Y. You got CVE-2019-10088: https://github.com/apache/tika/commit/426be73b9e7500fa3d441231fa4e473de34743f6
Two other commits you'll want are the following CVE-2019-10093: https://github.com/apache/tika/commit/81c21ab0aac6b3e4102a1a8906c8c7eab6f96dae CVE-2019-10094: https://github.com/apache/tika/commit/c4e63c9be8665cccea8b680c59a6f5cfbc03e0fc On Fri, Aug 9, 2019 at 10:14 AM Hugo Lefeuvre <[email protected]> wrote: > > Dear tika developers, > > I'd like to backport the security fixes for CVE-2019-10088, CVE-2019-10093 > and CVE-2019-10094 to older tika releases in Debian. > > I had a look at the changelog, the corresponding commit seems to be > https://github.com/apache/tika/commit/426be73b9e7500fa3d441231fa4e473de34743f6 > > Can anybody confirm? Are there other fixes I should consider applying? > > thanks! > > regards, > Hugo Lefeuvre (Debian LTS team) > > -- > Hugo Lefeuvre (hle) | www.owl.eu.com > RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD > ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C
