1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • Bug#1064413: libcommons-compress-java: CVE-2024-25710

    From Salvatore Bonaccorso@21:1/5 to All on Wed Feb 21 21:00:01 2024
    Source: libcommons-compress-java
    Version: 1.25.0-1
    Severity: important
    Tags: security upstream
    X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
    Control: found -1 1.22-1
    Control: found -1 1.20-1

    Hi,

    The following vulnerability was published for libcommons-compress-java.

    CVE-2024-25710[0]:
    | Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability
    | in Apache Commons Compress.This issue affects Apache Commons
    | Compress: from 1.3 through 1.25.0. Users are recommended to upgrade
    | to version 1.26.0 which fixes the issue.


    If you fix the vulnerability please also make sure to include the
    CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

    For further information see:

    [0] https://security-tracker.debian.org/tracker/CVE-2024-25710
    https://www.cve.org/CVERecord?id=CVE-2024-25710
    [1] https://www.openwall.com/lists/oss-security/2024/02/19/1

    Regards,
    Salvatore

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)