tika-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jukka Zitting (JIRA)" <j...@apache.org>
Subject [jira] [Created] (TIKA-932) Upgrade to Commons Compress 1.4.1
Date Wed, 23 May 2012 14:58:40 GMT
Jukka Zitting created TIKA-932:
----------------------------------

             Summary: Upgrade to Commons Compress 1.4.1
                 Key: TIKA-932
                 URL: https://issues.apache.org/jira/browse/TIKA-932
             Project: Tika
          Issue Type: Improvement
          Components: parser
            Reporter: Jukka Zitting
            Assignee: Jukka Zitting
            Priority: Minor
             Fix For: 1.2


There's a denial of service vulnerability (CVE-2012-2098) in Commons Compress versions up
to 1.4 (we currently use 1.3) that can be triggered with a specially crafted bzip2 document.

Tika already has higher-level features (ForkParser, etc.) for dealing with problems like this,
but it would in any case be good to upgrade our Commons Compress dependency to the new 1.4.1
release that fixes the vulnerability.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message