On 2017-09-16 18:06, Andreas Beeker <[email protected]> wrote: > The Apache POI project is pleased to announce the release of POI 3.17. > Featured are a handful of new areas of functionality, and numerous bug fixes. > Changes > ------------ > The most notable changes in this release are: > > - Various modules: add sanity checks and fix infinite loops / OOMs caused by > fuzzed data
I've looked through the specific changes and several appear to be vulnerabilities (e.g. 61294 and 61300 among others). Is the POI project planning to get CVEs for these issues? If not, I'm happy to get them myself. It makes the world a better place :-) Thanks, David --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
