-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : libpdfbox-java
Version        : 1:1.7.0+dfsg-4+deb7u1
CVE ID         : CVE-2016-2175


Apache PDFBox did not properly initialize the XML parsers, which
allows context-dependent attackers to conduct XML External Entity
(XXE) attacks via a crafted PDF. This may lead to the disclosure of
confidential data, denial of service, server side request forgery,
port scanning from the perspective of the machine where the parser is
located, and other system impacts.

For Debian 7 "Wheezy", these problems have been fixed in version
1:1.7.0+dfsg-4+deb7u1.

We recommend that you upgrade your libpdfbox-java packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQJ8BAEBCgBmBQJXV+QkXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE
OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1Hkg/AP/3HuIFIPLlfjfXMy/W4xaZGR
Qh+a/C5FGzwVntog5PAQ2qDHutDLkAtF/fs86i6rNun/BiaacEIK03uRFPvqnXl1
9nr8Lzbbn72mYM+Ve+d13AtdWC1npbUSubMIDGzBefqxRrpIrTXlUVQCNts9UL/U
2m7tuJdyEZXXYZ2inqA3ujN57ZD/RFB1dn78FWOQX7gAgVUvN+599aMwBo9Ge9NC
q3j/Ozf/tCs1Sy6ybi7Dn0lhHl5Af25lYgCYa2p4fpySSvLIGuogtOcjNTM6pAyc
wbJ0BBhxHjk8a6nj2AW0EdKSJLJGtoBPvvjjWE/REmiVH5CrdXtcA5IL+eQ/KsQI
QrldIlOAQZCJiI9MRyitq7xX4zGfPJZ/OpOD2m9l2a5sQ0Pv0gMoJ8Y1flAanNH1
Cu2hNnLuhHNoCp7m3VEVTPxIRPhaJre4Jg/NbGeGUKBfbTIS3mIqS83sUGYMxJrQ
2RWqGoPGVq5K2Xv+XUO1iObJpnSX0wyefcDc8hJS3p9pdBKSQv2mKrbTjF2lld1Q
J0201+vilPLsQQym9G1XoX/k+Q2s+eBM7pPKireFe+mStu2+DYdbh8pZLq/5Y6g9
u6jT3zMMTcl7HDSl2ro+Hg9j++Pl61qr2fI53IaThxNhL0c/6/JN2dawvrd0bZ+i
O4J6Z54BgDnfPDn+IUF8
=iomC
-----END PGP SIGNATURE-----

Reply via email to