Bug#990345: zookeeper: various security issues
Christoph Anton Mitterer
calestyo at scientia.net
Sun Jun 27 14:12:35 BST 2021
Hey.
On Sun, 2021-06-27 at 14:46 +0200, Salvatore Bonaccorso wrote:
> To me this looks like CVEs in other products, but which zookeeper
> uses
> as dependency? Is this correct?
Indeed, but I couldn't find that the zookeeper package depends on these
while it does contain:
zookeeper-3.4.13/src$ find . -iname "*nett*"
./java/main/org/apache/zookeeper/server/NettyServerCnxnFactory.java
./java/main/org/apache/zookeeper/server/NettyServerCnxn.java
./java/test/org/apache/zookeeper/server/NettyServerCnxnTest.java
./java/test/org/apache/zookeeper/test/NioNettySuiteTest.java
./java/test/org/apache/zookeeper/test/NioNettySuiteHammerTest.java
./java/test/org/apache/zookeeper/test/NioNettySuiteBase.java
... so I figured these might still be affected?
And apart from that... if they apparently don't support older versions
anymore, we'd like not even notice should these contain any security
issues.
Cheers,
Chris.
More information about the pkg-java-maintainers
mailing list