pool/apache-commons-compress
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

OBS-URL: https://build.opensuse.org/package/show/Java:packages/apache-commons-compress?expand=0&rev=20

Browse Source
This commit is contained in:
Fridrich Strba 2021-07-20 07:31:52 +00:00 committed by Git OBS Bridge
parent f1a1e1f506
commit 339061b9bf
1 changed files with 12 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
apache-commons-compress.changes
View File

@ -4,24 +4,24 @@ Tue Jul 20 07:17:33 UTC 2021 - Fridrich Strba <fstrba@suse.com>
- Updated to 1.21
* When reading a specially crafted 7Z archive, the construction of
the list of codecs that decompress an entry can result in an
infinite loop. This could be used to mount a denial of service
attack against services that use Compress' sevenz package.
(CVE-2021-35515, bsc#1188463)
infinite loop. This could be used to mount a denial of service
attack against services that use Compress' sevenz package.
(CVE-2021-35515, bsc#1188463)
* When reading a specially crafted 7Z archive, Compress can be
made to allocate large amounts of memory that finally leads to
an out of memory error even for very small inputs. This could
be used to mount a denial of service attack against services
that use Compress' sevenz package. (CVE-2021-35516, bsc#1188464)
an out of memory error even for very small inputs. This could
be used to mount a denial of service attack against services
that use Compress' sevenz package. (CVE-2021-35516, bsc#1188464)
* When reading a specially crafted TAR archive, Compress can be
made to allocate large amounts of memory that finally leads to
an out of memory error even for very small inputs. This could be
used to mount a denial of service attack against services that
use Compress' tar package. (CVE-2021-35517, bsc#1188465)
an out of memory error even for very small inputs. This could be
used to mount a denial of service attack against services that
use Compress' tar package. (CVE-2021-35517, bsc#1188465)
* When reading a specially crafted ZIP archive, Compress can be
made to allocate large amounts of memory that finally leads to
an out of memory error even for very small inputs. This could
be used to mount a denial of service attack against services
that use Compress' zip package. (CVE-2021-36090, bsc#1188466)
an out of memory error even for very small inputs. This could
be used to mount a denial of service attack against services
that use Compress' zip package. (CVE-2021-36090, bsc#1188466)
- New dependency on asm3 for Pack200 compressor
- Rebased patch fix_java_8_compatibility.patch to a new context and
added some new ocurrences