Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 739352 (CVE-2018-17201, CVE-2018-17202) - dev-java/commons-imaging: Multiple vulnerabilities (CVE-2018-{17201,17202})
Summary: dev-java/commons-imaging: Multiple vulnerabilities (CVE-2018-{17201,17202})
Status: IN_PROGRESS
Alias: CVE-2018-17201, CVE-2018-17202
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL:
Whiteboard: ~3 [ebuild cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2020-08-28 03:33 UTC by Sam James
Modified: 2020-08-28 03:35 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester gentoo-dev Security 2020-08-28 03:33:25 UTC
* CVE-2018-17201

Description:
"Certain input files could make the code hang when Apache Sanselan 0.97-incubator was used to parse them, which could be used in a DoS attack. Note that Apache Sanselan (incubating) was renamed to Apache Commons Imaging."

URL: https://lists.apache.org/thread.html/cd37861963aa6d2694c8947d464c99614d3e1a9db6c1a2a8b7b5840a@%3Cdev.commons.apache.org%3E

* CVE-2018-17202

Description:
"Certain input files could make the code to enter into an infinite loop when Apache Sanselan 0.97-incubator was used to parse them, which could be used in a DoS attack. Note that Apache Sanselan (incubating) was renamed to Apache Commons Imaging."

URL: https://lists.apache.org/thread.html/69204376d12205b0d2d90e6fcbeebb99b894e6db88c8ff565c4e1efa@%3Cdev.commons.apache.org%3E
Comment 1 Sam James archtester gentoo-dev Security 2020-08-28 03:34:16 UTC
Please bump to 1.0-alpha1 or newer (alpha2 is latest at time of writing).