Bug#825501: marked as done (CVE-2016-4434)

Sat, 19 Jan 2019 15:39:22 -0800 

Your message dated Sat, 19 Jan 2019 23:35:47 +0000
with message-id <e1gl09t-0002mx...@fasolo.debian.org>
and subject line Bug#825501: fixed in tika 1.18-1
has caused the Debian Bug report #825501,
regarding CVE-2016-4434
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
825501: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=825501
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Source: tika
Severity: grave
Tags: security

Hi,
please see http://seclists.org/oss-sec/2016/q2/413  for details.

Cheers,
        Moritz

--- End Message ---
--- Begin Message --- 
Source: tika
Source-Version: 1.18-1

We believe that the bug you reported is fixed in the latest version of
tika, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 825...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Emmanuel Bourg <ebo...@apache.org> (supplier of updated tika package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 20 Jan 2019 00:08:04 +0100
Source: tika
Binary: libtika-java
Architecture: source
Version: 1.18-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 
<pkg-java-maintain...@lists.alioth.debian.org>
Changed-By: Emmanuel Bourg <ebo...@apache.org>
Description:
 libtika-java - Apache Tika - content analysis toolkit
Closes: 825501 900000
Changes:
 tika (1.18-1) unstable; urgency=medium
 .
   * New upstream release
     - Fixes CVE-2016-4434: XML External Entity vulnerability (Closes: #825501)
     - Fixes CVE-2018-1339: Infinite loop in the CHM parser (Closes: #900000)
     - Refreshed the patches
     - Ignore the new dl, eval, langdetect and nlp modules
     - New dependencies on libcommons-exec-java, libjackson2-annotations-java,
       libjackson2-core-java, libjackson2-databind-java, libhttpmime-java,
       libjsoup-java, libuima-core-java, libandroid-json-org-java
       and libjson-simple-java
     - Depend on libpdfbox2-java instead of libpdfbox-java
     - Depend on librome-java (>= 1.6)
     - Depend on libapache-mime4j-java (>= 0.8.1)
     - Depend on libapache-poi-java (>= 3.17)
     - Ignore the new parsers with missing dependencies
   * Enabled the mp4 parser
   * Fixed the build failure with Java 11
Checksums-Sha1:
 575e3b998aa917b405dc0d860d9254055ed35a9b 2668 tika_1.18-1.dsc
 5e3296e786017f6c48e5b037119e67def2b7b108 2460536 tika_1.18.orig.tar.xz
 7fa2e01a7b678acd0028c6f39ca57fc6ac76366c 7320 tika_1.18-1.debian.tar.xz
 1921c9105f2727a8094a9d2d906b0334f3598307 16596 tika_1.18-1_source.buildinfo
Checksums-Sha256:
 64eaa3dedec4a74f16b9d4b753aff226f671fa3399817e137dceb74e1828b84b 2668 
tika_1.18-1.dsc
 b107c1519f69cc041185984a765cc210d84063a77376ff7d726b504284be24d7 2460536 
tika_1.18.orig.tar.xz
 ef44ba42e64edd844bc4c410039278a2e49e904026d979f23a07e9e9f0c5a676 7320 
tika_1.18-1.debian.tar.xz
 b4c7d09d00afdb25f263a7f9fa78e4a911d2009e4bd79a5f1bd033615ce81284 16596 
tika_1.18-1_source.buildinfo
Files:
 76ece2170ee72d09da4f0a28e64b7156 2668 java optional tika_1.18-1.dsc
 8a059ae0583ee590437b70cbddcb1473 2460536 java optional tika_1.18.orig.tar.xz
 36aadb1079dfa3e34c4bb767b39eed56 7320 java optional tika_1.18-1.debian.tar.xz
 3fd0aaefd99a576a824db645f2da4892 16596 java optional 
tika_1.18-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJGBAEBCgAwFiEEuM5N4hCA3PkD4WxA9RPEGeS50KwFAlxDrmESHGVib3VyZ0Bh
cGFjaGUub3JnAAoJEPUTxBnkudCs2MYQAKv03Susi/IF0UkPZ6noCfvtzDewzewe
dNG7p6izgZd01FNPc+Tv4glLHbsN0LpU/OGVZgf4UJFld6pwmVPQr0msy171tjmr
A+UkQKeARq4zMPAAbs0tbtENEkTo2tNK6KfYil/Zu6fWkC4fy0aDgCwgubux0xoW
p1wrSxQ4IiSioNkI0abE/P5QguwSCiuX89rj0Y+VGcKuIrTm8tu2l33bvpgHDHXJ
m2iyB7EtvwlaEdSjkH8sPusAuutb/1d4gofCNwV5OoVsKBKv8RN73yxExeDf7K9e
mdFDMh1LnLx+7tCRwH1kEN1vwvKviuv60SLKcnfp9JyQ8g76fZn0WQCpo6HGMrij
lIgXvDE94O2+R09CqpJJVl7fe6GjVJo7DUnHOLnqHX7wx+qtuxoSGavQptSoOvGf
/6ITBu6TljTutEWNENcVYqZ1vEoDiODa2cmbYGkxHpjrLl1esnfQdrgGRh/1vKU1
20AvYyFwHDdfqC6T3Cg+cMLDZtnsAiyPkrkrjmCFbMF4u1LJYZ8Luon8uC+vm0Db
a03aSS5Y4FY7xDlNPa5iY9ZZWpiAuadezw11riUIqeXPIBur0xJQvLuW4/cWMGAt
mGRkHXeN44M1F+Qy4EPhX/t13GPkJ4tF4eiEoNWd0LTbrDPgBP6tXdRoOoY7xc4D
D1rUqW6jxCq8
=l2eo
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to