Change logs for libcommons-compress-java source package in Disco

libcommons-compress-java (1.18-2) unstable; urgency=medium

  * Team upload.
  * Remove powermock from B-D. See #875358.
  * Declare compliance with Debian Policy 4.3.0.
  * Skip all the tests.

 -- Markus Koschany <email address hidden>  Fri, 01 Mar 2019 23:27:13 +0100

libcommons-compress-java (1.18-1) unstable; urgency=medium

  * Team upload.
  * New upstream version 1.18.
    - Fix CVE-2018-11771.
      When reading a specially crafted ZIP archive, the read method of Apache
      Commons Compress ZipArchiveInputStream can fail to return the correct EOF
      indication after the end of the stream has been reached. When combined
      with a java.io.InputStreamReader this can lead to an infinite stream,
      which can be used to mount a denial of service attack against services
      that use Compress' zip package. Thanks to Salvatore Bonaccorso for the
      report. (Closes: #906301)
  * Declare compliance with Debian Policy 4.2.0.

 -- Markus Koschany <email address hidden>  Wed, 22 Aug 2018 21:43:55 +0200