You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@commons.apache.org by bo...@apache.org on 2018/05/06 10:40:31 UTC
commons-compress git commit: include CVE-2018-1324 in limitations page
Repository: commons-compress
Updated Branches:
refs/heads/master af0f6c83a -> d3dac8c0f
include CVE-2018-1324 in limitations page
Project: http://git-wip-us.apache.org/repos/asf/commons-compress/repo
Commit: http://git-wip-us.apache.org/repos/asf/commons-compress/commit/d3dac8c0
Tree: http://git-wip-us.apache.org/repos/asf/commons-compress/tree/d3dac8c0
Diff: http://git-wip-us.apache.org/repos/asf/commons-compress/diff/d3dac8c0
Branch: refs/heads/master
Commit: d3dac8c0f50b2e7ae97b764034823adce6878287
Parents: af0f6c8
Author: Stefan Bodewig <bo...@apache.org>
Authored: Sun May 6 12:40:03 2018 +0200
Committer: Stefan Bodewig <bo...@apache.org>
Committed: Sun May 6 12:40:03 2018 +0200
----------------------------------------------------------------------
src/site/xdoc/limitations.xml | 8 ++++++++
1 file changed, 8 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/commons-compress/blob/d3dac8c0/src/site/xdoc/limitations.xml
----------------------------------------------------------------------
diff --git a/src/site/xdoc/limitations.xml b/src/site/xdoc/limitations.xml
index c78adcc..3e9a826 100644
--- a/src/site/xdoc/limitations.xml
+++ b/src/site/xdoc/limitations.xml
@@ -214,6 +214,14 @@
<code>ZipEntry#getTime</code> under the covers which may
return different times for the same archive when using
different versions of Java.</li>
+ <li>In versions of Compress prior to 1.16 a specially crafted
+ ZIP archive can be used to cause an infinite loop inside of
+ Compress' extra field parser used by the <code>ZipFile</code>
+ and <code>ZipArchiveInputStream</code> classes. This can be
+ used to mount a denial of service attack against services
+ that use Compress' zip package. See the <a
+ href="security.html">Security Reports</a> page for
+ details.</li>
</ul>
</section>
<section name="Zstandard">