I did the upgrade in rev. 1342326; tests pass and the system seems to work properly (but I did a cursory review of applications).
Please let me know if you see/experience any issues and I will fix them.
Regards,
Jacopo
On May 23, 2012, at 6:12 PM, Jacopo Cappellato wrote:
> Yeah
>
> I got it earlier today too and I was in fact working on the upgrade
>
> Thanks
>
> Jacopo
>
> On May 23, 2012, at 6:07 PM, Adrian Crum wrote:
>
>>
>>
>> -------- Original Message --------
>> Subject: [CVE-2012-2098] Apache Commons Compress and Apache Ant denial of service vulnerability
>> Date: Wed, 23 May 2012 16:00:48 +0200
>> From: Stefan Bodewig <
[hidden email]>
>> Reply-To: Commons Developers List <
[hidden email]>
>> To:
[hidden email],
[hidden email],
[hidden email],
[hidden email],
[hidden email],
[hidden email],
[hidden email],
[hidden email], David Jorm <
[hidden email]>
>>
>> CVE-2012-2098: Apache Commons Compress and Apache Ant denial of service
>> vulnerability
>>
>> Severity: Low
>>
>> Vendor:
>> The Apache Software Foundation
>>
>> Versions Affected:
>> Apache Commons Compress 1.0 to 1.4
>> Apache Ant 1.5 to 1.8.3
>>
>> Description:
>> The bzip2 compressing streams in Apache Commons Compress and Apache Ant
>> internally use sorting algorithms with unacceptable worst-case
>> performance on very repetitive inputs. A specially crafted input to
>> Compress' BZip2CompressorOutputStream or Ant's <bzip2> task can be used
>> to make the process spend a very long time while using up all available
>> processing time effectively leading to a denial of service.
>>
>> Mitigation:
>> Commons Compress users should upgrade to 1.4.1
>> Ant users should upgrade to 1.8.4
>>
>> Credit:
>> This issue was discovered by David Jorm of the Red Hat Security Response
>> Team.
>>
>> References:
>>
>>
http://commons.apache.org/compress/security.html>>
http://ant.apache.org/security.html>>
>>
>> Stefan Bodewig
>>
>>
>> <Attached Message Part.txt><Attached Message Part>
>
Locked
Attached Message Part