Modified: websites/production/commons/content/proper/commons-compress/scm.html ============================================================================== --- websites/production/commons/content/proper/commons-compress/scm.html (original) +++ websites/production/commons/content/proper/commons-compress/scm.html Sat Jul 31 12:55:57 2021 @@ -1,13 +1,13 @@ <!DOCTYPE html> <!-- - | Generated by Apache Maven Doxia at 12 July 2021 + | Generated by Apache Maven Doxia at 31 July 2021 | Rendered using Apache Maven Fluido Skin 1.3.0 --> <html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en" lang="en"> <head> <meta charset="iso-8859-1" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> - <meta name="Date-Revision-yyyymmdd" content="20210712" /> + <meta name="Date-Revision-yyyymmdd" content="20210731" /> <meta http-equiv="Content-Language" content="en" /> <title>Commons Compress – Source Code Management</title> @@ -40,7 +40,7 @@ <a class="brand" href="https://commons.apache.org/proper/commons-compress/";>Apache Commons Compress ™</a> <ul class="nav"> - <li id="publishDate">Last Published: 12 July 2021</li> + <li id="publishDate">Last Published: 31 July 2021</li> <li class="divider">|</li> <li id="projectVersion">Version: 1.21</li> </ul> <div class="pull-right"> <ul class="nav">
Modified: websites/production/commons/content/proper/commons-compress/security-reports.html ============================================================================== --- websites/production/commons/content/proper/commons-compress/security-reports.html (original) +++ websites/production/commons/content/proper/commons-compress/security-reports.html Sat Jul 31 12:55:57 2021 @@ -1,6 +1,6 @@ <!DOCTYPE html> <!-- - | Generated by Apache Maven Doxia at 12 July 2021 + | Generated by Apache Maven Doxia at 31 July 2021 | Rendered using Apache Maven Fluido Skin 1.3.0 --> <html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en" lang="en"> @@ -8,7 +8,7 @@ <meta charset="iso-8859-1" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <meta name="author" content="Commons Documentation Team" /> - <meta name="Date-Revision-yyyymmdd" content="20210712" /> + <meta name="Date-Revision-yyyymmdd" content="20210731" /> <meta http-equiv="Content-Language" content="en" /> <title>Commons Compress – Commons Compress Security Reports</title> @@ -41,7 +41,7 @@ <a class="brand" href="https://commons.apache.org/proper/commons-compress/";>Apache Commons Compress ™</a> <ul class="nav"> - <li id="publishDate">Last Published: 12 July 2021</li> + <li id="publishDate">Last Published: 31 July 2021</li> <li class="divider">|</li> <li id="projectVersion">Version: 1.21</li> </ul> <div class="pull-right"> <ul class="nav"> @@ -334,101 +334,6 @@ privately to the Apache Security Team. Thank you.</p> <section> -<h3><a name="Fixed_in_Apache_Commons_Compress_1.21"></a>Fixed in Apache Commons Compress 1.21</h3> - -<p><b>Low: Denial of Service</b> <a class="externalLink" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35515";>CVE-2021-35515</a></p> - - -<p>When reading a specially crafted 7Z archive, the construction of the - list of codecs that decompress an entry can result in an infinite - loop. This could be used to mount a denial of service attack against - services that use Compress' sevenz package.</p> - - -<p>This was fixed in revision <a class="externalLink" href="https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=3fe6b42110dc56d0d6fe0aaf80cfecb8feea5321";>3fe6b42</a>.</p> - - -<p>This issue was discovered by OSS Fuzz.</p> - - -<p>Affects: 1.6 - 1.20</p> - - -<p><b>Low: Denial of Service</b> <a class="externalLink" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35516";>CVE-2021-35516</a></p> - - -<p>When reading a specially crafted 7Z archive, Compress can be made to - allocate large amounts of memory that finally leads to an out of memory - error even for very small inputs. This could be used to mount a denial - of service attack against services that use Compress' sevenz package.