creadur-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Philipp Ottlinger (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (RAT-214) Update commons-compress and apache-ant due to security problems
Date Mon, 14 Mar 2016 20:51:33 GMT

     [ https://issues.apache.org/jira/browse/RAT-214?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Philipp Ottlinger resolved RAT-214.
-----------------------------------
    Resolution: Fixed

applied updates via
URL: http://svn.apache.org/viewvc?rev=1734995&view=rev
* ANT: 1.7.1 -> 1.9.6
* COMPRESS: 1.5 -> 1.10

> Update commons-compress and apache-ant due to security problems
> ---------------------------------------------------------------
>
>                 Key: RAT-214
>                 URL: https://issues.apache.org/jira/browse/RAT-214
>             Project: Apache Rat
>          Issue Type: Bug
>    Affects Versions: 0.11
>            Reporter: Philipp Ottlinger
>            Assignee: Philipp Ottlinger
>             Fix For: 0.12
>
>
> Try to update 
> * commons-compress
> * apache-ant
> due to possible security problems.
> h3. Context
> Algorithmic complexity vulnerability in the sorting algorithms in
> bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons
> Compress before 1.4.1 and Apache Ant before 1.8.4 allows remote
> attackers to cause a denial of service (CPU consumption) via a file with
> many repeating inputs.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message