Hi everyone,
Security team: thanks for your input.
PuppetDB/Clojure maintainers: draft plan in this mail, feedback welcome.
Moritz Mühlenhoff (2018-12-31):
> On Mon, Dec 31, 2018 at 08:04:18AM +0100, Salvatore Bonaccorso wrote:
> > Furthermore if we only update to 1.13 there are likely some of
On Mon, Dec 31, 2018 at 08:04:18AM +0100, Salvatore Bonaccorso wrote:
> Hi Cyril,
>
>
> https://security-tracker.debian.org/tracker/source-package/tika
>
> Furthermore if we only update to 1.13 there are likely some of the
> currently CVEs which will make tika affected, because
> the issue was
Hi Cyril,
[I have not looked in detail on your poposal this is mainly focusing on
one item below]
On Mon, Dec 31, 2018 at 01:13:51AM +0100, Cyril Brulebois wrote:
> Heya,
>
> Not the maintainer either, just joining the fun to see if I can help get
> stuff to move; my main motivation behind this
Heya,
Not the maintainer either, just joining the fun to see if I can help get
stuff to move; my main motivation behind this is trying to get the
puppetdb → pantomime-clojure → tika dependency chain in a suitable state
for buster (other *-clojure packages need fixing, but FTBFSes have
patches/MRs
On Thu, Jan 18, 2018 at 10:36:24PM +0100, Salvatore Bonaccorso wrote:
> > > That link says:
> > > Versions Affected:
> > > Apache Tika 0.10 to 1.12
> > >
> > > So perhaps 1.5 isn't affected after all? I tried to find the relevant
> > > commit in the upstream git but failed :(
> >
> > Commit
Hi Faidon,
On Fri, Jan 12, 2018 at 07:54:58PM +0100, Moritz Muehlenhoff wrote:
> On Thu, Jan 11, 2018 at 02:03:23PM +0200, Faidon Liambotis wrote:
> > On Fri, May 27, 2016 at 11:58:33AM +0200, Moritz Muehlenhoff wrote:
> > > please see http://seclists.org/oss-sec/2016/q2/413 for details.
> >
>
On Thu, Jan 11, 2018 at 02:03:23PM +0200, Faidon Liambotis wrote:
> On Fri, May 27, 2016 at 11:58:33AM +0200, Moritz Muehlenhoff wrote:
> > please see http://seclists.org/oss-sec/2016/q2/413 for details.
>
> That link says:
> Versions Affected:
> Apache Tika 0.10 to 1.12
>
> So perhaps 1.5
On Fri, May 27, 2016 at 11:58:33AM +0200, Moritz Muehlenhoff wrote:
> please see http://seclists.org/oss-sec/2016/q2/413 for details.
That link says:
Versions Affected:
Apache Tika 0.10 to 1.12
So perhaps 1.5 isn't affected after all? I tried to find the relevant
commit in the upstream git
Thank you for the notice Moritz. Tika isn't really used in Debian yet, I
packaged it as a dependency of Apache JMeter but didn't enable it. I'll
fix it in unstable, but I don't think it's worth fixing in Jessie.
Emmanuel Bourg
Source: tika
Severity: grave
Tags: security
Hi,
please see http://seclists.org/oss-sec/2016/q2/413 for details.
Cheers,
Moritz
10 matches
Mail list logo
