-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : libpdfbox-java Version : 1:1.7.0+dfsg-4+deb7u1 CVE ID : CVE-2016-2175
Apache PDFBox did not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted PDF. This may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts. For Debian 7 "Wheezy", these problems have been fixed in version 1:1.7.0+dfsg-4+deb7u1. We recommend that you upgrade your libpdfbox-java packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQJ8BAEBCgBmBQJXV+QkXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1Hkg/AP/3HuIFIPLlfjfXMy/W4xaZGR Qh+a/C5FGzwVntog5PAQ2qDHutDLkAtF/fs86i6rNun/BiaacEIK03uRFPvqnXl1 9nr8Lzbbn72mYM+Ve+d13AtdWC1npbUSubMIDGzBefqxRrpIrTXlUVQCNts9UL/U 2m7tuJdyEZXXYZ2inqA3ujN57ZD/RFB1dn78FWOQX7gAgVUvN+599aMwBo9Ge9NC q3j/Ozf/tCs1Sy6ybi7Dn0lhHl5Af25lYgCYa2p4fpySSvLIGuogtOcjNTM6pAyc wbJ0BBhxHjk8a6nj2AW0EdKSJLJGtoBPvvjjWE/REmiVH5CrdXtcA5IL+eQ/KsQI QrldIlOAQZCJiI9MRyitq7xX4zGfPJZ/OpOD2m9l2a5sQ0Pv0gMoJ8Y1flAanNH1 Cu2hNnLuhHNoCp7m3VEVTPxIRPhaJre4Jg/NbGeGUKBfbTIS3mIqS83sUGYMxJrQ 2RWqGoPGVq5K2Xv+XUO1iObJpnSX0wyefcDc8hJS3p9pdBKSQv2mKrbTjF2lld1Q J0201+vilPLsQQym9G1XoX/k+Q2s+eBM7pPKireFe+mStu2+DYdbh8pZLq/5Y6g9 u6jT3zMMTcl7HDSl2ro+Hg9j++Pl61qr2fI53IaThxNhL0c/6/JN2dawvrd0bZ+i O4J6Z54BgDnfPDn+IUF8 =iomC -----END PGP SIGNATURE-----