CVE-2024-25710 (https://lists.apache.org/thread/cz8qkcwphy4cx8gltn932ln51cbtq6kf): Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended to upgrade to version 1.26.0 which fixes the issue. CVE-2024-26308 (https://lists.apache.org/thread/ch5yo2d21p7vlqrhll9b17otbyq4npfg): Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.21 before 1.26. Users are recommended to upgrade to version 1.26, which fixes the issue. Please bump to 1.26.0.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=23e6126e78413dd3dfecec1f1621cb1ca99a37ae commit 23e6126e78413dd3dfecec1f1621cb1ca99a37ae Author: Volkmar W. Pogatzki <gentoo@pogatzki.net> AuthorDate: 2024-02-20 10:42:43 +0000 Commit: Miroslav Šulc <fordfrog@gentoo.org> CommitDate: 2024-03-04 09:13:58 +0000 dev-java/commons-compress: add 1.26.0, drop 1.25.0 (CVE-2024-25710, CVE-2024-26308) Bug: https://bugs.gentoo.org/924996 Signed-off-by: Volkmar W. Pogatzki <gentoo@pogatzki.net> Closes: https://github.com/gentoo/gentoo/pull/35438 Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org> dev-java/commons-compress/Manifest | 4 ++-- ...{commons-compress-1.25.0.ebuild => commons-compress-1.26.0.ebuild} | 3 +++ 2 files changed, 5 insertions(+), 2 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e5951aada98089449c636f4add627f42c579ceb5 commit e5951aada98089449c636f4add627f42c579ceb5 Author: Volkmar W. Pogatzki <gentoo@pogatzki.net> AuthorDate: 2024-03-22 08:04:35 +0000 Commit: Miroslav Šulc <fordfrog@gentoo.org> CommitDate: 2024-03-22 08:42:57 +0000 dev-java/commons-compress: drop 1.21-r1 Bug: https://bugs.gentoo.org/924996 Signed-off-by: Volkmar W. Pogatzki <gentoo@pogatzki.net> Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org> dev-java/commons-compress/Manifest | 1 - .../commons-compress-1.21-r1.ebuild | 121 --------------------- 2 files changed, 122 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8b91b5b15cf475f5a593aa616b7f4a6fb5fe6430 commit 8b91b5b15cf475f5a593aa616b7f4a6fb5fe6430 Author: Volkmar W. Pogatzki <gentoo@pogatzki.net> AuthorDate: 2024-04-14 19:06:09 +0000 Commit: Miroslav Šulc <fordfrog@gentoo.org> CommitDate: 2024-04-14 20:25:02 +0000 dev-java/commons-compress: drop 1.26.0-r1 Bug: https://bugs.gentoo.org/924996 Signed-off-by: Volkmar W. Pogatzki <gentoo@pogatzki.net> Signed-off-by: Miroslav Šulc <fordfrog@gentoo.org> dev-java/commons-compress/Manifest | 2 - .../commons-compress-1.26.0-r1.ebuild | 44 ------ .../files/commons-compress-1.21-asm7+.patch | 164 --------------------- 3 files changed, 210 deletions(-)