[
https://issues.apache.org/jira/browse/TIKA-932?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jukka Zitting resolved TIKA-932.
--------------------------------
Resolution: Fixed
Done in revisions 1355521 and 1355562.
In addition to simply upgrading the dependency I also modified the relevant
parser and detector code to take advantage of some of the new features
(autodetection, new supported formats, etc.) in Commons Compress 1.4.1.
> Upgrade to Commons Compress 1.4.1
> ---------------------------------
>
> Key: TIKA-932
> URL: https://issues.apache.org/jira/browse/TIKA-932
> Project: Tika
> Issue Type: Improvement
> Components: parser
> Reporter: Jukka Zitting
> Assignee: Jukka Zitting
> Priority: Minor
> Labels: security
> Fix For: 1.2
>
>
> There's a denial of service vulnerability (CVE-2012-2098) in Commons Compress
> versions up to 1.4 (we currently use 1.3) that can be triggered with a
> specially crafted bzip2 document.
> Tika already has higher-level features (ForkParser, etc.) for dealing with
> problems like this, but it would in any case be good to upgrade our Commons
> Compress dependency to the new 1.4.1 release that fixes the vulnerability.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
