Format: 1.8 Date: Wed, 22 Aug 2018 21:43:55 +0200 Source: libcommons-compress-java Binary: libcommons-compress-java Architecture: all Version: 1.18-1 Distribution: cosmic-proposed Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Markus Koschany Description: libcommons-compress-java - Java API for working with compression and archive formats Closes: 906301 Changes: libcommons-compress-java (1.18-1) unstable; urgency=medium . * Team upload. * New upstream version 1.18. - Fix CVE-2018-11771. When reading a specially crafted ZIP archive, the read method of Apache Commons Compress ZipArchiveInputStream can fail to return the correct EOF indication after the end of the stream has been reached. When combined with a java.io.InputStreamReader this can lead to an infinite stream, which can be used to mount a denial of service attack against services that use Compress' zip package. Thanks to Salvatore Bonaccorso for the report. (Closes: #906301) * Declare compliance with Debian Policy 4.2.0. Checksums-Sha1: 3cea50f8adbf36c2008fbe30c03d86beb5a3d8ba 516560 libcommons-compress-java_1.18-1_all.deb 1a717fcf446ec7bf9b65bd119e4fbacc65541f9a 16228 libcommons-compress-java_1.18-1_amd64.buildinfo Checksums-Sha256: 065c2b2c44a7b76c79429c8d99afe912bd9a5786fa11bef39b243a2781701b21 516560 libcommons-compress-java_1.18-1_all.deb ffa90cd9813ff04e65105f71e9b9aefe214b5dd1361979091bcb142d121eebe7 16228 libcommons-compress-java_1.18-1_amd64.buildinfo Files: 5654135039156503be55115e86447955 516560 java optional libcommons-compress-java_1.18-1_all.deb 608dcb8d0150c7599744246300dc2aa4 16228 java optional libcommons-compress-java_1.18-1_amd64.buildinfo