Bug#825501: CVE-2016-4434

On Thu, Jan 18, 2018 at 10:36:24PM +0100, Salvatore Bonaccorso wrote: > > > That link says: > > > Versions Affected: > > > Apache Tika 0.10 to 1.12 > > > > > > So perhaps 1.5 isn't affected after all? I tried to find the relevant > > > commit in the upstream git but failed :( > > > > Commit

Bug#825501: CVE-2016-4434

Hi Faidon, On Fri, Jan 12, 2018 at 07:54:58PM +0100, Moritz Muehlenhoff wrote: > On Thu, Jan 11, 2018 at 02:03:23PM +0200, Faidon Liambotis wrote: > > On Fri, May 27, 2016 at 11:58:33AM +0200, Moritz Muehlenhoff wrote: > > > please see http://seclists.org/oss-sec/2016/q2/413 for details. > > > >

Bug#825501: CVE-2016-4434

On Thu, Jan 11, 2018 at 02:03:23PM +0200, Faidon Liambotis wrote: > On Fri, May 27, 2016 at 11:58:33AM +0200, Moritz Muehlenhoff wrote: > > please see http://seclists.org/oss-sec/2016/q2/413 for details. > > That link says: > Versions Affected: > Apache Tika 0.10 to 1.12 > > So perhaps 1.5

Bug#825501: CVE-2016-4434

On Fri, May 27, 2016 at 11:58:33AM +0200, Moritz Muehlenhoff wrote: > please see http://seclists.org/oss-sec/2016/q2/413 for details. That link says: Versions Affected: Apache Tika 0.10 to 1.12 So perhaps 1.5 isn't affected after all? I tried to find the relevant commit in the upstream git

Bug#825501: CVE-2016-4434

Thank you for the notice Moritz. Tika isn't really used in Debian yet, I packaged it as a dependency of Apache JMeter but didn't enable it. I'll fix it in unstable, but I don't think it's worth fixing in Jessie. Emmanuel Bourg __ This is the maintainer address of Debian's Java team

Bug#825501: CVE-2016-4434

Source: tika Severity: grave Tags: security Hi, please see http://seclists.org/oss-sec/2016/q2/413 for details. Cheers, Moritz __ This is the maintainer address of Debian's Java team . Please use debian-j...@