Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix CVE-2017-1000487 security alert (#7173) #7278

Merged
merged 1 commit into from
Jul 7, 2021
Merged

Fix CVE-2017-1000487 security alert (#7173) #7278

merged 1 commit into from
Jul 7, 2021

Conversation

xumia
Copy link
Collaborator

@xumia xumia commented Apr 9, 2021
edited
Loading

Why I did it

Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings.

Upgrade to 3.0.16

How I did it

How to verify it

Which release branch to backport (provide reason below if selected)

  • 201811
  • 201911
  • 202006
  • 202012

Description for the changelog

A picture of a cute animal (not mandatory but encouraged)

@xumia
Fix CVE-2017-1000487 security alert (sonic-net#7173)
dc1828d 
Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings.

Upgrade to 3.0.16
qiluo-msft
qiluo-msft approved these changes Apr 9, 2021
View reviewed changes
Copy link
Collaborator

@qiluo-msft qiluo-msft left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

@xumia
Copy link
Collaborator Author

xumia commented Apr 28, 2021

/azp run

@azure-pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@xumia
Copy link
Collaborator Author

xumia commented Jul 7, 2021

/azp run

@azure-pipelines
Copy link

Azure Pipelines could not run because the pipeline triggers exclude this branch/path.

@xumia
Copy link
Collaborator Author

xumia commented Jul 7, 2021

/azp run

@azure-pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@xumia xumia merged commit 29311dc into sonic-net:201811 Jul 7, 2021
@xumia xumia deleted the security_CVE-2017-1000487_for_201811 branch July 7, 2021 23:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@qiluo-msft qiluo-msft qiluo-msft approved these changes

Assignees
No one assigned
Labels
Included in 201811 Branch
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@xumia @qiluo-msft @yxieca