You are viewing a plain text version of this content. The canonical link for it is here.

Posted to server-dev@james.apache.org by bt...@apache.org on 2018/08/21 02:44:52 UTC

[3/5] james-project git commit: JAMES-2426 Update commons-compress to 1.18

JAMES-2426 Update commons-compress to 1.18

This fixes CVE-2018-11771 which reported a denial of service.

>From CVE announcement:

When reading a specially crafted ZIP archive, the read method of
ZipArchiveInputStream can fail to return the correct EOF indication
after the end of the stream has been reached.  When combined with a
java.io.InputStreamReader this can lead to an infinite stream, which
can be used to mount a denial of service attack against services that
use Compress' zip package.


Project: http://git-wip-us.apache.org/repos/asf/james-project/repo
Commit: http://git-wip-us.apache.org/repos/asf/james-project/commit/82c630b5
Tree: http://git-wip-us.apache.org/repos/asf/james-project/tree/82c630b5
Diff: http://git-wip-us.apache.org/repos/asf/james-project/diff/82c630b5

Branch: refs/heads/master
Commit: 82c630b5ec633d5720861790b5616f77ba844b0e
Parents: bec7e45
Author: Benoit Tellier <bt...@linagora.com>
Authored: Fri Aug 17 10:54:06 2018 +0700
Committer: Benoit Tellier <bt...@linagora.com>
Committed: Tue Aug 21 09:42:39 2018 +0700

----------------------------------------------------------------------
 mailbox/backup/pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/james-project/blob/82c630b5/mailbox/backup/pom.xml
----------------------------------------------------------------------
diff --git a/mailbox/backup/pom.xml b/mailbox/backup/pom.xml
index 7118ae5..82cc587 100644
--- a/mailbox/backup/pom.xml
+++ b/mailbox/backup/pom.xml
@@ -63,7 +63,7 @@
         <dependency>
             <groupId>org.apache.commons</groupId>
             <artifactId>commons-compress</artifactId>
-            <version>1.17</version>
+            <version>1.18</version>
         </dependency>
         <dependency>
             <groupId>org.assertj</groupId>


---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org