[Git][security-tracker-team/security-tracker][master] libcommons-compress-java fixed in sid

Fri, 15 Nov 2024 07:16:58 -0800 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ec78ba85 by Moritz Muehlenhoff at 2024-11-15T16:16:34+01:00
libcommons-compress-java fixed in sid

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -77486,18 +77486,19 @@ CVE-2023-50257 (eProsima Fast DDS (formerly Fast 
RTPS) is a C++ implementation o
        NOTE: 
https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-v5r6-8mvh-cp98
        NOTE: 
https://github.com/eProsima/Fast-DDS/commit/f2e5ceae8fbea0a6c9445a366faaca0b98a8ef86
 CVE-2024-26308 (Allocation of Resources Without Limits or Throttling 
vulnerability in  ...)
-       - libcommons-compress-java <unfixed> (bug #1064414)
+       - libcommons-compress-java 1.27.1-1 (bug #1064414)
        [bookworm] - libcommons-compress-java <no-dsa> (Minor issue)
        [bullseye] - libcommons-compress-java <not-affected> (Vulnerable code 
introduced later)
        [buster] - libcommons-compress-java <not-affected> (Vulnerable code 
introduced later)
        NOTE: https://www.openwall.com/lists/oss-security/2024/02/19/2
 CVE-2024-25710 (Loop with Unreachable Exit Condition ('Infinite Loop') 
vulnerability i ...)
-       - libcommons-compress-java <unfixed> (bug #1064413)
+       - libcommons-compress-java 1.27.1-1 (bug #1064413)
        [bookworm] - libcommons-compress-java <no-dsa> (Minor issue)
        [bullseye] - libcommons-compress-java <no-dsa> (Minor issue)
        [buster] - libcommons-compress-java <no-dsa> (Minor issue)
        NOTE: https://www.openwall.com/lists/oss-security/2024/02/19/1
        NOTE: Related to and fixed by 
https://issues.apache.org/jira/browse/COMPRESS-632
+       NOTE: 
https://github.com/apache/commons-compress/commit/8a9a5847c04ae39a1d45b365f8bb82022466067d
 (commons-compress-1.26.0-RC1)
 CVE-2024-23114 (Deserialization of Untrusted Data vulnerability in Apache 
Camel Cassan ...)
        NOT-FOR-US: Apache Camel
 CVE-2024-22369 (Deserialization of Untrusted Data vulnerability in Apache 
Camel SQL Co ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec78ba850dbef91f0f375b9e9b10829f0f49b1a6

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec78ba850dbef91f0f375b9e9b10829f0f49b1a6
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to