Bug#900953: plexus-archiver: CVE-2018-1002200
Salvatore Bonaccorso
carnil at debian.org
Thu Jun 7 10:24:19 BST 2018
Source: plexus-archiver
Version: 3.5-1
Severity: grave
Tags: patch security upstream
Justification: user security hole
Forwarded: https://github.com/codehaus-plexus/plexus-archiver/pull/87
Hi,
The following vulnerability was published for plexus-archiver.
CVE-2018-1002200[0]:
| arbitrary file write vulnerability / arbitrary code execution using a
| specially crafted zip file
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-1002200
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1002200
[1] https://github.com/codehaus-plexus/plexus-archiver/pull/87
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the pkg-java-maintainers
mailing list