I did the upgrade in rev. 1342326; tests pass and the system seems to work properly (but I did a cursory review of applications). Please let me know if you see/experience any issues and I will fix them.
Regards, Jacopo On May 23, 2012, at 6:12 PM, Jacopo Cappellato wrote: > Yeah > > I got it earlier today too and I was in fact working on the upgrade > > Thanks > > Jacopo > > On May 23, 2012, at 6:07 PM, Adrian Crum wrote: > >> >> >> -------- Original Message -------- >> Subject: [CVE-2012-2098] Apache Commons Compress and Apache Ant denial >> of service vulnerability >> Date: Wed, 23 May 2012 16:00:48 +0200 >> From: Stefan Bodewig <bode...@apache.org> >> Reply-To: Commons Developers List <d...@commons.apache.org> >> To: d...@commons.apache.org, u...@commons.apache.org, d...@ant.apache.org, >> u...@ant.apache.org, annou...@apache.org, secur...@apache.org, >> full-disclos...@lists.grok.org.uk, bugt...@securityfocus.com, David Jorm >> <dj...@redhat.com> >> >> CVE-2012-2098: Apache Commons Compress and Apache Ant denial of service >> vulnerability >> >> Severity: Low >> >> Vendor: >> The Apache Software Foundation >> >> Versions Affected: >> Apache Commons Compress 1.0 to 1.4 >> Apache Ant 1.5 to 1.8.3 >> >> Description: >> The bzip2 compressing streams in Apache Commons Compress and Apache Ant >> internally use sorting algorithms with unacceptable worst-case >> performance on very repetitive inputs. A specially crafted input to >> Compress' BZip2CompressorOutputStream or Ant's <bzip2> task can be used >> to make the process spend a very long time while using up all available >> processing time effectively leading to a denial of service. >> >> Mitigation: >> Commons Compress users should upgrade to 1.4.1 >> Ant users should upgrade to 1.8.4 >> >> Credit: >> This issue was discovered by David Jorm of the Red Hat Security Response >> Team. >> >> References: >> >> http://commons.apache.org/compress/security.html >> http://ant.apache.org/security.html >> >> >> Stefan Bodewig >> >> >> <Attached Message Part.txt><Attached Message Part> >