Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Resolve CVE-2024-43485 #671

Closed
wants to merge 1 commit into from
Closed

Resolve CVE-2024-43485 #671

wants to merge 1 commit into from

Conversation

borrow-checker
Copy link

@borrow-checker borrow-checker added sdk-net Pull requests that update KSM .NET SDK code dependencies Pull requests that update a dependency file labels Oct 9, 2024
@borrow-checker borrow-checker self-assigned this Oct 9, 2024
idimov-keeper
idimov-keeper reviewed Oct 9, 2024
View reviewed changes
Copy link
Collaborator

@idimov-keeper idimov-keeper left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

8.05 is still affected version
Patched versions are: 8.0.10 (or 6.0.35)
see GHSA-8g4q-xg66-9fp4

@idimov-keeper idimov-keeper changed the base branch from master to release/sdk/dotnet/core/v16.6.8 October 9, 2024 15:26
@borrow-checker
Copy link
Author

8.05 is still affected version Patched versions are: 8.0.10 (or 6.0.35) see GHSA-8g4q-xg66-9fp4

@idimov-keeper
According to that advisory 8.0.5 is the patched version. Furthermore, 8.0.10 doesn't exist on nuget.

@mike-jumper
Copy link

8.05 is still affected version Patched versions are: 8.0.10 (or 6.0.35) see GHSA-8g4q-xg66-9fp4

@idimov-keeper According to that advisory 8.0.5 is the patched version. Furthermore, 8.0.10 doesn't exist on nuget.

FYI:

If GitHub's advisory notes 8.0.5, it might just be wrong. I have yet to find any documentation outside GitHub's advisory that supports 8.0.5 as being the fixed version.

@borrow-checker
Copy link
Author

borrow-checker commented Oct 9, 2024
edited
Loading

8.05 is still affected version Patched versions are: 8.0.10 (or 6.0.35) see GHSA-8g4q-xg66-9fp4

@idimov-keeper According to that advisory 8.0.5 is the patched version. Furthermore, 8.0.10 doesn't exist on nuget.

FYI:

If GitHub's advisory notes 8.0.5, it might just be wrong. I have yet to find any documentation outside GitHub's advisory that supports 8.0.5 as being the fixed version.

@mike-jumper that's the .NET sdk build not the library version
If you look at nuget, it's the latest stable release, and released like 15 hours ago

@idimov-keeper idimov-keeper deleted the CVE-2024-43485 branch December 13, 2024 01:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@idimov-keeper idimov-keeper idimov-keeper approved these changes

@saldoukhov saldoukhov Awaiting requested review from saldoukhov saldoukhov is a code owner

@maksimu maksimu Awaiting requested review from maksimu maksimu is a code owner

Assignees

@borrow-checker borrow-checker

Labels
dependencies Pull requests that update a dependency file sdk-net Pull requests that update KSM .NET SDK code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@borrow-checker @mike-jumper @idimov-keeper