version => 3.0PR20Q1


Copyright © 2000 - 2009 MantisBT Group
Powered by Mantis Bugtracker