CVE-2019-12402

Priority
Description
The file name encoding algorithm used internally in Apache Commons Compress
1.15 to 1.18 can get into an infinite loop when faced with specially
crafted inputs. This can lead to a denial of service attack if an attacker
can choose the file names inside of an archive created by Compress.
Notes
Package
Upstream:released (1.18-3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (code not present)
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 19.04 (Disco Dingo):needed
Ubuntu 19.10 (Eoan):not-affected (1.18-3)
More Information

Updated: 2019-10-18 02:44:05 UTC (commit cccfc4426d8c1fbf582a89d981fe7fc812124543)