svn commit: r1085481 [3/4] - in /websites/production/commons/content/proper/commons-compress: Apache Commons Compress-1.26.0.spdx.rdf.xml japicmp.html rat-report.html security.html surefire-report.html

Sun, 18 Feb 2024 17:49:03 -0800 

Modified: 
websites/production/commons/content/proper/commons-compress/japicmp.html
==============================================================================
--- websites/production/commons/content/proper/commons-compress/japicmp.html 
(original)
+++ websites/production/commons/content/proper/commons-compress/japicmp.html 
Mon Feb 19 01:48:59 2024
@@ -464,7 +464,7 @@ ul {
                     <td>New:</td><td>commons-compress-1.26.0.jar</td>
                 </tr>
                 <tr>
-                    <td>Created:</td><td>2024-02-19T01:13:43.967+0000</td>
+                    <td>Created:</td><td>2024-02-19T01:48:47.855+0000</td>
                 </tr>
                 <tr>
                     <td>Access modifier filter:</td><td>PROTECTED</td>

Modified: 
websites/production/commons/content/proper/commons-compress/rat-report.html
==============================================================================
--- websites/production/commons/content/proper/commons-compress/rat-report.html 
(original)
+++ websites/production/commons/content/proper/commons-compress/rat-report.html 
Mon Feb 19 01:48:59 2024
@@ -287,7 +287,7 @@
 *****************************************************
 Summary
 -------
-Generated at: 2024-02-19T01:13:40Z
+Generated at: 2024-02-19T01:48:45Z
 
 Notes: 4
 Binaries: 2

Modified: 
websites/production/commons/content/proper/commons-compress/security.html
==============================================================================
--- websites/production/commons/content/proper/commons-compress/security.html 
(original)
+++ websites/production/commons/content/proper/commons-compress/security.html 
Mon Feb 19 01:48:59 2024
@@ -274,6 +274,31 @@
         privately to the Apache Security Team. Thank you.</p>
 
         <section>
+<h3><a name="Fixed_in_Apache_Commons_Compress_1.26.0"></a>Fixed in Apache 
Commons Compress 1.26.0</h3>
+          
+<p><b>Important: Denial of Service</b> <a class="externalLink" 
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25710";>CVE-2024-25710</a></p>
+          
+<p>This affects version 1.3 through 1.25.0.</p>
+          
+<p>This denial of service is caused by an infinite loop reading a corrupted 
DUMP file.</p>
+          
+<p>Users are recommended to upgrade to version 1.26.0 which fixes the 
issue.</p>
+          
+<p>Credit to Yakov Shafranovich, Amazon Web Services (reporter).</p>
+
+          
+<p><b>Moderate: Denial of Service</b> <a class="externalLink" 
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26308";>CVE-2024-26308</a></p>
+          
+<p>You can get an OutOfMemoryError unpacking a broken Pack200 file.</p>
+          
+<p>This issue affects Commons Compress 1.21 before 1.26.0.</p>
+          
+<p>Users are recommended to upgrade to version 1.26.0 which fixes the 
issue.</p>
+          
+<p>Credit to Yakov Shafranovich, Amazon Web Services (reporter).</p>
+        </section>
+
+        <section>
 <h3><a name="Fixed_in_Apache_Commons_Compress_1.24.0"></a>Fixed in Apache 
Commons Compress 1.24.0</h3>
           
 <p><b>Moderate: Denial of Service</b> <a class="externalLink" 
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42503";>CVE-2023-42503</a></p>

Reply via email to