</p> - - -<p>This was fixed in revisions - <a class="externalLink" href="https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=26924e96c7730db014c310757e11c9359db07f3e";>26924e9</a>, - <a class="externalLink" href="https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=c51de6cfaec75b21566374158f25e1734c3a94cb";>c51de6c</a>, - <a class="externalLink" href="https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=0aba8b8fd8053ae323f15d736d1762b2161c76a6";>0aba8b8</a>, - <a class="externalLink" href="https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=60d551a748236d7f4651a4ae88d5a351f7c5754b";>60d551a</a>, - <a class="externalLink" href="https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=bf5a5346ae04b9d2a5b0356ca75f11dcc8d94789";>bf5a534</a>, - <a class="externalLink" href="https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=5761493cbaf7a7d608a3b68f4d61aaa822dbeb4f";>5761493</a>, - and <a class="externalLink" href="https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=ae2b27cc011f47f0289cb24a11f2d4f1db711f8a";>ae2b27c</a> - .</p> - - -<p>This issue was first reported to the project's issue tracker as - <a class="externalLink" href="https://issues.apache.org/jira/browse/COMPRESS-542";>COMPRESS-542</a> - by Robin Schimpf. - Later OSS Fuzz detected ways to exploit this issue which managed to - escape the initial attempt to fix it.</p> - - -<p>Affects: 1.6 - 1.20</p> - - -<p><b>Low: Denial of Service</b> <a class="externalLink" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35517";>CVE-2021-35517</a></p> - - -<p>When reading a specially crafted TAR archive, Compress - can be made to allocate large amounts of memory that finally - leads to an out of memory error even for very small - inputs. This could be used to mount a denial of service - attack against services that use Compress' tar package.</p> - - -<p>This was fixed in revisions - <a class="externalLink" href="https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=d0af873e77d16f41edfef7b69da5c8c35c96a650";>d0af873</a>, - <a class="externalLink" href="https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=7ce1b0796d6cbe1f41b969583bd49f33ae0efef0";>7ce1b07</a> - and <a class="externalLink" href="https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=80124dd9fe4b0a0b2e203ca19aacac8cd0afc96f";>80124dd</a>.</p> - - -<p>This issue was discovered by OSS Fuzz.</p> - - -<p>Affects: 1.1 - 1.20</p> - - -<p><b>Low: Denial of Service</b> <a class="externalLink" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36090";>CVE-2021-36090</a></p> - - -<p>When reading a specially crafted ZIP archive, Compress - can be made to allocate large amounts of memory that finally - leads to an out of memory error even for very small - inputs. This could be used to mount a denial of service - attack against services that use Compress' zip package.</p> - - -<p>This was fixed in revisions - <a class="externalLink" href="https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=ef5d70b625000e38404194aaab311b771c44efda";>ef5d70b</a> - and <a class="externalLink" href="https://gitbox.apache.org/repos/asf?p=commons-compress.git;a=commit;h=80124dd9fe4b0a0b2e203ca19aacac8cd0afc96f";>80124dd</a>.</p> - - -<p>This issue was discovered by OSS Fuzz.</p> - - -<p>Affects: 1.0 - 1.20</p> - - </section> - - <section> <h3><a name="Fixed_in_Apache_Commons_Compress_1.19"></a>Fixed in Apache Commons Compress 1.19</h3> <p><b>Low: Denial of Service</b> <a class="externalLink" href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12402";>CVE-2019-12402</a></p> Modified: websites/production/commons/content/proper/commons-compress/summary.html ============================================================================== --- websites/production/commons/content/proper/commons-compress/summary.html (original) +++ websites/production/commons/content/proper/commons-compress/summary.html Sat Jul 31 12:55:57 2021 @@ -1,13 +1,13 @@ <!DOCTYPE html> <!-- - | Generated by Apache Maven Doxia at 12 July 2021 + | Generated by Apache Maven Doxia at 31 July 2021 | Rendered using Apache Maven Fluido Skin 1.3.0 --> <html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en" lang="en"> <head> <meta charset="iso-8859-1" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> - <meta name="Date-Revision-yyyymmdd" content="20210712" /> + <meta name="Date-Revision-yyyymmdd" content="20210731" /> <meta http-equiv="Content-Language" content="en" /> <title>Commons Compress – Project Summary</title> @@ -40,7 +40,7 @@ <a class="brand" href="https://commons.apache.org/proper/commons-compress/";>Apache Commons Compress ™</a> <ul class="nav"> - <li id="publishDate">Last Published: 12 July 2021</li> + <li id="publishDate">Last Published: 31 July 2021</li> <li class="divider">|</li> <li id="projectVersion">Version: 1.21</li> </ul> <div class="pull-right"> <ul class="nav">
