* CVE-2018-17201 Description: "Certain input files could make the code hang when Apache Sanselan 0.97-incubator was used to parse them, which could be used in a DoS attack. Note that Apache Sanselan (incubating) was renamed to Apache Commons Imaging." URL: https://lists.apache.org/thread.html/cd37861963aa6d2694c8947d464c99614d3e1a9db6c1a2a8b7b5840a@%3Cdev.commons.apache.org%3E * CVE-2018-17202 Description: "Certain input files could make the code to enter into an infinite loop when Apache Sanselan 0.97-incubator was used to parse them, which could be used in a DoS attack. Note that Apache Sanselan (incubating) was renamed to Apache Commons Imaging." URL: https://lists.apache.org/thread.html/69204376d12205b0d2d90e6fcbeebb99b894e6db88c8ff565c4e1efa@%3Cdev.commons.apache.org%3E
Please bump to 1.0-alpha1 or newer (alpha2 is latest at time of writing).
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b85f0b6e93f0992b51ca729c1ff0494516104ae3 commit b85f0b6e93f0992b51ca729c1ff0494516104ae3 Author: Volkmar W. Pogatzki <gentoo@pogatzki.net> AuthorDate: 2022-01-22 19:17:22 +0000 Commit: Florian Schmaus <flow@gentoo.org> CommitDate: 2022-01-23 09:40:28 +0000 dev-java/commons-imaging: bump to 1.0_alpha2 Bug: https://bugs.gentoo.org/739352 Package-Manager: Portage-3.0.28, Repoman-3.0.3 Signed-off-by: Volkmar W. Pogatzki <gentoo@pogatzki.net> Signed-off-by: Florian Schmaus <flow@gentoo.org> dev-java/commons-imaging/Manifest | 1 + .../commons-imaging-1.0_alpha2.ebuild | 41 ++++++++++++++++++++++ 2 files changed, 42 insertions(+)
Thanks! All done.
