edubuntu-bugs team mailing list archive

[Launchpad Bug Tracker <1814133@xxxxxxxxxxxxxxxxxx>]

This bug was fixed in the package libcommons-compress-java -
1.18-1~18.04

---------------
libcommons-compress-java (1.18-1~18.04) bionic; urgency=medium

  * Backport for OpenJDK 11 (dependency of libapache-poi-java). LP:
#1814133.

libcommons-compress-java (1.18-1) unstable; urgency=medium

  * Team upload.
  * New upstream version 1.18.
    - Fix CVE-2018-11771.
      When reading a specially crafted ZIP archive, the read method of Apache
      Commons Compress ZipArchiveInputStream can fail to return the correct EOF
      indication after the end of the stream has been reached. When combined
      with a java.io.InputStreamReader this can lead to an infinite stream,
      which can be used to mount a denial of service attack against services
      that use Compress' zip package. Thanks to Salvatore Bonaccorso for the
      report. (Closes: #906301)
  * Declare compliance with Debian Policy 4.2.0.

libcommons-compress-java (1.17-1) unstable; urgency=medium

  * Team upload.
  * New upstream release
    - Removed the CVE-2018-1324 patch (fixed upstream)
    - New build dependency on libmaven-antrun-plugin-java
    - Disabled Brotli support (dependency not in Debian)
    - Disabled Zstandard support (dependency not in Debian)
  * Rebuilt with Java 8 compatibility (Closes: #903774)
  * Standards-Version updated to 4.1.5
  * Use salsa.debian.org Vcs-* URLs

 -- Matthias Klose <doko@xxxxxxxxxx>  Fri, 01 Mar 2019 17:57:29 +0100

** Changed in: libcommons-lang3-java (Ubuntu Bionic)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Edubuntu
Bugsquad, which is subscribed to geogebra in Ubuntu.
https://bugs.launchpad.net/bugs/1814133

Title:
  update to openjdk 11 in 18.04 LTS

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ca-certificates-java/+bug/1814133/+subscriptions