Changelog
libcommons-compress-java (1.18-1~18.04) bionic; urgency=medium
* Backport for OpenJDK 11 (dependency of libapache-poi-java). LP: #1814133.
libcommons-compress-java (1.18-1) unstable; urgency=medium
* Team upload.
* New upstream version 1.18.
- Fix CVE-2018-11771.
When reading a specially crafted ZIP archive, the read method of Apache
Commons Compress ZipArchiveInputStream can fail to return the correct EOF
indication after the end of the stream has been reached. When combined
with a java.io.InputStreamReader this can lead to an infinite stream,
which can be used to mount a denial of service attack against services
that use Compress' zip package. Thanks to Salvatore Bonaccorso for the
report. (Closes: #906301)
* Declare compliance with Debian Policy 4.2.0.
libcommons-compress-java (1.17-1) unstable; urgency=medium
* Team upload.
* New upstream release
- Removed the CVE-2018-1324 patch (fixed upstream)
- New build dependency on libmaven-antrun-plugin-java
- Disabled Brotli support (dependency not in Debian)
- Disabled Zstandard support (dependency not in Debian)
* Rebuilt with Java 8 compatibility (Closes: #903774)
* Standards-Version updated to 4.1.5
* Use salsa.debian.org Vcs-* URLs
-- Matthias Klose <email address hidden> Fri, 01 Mar 2019 17:57:29 +0100