Hi Tilman, My interest in this is only casual at this point (wanting only to be knowledgeable if someone asks), but I am unable to find that message.
Thanks, Gary -----Original Message----- From: Tilman Hausherr [mailto:[email protected]] Sent: Saturday, March 5, 2016 2:28 AM To: [email protected] Subject: Re: PDFBox: Java Deserialization I already answered on January 22. Tilman Am 05.03.2016 um 00:01 schrieb Kiernan, Dan: > Good afternoon, our company utilizes the PDFBox software and have been > notified by our internal IT staff that there is a potential risk for programs > developed with Java code, where they deserialize untrusted data without > verifying the results first. Would anyone on this mailing list be able to > advise as to whether this particular software is at risk. > > Additional background about the vulnerability is available at the following > web link: http://cwe.mitre.org/data/definitions/502.html > > Due to the nature of this particular risk our company is very concerned and > appreciate any insight and assistance in determining this would be > appreciated. If there are any questions or concerns please do not hesitate > to contact me. > > Thank you, > Dan Kiernan > The Principal Financial Group(r) | Connect with Us on > Twitter<http://www.twitter.com/theprincipal> | > Facebook<http://www.facebook.com/PrincipalFinancial> | > Blog<blog.principal.com> | LinkedIn<http://www.principal.com/linkedin> | > YouTube<http://www.youtube.com/principalfinancial> > > > > -----Message Disclaimer----- > > This e-mail message is intended only for the use of the individual or entity > to which it is addressed, and may contain information that is privileged, > confidential and exempt from disclosure under applicable law. If you are not > the intended recipient, any dissemination, distribution or copying of this > communication is strictly prohibited. If you have received this communication > in error, please notify us immediately by reply email to > [email protected] and delete or destroy all copies of the original > message and attachments thereto. Email sent to or from the Principal > Financial Group or any of its member companies may be retained as required by > law or regulation. > > Nothing in this message is intended to constitute an Electronic signature for > purposes of the Uniform Electronic Transactions Act (UETA) or the Electronic > Signatures in Global and National Commerce Act ("E-Sign") unless a specific > statement to the contrary is included in this message. > > If you no longer wish to receive any further solicitation from the Principal > Financial Group you may unsubscribe at > https://www.principal.com/do-not-contact-form any time. > > If you are a Canadian resident and no longer wish to receive commercial > electronic messages you may unsubscribe at > https://www.principal.com/do-not-email-request-canadian-residents any time. > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
