[Git][security-tracker-team/security-tracker][master] libcommons-compress-java fixed in sid

Fri Nov 15 15:16:43 GMT 2024


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ec78ba85 by Moritz Muehlenhoff at 2024-11-15T16:16:34+01:00
libcommons-compress-java fixed in sid

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -77486,18 +77486,19 @@ CVE-2023-50257 (eProsima Fast DDS (formerly Fast RTPS) is a C++ implementation o
 	NOTE: https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-v5r6-8mvh-cp98
 	NOTE: https://github.com/eProsima/Fast-DDS/commit/f2e5ceae8fbea0a6c9445a366faaca0b98a8ef86
 CVE-2024-26308 (Allocation of Resources Without Limits or Throttling vulnerability in  ...)
-	- libcommons-compress-java <unfixed> (bug #1064414)
+	- libcommons-compress-java 1.27.1-1 (bug #1064414)
 	[bookworm] - libcommons-compress-java <no-dsa> (Minor issue)
 	[bullseye] - libcommons-compress-java <not-affected> (Vulnerable code introduced later)
 	[buster] - libcommons-compress-java <not-affected> (Vulnerable code introduced later)
 	NOTE: https://www.openwall.com/lists/oss-security/2024/02/19/2
 CVE-2024-25710 (Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability i ...)
-	- libcommons-compress-java <unfixed> (bug #1064413)
+	- libcommons-compress-java 1.27.1-1 (bug #1064413)
 	[bookworm] - libcommons-compress-java <no-dsa> (Minor issue)
 	[bullseye] - libcommons-compress-java <no-dsa> (Minor issue)
 	[buster] - libcommons-compress-java <no-dsa> (Minor issue)
 	NOTE: https://www.openwall.com/lists/oss-security/2024/02/19/1
 	NOTE: Related to and fixed by https://issues.apache.org/jira/browse/COMPRESS-632
+	NOTE: https://github.com/apache/commons-compress/commit/8a9a5847c04ae39a1d45b365f8bb82022466067d (commons-compress-1.26.0-RC1)
 CVE-2024-23114 (Deserialization of Untrusted Data vulnerability in Apache Camel Cassan ...)
 	NOT-FOR-US: Apache Camel
 CVE-2024-22369 (Deserialization of Untrusted Data vulnerability in Apache Camel SQL Co ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec78ba850dbef91f0f375b9e9b10829f0f49b1a6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ec78ba850dbef91f0f375b9e9b10829f0f49b1a6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241115/6c4e3165/attachment.htm>
