Tags: security upstream
the following vulnerability was published for libapache-poi-java, I
was not able to verify each other of the upstream bugs, but according
to  any version prior to 3.17 are affected.
Denial of Service Vulnerabilities
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
Please adjust the affected versions in the BTS as needed.
This is the maintainer address of Debian's Java team
debian-j...@lists.debian.org for discussions and questions.