[202012] Fix CVE-2017-1000487 security alert (#11635)

Why I did it
Fix CVE-2017-1000487 alert in thrift 0.14.1.
See https://nvd.nist.gov/vuln/detail/CVE-2017-1000487

How I did it
Change the version of org.codehaus.plexus:plexus-utils from 3.0.14 to 3.0.16.
This commit is contained in:
xumia 2022-08-08 12:48:30 +08:00 committed by GitHub
parent 14f93e15c6
commit 1c8c1a6010
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 2 additions and 0 deletions

View File

@ -26,6 +26,7 @@ $(addprefix $(DEST)/, $(MAIN_TARGET)): $(DEST)/% :
patch -p1 < ../patch/0001-Remove-unneeded-packages.patch patch -p1 < ../patch/0001-Remove-unneeded-packages.patch
patch -p1 < ../patch/0002-Remove-minimist-packages.patch patch -p1 < ../patch/0002-Remove-minimist-packages.patch
patch -p1 < ../patch/0003-Remove-underscore-packages.patch patch -p1 < ../patch/0003-Remove-underscore-packages.patch
patch -p1 < ../patch/0002-cve-2017-1000487.patch
DEB_BUILD_OPTIONS=nocheck dpkg-buildpackage -d -rfakeroot -b -us -uc -j$(SONIC_CONFIG_MAKE_JOBS) --admindir $(SONIC_DPKG_ADMINDIR) DEB_BUILD_OPTIONS=nocheck dpkg-buildpackage -d -rfakeroot -b -us -uc -j$(SONIC_CONFIG_MAKE_JOBS) --admindir $(SONIC_DPKG_ADMINDIR)
popd popd

View File

@ -0,0 +1 @@
../../thrift/patch/0002-cve-2017-1000487.patch