Parent Directory
| 
Revision Log
Fix subject
| 1 | akien | 966 | type: security |
| 2 | neoclust | 4937 | subject: Updated plexus-archiver package fixes security vulnerability |
| 3 | akien | 966 | CVE: |
| 4 | - CVE-2012-2098 | ||
| 5 | src: | ||
| 6 | 3: | ||
| 7 | core: | ||
| 8 | akien | 967 | - plexus-archiver-2.3-1.1.mga3 |
| 9 | akien | 966 | description: | |
| 10 | Algorithmic complexity vulnerability in the sorting algorithms in bzip2 | ||
| 11 | compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress | ||
| 12 | before 1.4.1 allows remote attackers to cause a denial of service (CPU | ||
| 13 | consumption) via a file with many repeating inputs (CVE-2012-2098). | ||
| 14 | |||
| 15 | plexus-archiver used an embedded copy of the affected code from Apache | ||
| 16 | Commons Compress, and therefore was affected by this. It has been patched | ||
| 17 | to use the apache-commons-compress package, in which this issue has already | ||
| 18 | been fixed, for bzip2 compression and decompression. | ||
| 19 | references: | ||
| 20 | - https://bugs.mageia.org/show_bug.cgi?id=6331 | ||
| 21 | - https://lists.fedoraproject.org/pipermail/package-announce/2012-June/081697.html | ||
| 22 | - https://lists.fedoraproject.org/pipermail/package-announce/2013-May/105060.html | ||
| 23 | tmb | 989 | ID: MGASA-2014-0056 |
| ViewVC Help | |
| Powered by ViewVC 1.1.30 |