[SECURITY] Fedora 16 Update: apache-commons-compress-1.4.1-1.fc16
updates at fedoraproject.org
updates at fedoraproject.org
Sun Jun 3 23:26:27 UTC 2012
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-8465
2012-05-27 01:33:41
--------------------------------------------------------------------------------
Name : apache-commons-compress
Product : Fedora 16
Version : 1.4.1
Release : 1.fc16
URL : http://commons.apache.org/compress/
Summary : Java API for working with tar, zip and bzip2 files
Description :
The code in this component came from Avalon's Excalibur, but originally
from Ant, as far as life in Apache goes. The tar package is originally
Tim Endres' public domain package. The bzip2 package is based on the
work done by Keiron Liddle. It has migrated via:
Ant -> Avalon-Excalibur -> Commons-IO -> Commons-Compress.
--------------------------------------------------------------------------------
Update Information:
Update to 1.4.1, fixing CVE-2012-2098
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 24 2012 Sandro Mathys <red at fedoraproject.org> - 1.4.1-1
- Updated to 1.4.1
- Fixes CVE-2012-2098 Low: Denial of Service
* Fri Apr 27 2012 Sandro Mathys <red at fedoraproject.org> - 1.4-1
- Updated to 1.4
* Thu Jan 12 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Tue Nov 1 2011 Sandro Mathys <red at fedoraproject.org> - 1.3-1
- Updated to 1.3
* Thu Aug 4 2011 Sandro Mathys <red at fedoraproject.org> - 1.2-2
- Fixing mistake where different versions of the spec file got mixed up
* Thu Aug 4 2011 Sandro Mathys <red at fedoraproject.org> - 1.2-1
- Updated to 1.2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #810406 - CVE-2012-2098 apache-commons-compress: denial of service flaw when compressing certain files
https://bugzilla.redhat.com/show_bug.cgi?id=810406
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update apache-commons-compress' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list