rpm/apache-commons-compress
SHA256
1
0
Fork 0
forked from pool/apache-commons-compress
Code Pull Requests Activity

OBS-URL: https://build.opensuse.org/package/show/Java:packages/apache-commons-compress?expand=0&rev=20

Browse Source
This commit is contained in:
Fridrich Strba 2021-07-20 07:31:52 +00:00 committed by Git OBS Bridge
parent f1a1e1f506
commit 339061b9bf
1 changed files with 12 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
apache-commons-compress.changes
View File

@ -4,24 +4,24 @@ Tue Jul 20 07:17:33 UTC 2021 - Fridrich Strba <fstrba@suse.com>
- Updated to 1.21 - Updated to 1.21
* When reading a specially crafted 7Z archive, the construction of * When reading a specially crafted 7Z archive, the construction of
the list of codecs that decompress an entry can result in an the list of codecs that decompress an entry can result in an
infinite loop. This could be used to mount a denial of service infinite loop. This could be used to mount a denial of service
attack against services that use Compress' sevenz package. attack against services that use Compress' sevenz package.
(CVE-2021-35515, bsc#1188463) (CVE-2021-35515, bsc#1188463)
* When reading a specially crafted 7Z archive, Compress can be * When reading a specially crafted 7Z archive, Compress can be
made to allocate large amounts of memory that finally leads to made to allocate large amounts of memory that finally leads to
an out of memory error even for very small inputs. This could an out of memory error even for very small inputs. This could
be used to mount a denial of service attack against services be used to mount a denial of service attack against services
that use Compress' sevenz package. (CVE-2021-35516, bsc#1188464) that use Compress' sevenz package. (CVE-2021-35516, bsc#1188464)
* When reading a specially crafted TAR archive, Compress can be * When reading a specially crafted TAR archive, Compress can be
made to allocate large amounts of memory that finally leads to made to allocate large amounts of memory that finally leads to
an out of memory error even for very small inputs. This could be an out of memory error even for very small inputs. This could be
used to mount a denial of service attack against services that used to mount a denial of service attack against services that
use Compress' tar package. (CVE-2021-35517, bsc#1188465) use Compress' tar package. (CVE-2021-35517, bsc#1188465)
* When reading a specially crafted ZIP archive, Compress can be * When reading a specially crafted ZIP archive, Compress can be
made to allocate large amounts of memory that finally leads to made to allocate large amounts of memory that finally leads to
an out of memory error even for very small inputs. This could an out of memory error even for very small inputs. This could
be used to mount a denial of service attack against services be used to mount a denial of service attack against services
that use Compress' zip package. (CVE-2021-36090, bsc#1188466) that use Compress' zip package. (CVE-2021-36090, bsc#1188466)
- New dependency on asm3 for Pack200 compressor - New dependency on asm3 for Pack200 compressor
- Rebased patch fix_java_8_compatibility.patch to a new context and - Rebased patch fix_java_8_compatibility.patch to a new context and
added some new ocurrences added some new ocurrences