Your message dated Tue, 22 Jan 2019 09:36:20 +0000
with message-id <[email protected]>
and subject line Bug#914643: fixed in tika 1.20-1
has caused the Debian Bug report #914643,
regarding tika: CVE-2018-8017
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
914643: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914643
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: tika
Version: 1.5-5
Severity: important
Tags: security upstream
Hi,
The following vulnerability was published for tika.
CVE-2018-8017[0]:
| In Apache Tika 1.2 to 1.18, a carefully crafted file can trigger an
| infinite loop in the IptcAnpaParser.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-8017
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8017
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: tika
Source-Version: 1.20-1
We believe that the bug you reported is fixed in the latest version of
tika, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Emmanuel Bourg <[email protected]> (supplier of updated tika package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 22 Jan 2019 10:19:46 +0100
Source: tika
Binary: libtika-java
Architecture: source
Version: 1.20-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers
<[email protected]>
Changed-By: Emmanuel Bourg <[email protected]>
Description:
libtika-java - Apache Tika - content analysis toolkit
Closes: 914643
Changes:
tika (1.20-1) unstable; urgency=medium
.
* New upstream release
- Fixes CVE-2018-8017: Infinite loop in the IptcAnpaParser (Closes:
#914643)
- Refreshed the patches
- New dependency on libgeronimo-annotation-1.3-spec-java
- Depend on libapache-poi-java (>= 4.0)
- New build dependency on libmaven-shade-plugin-java
Checksums-Sha1:
1f54bb95614a92f4a99a5bbbbc44a571ee740642 2733 tika_1.20-1.dsc
0d6d3de71527f2120128d5631abaf2ed93a7627e 2507360 tika_1.20.orig.tar.xz
4eb3c76e81f0b17de3c2b74e56cc7eef456f21aa 7304 tika_1.20-1.debian.tar.xz
89a4ca37a4c2ac2142f66538f1efe463e4c24397 16286 tika_1.20-1_source.buildinfo
Checksums-Sha256:
562b064ae18187e97d830bd60b572834f2284fbc379a0f6dd3a4230557fff26d 2733
tika_1.20-1.dsc
f845d42801bb6a1bed4206728127f37054f923e4ca93999bc1bd9b3c8efd49d0 2507360
tika_1.20.orig.tar.xz
199808667eb2f73de656906da96bb0fc58a3c9b5670f1a0f19df45d6b0e345a3 7304
tika_1.20-1.debian.tar.xz
5828d1fb8ed91d4e420b3164fe02d6840b2cbda67be481706c5cb90343992e24 16286
tika_1.20-1_source.buildinfo
Files:
a01b1a235a41bb1d6931b5fdc634defa 2733 java optional tika_1.20-1.dsc
c31731bf49473d574a244ccd0b9dd92a 2507360 java optional tika_1.20.orig.tar.xz
73f43e860f9e62361e6bd67dd453c4f1 7304 java optional tika_1.20-1.debian.tar.xz
2778c894b97da40252222ddfe9e52d95 16286 java optional
tika_1.20-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJGBAEBCgAwFiEEuM5N4hCA3PkD4WxA9RPEGeS50KwFAlxG4GkSHGVib3VyZ0Bh
cGFjaGUub3JnAAoJEPUTxBnkudCsLB8QAKg0rDOs5u6kaArKCSFLi0cULdlWBu+S
LsUiU0iT7dci8XBbPFLy8MkMVMgKFnqsktlZ0mqFdW/KeqNi4Tu8uA2Zf7chdwuQ
e/Y37gu/+4omUiJZPnYXV+3qax8vr3MbbrC4B+EROMPTkegD0lbNXAUafEFnC3ex
gliCUXYXwS8Kn1oF2qHeihhO3wqWHu6P9u5D/AAdcbkr6/DOnk52RhW6iM0kcyML
3zwcEdaQWdg4+Xt6CPh3EcLj2zoinmm5PV1C9ek0A96wGS89BdLQy7Sb1gHbcpuE
Gcj7q8gkHMu/8Y2h1FHU8gXQmj6NSvlGAnooO8BRZBG06G8qkCxOFWmU6s4GyxkQ
RVaYzAiuTe3Rq37kS34TmeJCttDEl1lPFIZl3hkNJwP9SuytG2xVAN5PI3rW3kLt
/q/qGzY6AbGeoUHhSQb15oeGpI42G5FZF6/3IMXQ87QrqCFMICWeD9UKRr/4v5QX
OJzYPNDK1SE9UHHrqILBxYU7eH8cs205ERy48UjlUOMiUzaAuakySbHVEMpXe/6i
TKMXFgCfB2GkY2+d33CyiQB7D6kqTuMNWnZMt7/0858ME5qjVt2pIhvmFZKFT0dz
5eZnm+wpDzbO+ucCR5Duj+2nqLyd4fKDamrR9qjEhm5qzzAuEV3cIwza15WmuuGm
4LhYRG4RIJmb
=b2dA
-----END PGP SIGNATURE-----
--- End Message ---
