Candidate: CVE-2012-2098
PublicDate: 2012-06-29 19:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2098
 http://www.securitytracker.com/id?1027096
 http://secunia.com/advisories/49255
 http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081746.html
 http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081697.html
 http://commons.apache.org/compress/security.html
 http://ant.apache.org/security.html
Description:
 Algorithmic complexity vulnerability in the sorting algorithms in bzip2
 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress
 before 1.4.1 allows remote attackers to cause a denial of service (CPU
 consumption) via a file with many repeating inputs.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=674448
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_libcommons-compress-java:
upstream_libcommons-compress-java: released (1.4.1-1)
hardy_libcommons-compress-java: DNE
lucid_libcommons-compress-java: ignored (reached end-of-life)
natty_libcommons-compress-java: ignored (reached end-of-life)
oneiric_libcommons-compress-java: ignored (reached end-of-life)
precise_libcommons-compress-java: ignored (reached end-of-life)
precise/esm_libcommons-compress-java: DNE (precise was needed)
quantal_libcommons-compress-java: not-affected (1.4.1-1)
raring_libcommons-compress-java: not-affected (1.4.1-1)
saucy_libcommons-compress-java: not-affected (1.4.1-1)
trusty_libcommons-compress-java: not-affected (1.4.1-1)
trusty/esm_libcommons-compress-java: DNE (trusty was not-affected [1.4.1-1])
utopic_libcommons-compress-java: not-affected (1.4.1-1)
vivid_libcommons-compress-java: not-affected (1.4.1-1)
vivid/stable-phone-overlay_libcommons-compress-java: DNE
vivid/ubuntu-core_libcommons-compress-java: DNE
wily_libcommons-compress-java: not-affected (1.4.1-1)
xenial_libcommons-compress-java: not-affected (1.4.1-1)
yakkety_libcommons-compress-java: not-affected (1.4.1-1)
zesty_libcommons-compress-java: not-affected (1.4.1-1)
devel_libcommons-compress-java: not-affected (1.4.1-1)