{"id":"MGASA-2014-0056","summary":"Updated plexus-archiver package fixes security vulnerability","details":"Algorithmic complexity vulnerability in the sorting algorithms in bzip2\ncompressing stream (BZip2CompressorOutputStream) in Apache Commons Compress\nbefore 1.4.1 allows remote attackers to cause a denial of service (CPU\nconsumption) via a file with many repeating inputs (CVE-2012-2098).\n\nplexus-archiver used an embedded copy of the affected code from Apache\nCommons Compress, and therefore was affected by this.  It has been patched\nto use the apache-commons-compress package, in which this issue has already\nbeen fixed, for bzip2 compression and decompression.\n","modified":"2026-04-16T06:22:53.548382295Z","published":"2014-02-12T17:07:07Z","upstream":["CVE-2012-2098"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2014-0056.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=6331"},{"type":"WEB","url":"https://lists.fedoraproject.org/pipermail/package-announce/2012-June/081697.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/pipermail/package-announce/2013-May/105060.html"}],"affected":[{"package":{"name":"plexus-archiver","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/plexus-archiver?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.3-1.1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0056.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}