Am 05.03.2016 um 17:46 schrieb Gary Grosso:
Hi Tilman,
My interest in this is only casual at this point (wanting only to be
knowledgeable if someone asks), but I am unable to find that message.
It was in the dev list - and here's my answers:
https://mail-archives.apache.org/mod_mbox/pdfbox-dev/201601.mbox/%3C56A378EC.4000705%40t-online.de%3E
https://mail-archives.apache.org/mod_mbox/pdfbox-dev/201601.mbox/%3C56A37B30.40502%40t-online.de%3E
Tilman
Thanks,
Gary
-----Original Message-----
From: Tilman Hausherr [mailto:[email protected]]
Sent: Saturday, March 5, 2016 2:28 AM
To: [email protected]
Subject: Re: PDFBox: Java Deserialization
I already answered on January 22.
Tilman
Am 05.03.2016 um 00:01 schrieb Kiernan, Dan:
Good afternoon, our company utilizes the PDFBox software and have been notified
by our internal IT staff that there is a potential risk for programs developed
with Java code, where they deserialize untrusted data without verifying the
results first. Would anyone on this mailing list be able to advise as to
whether this particular software is at risk.
Additional background about the vulnerability is available at the following web
link: http://cwe.mitre.org/data/definitions/502.html
Due to the nature of this particular risk our company is very concerned and
appreciate any insight and assistance in determining this would be appreciated.
If there are any questions or concerns please do not hesitate to contact me.
Thank you,
Dan Kiernan
The Principal Financial Group(r) | Connect with Us on Twitter<http://www.twitter.com/theprincipal> |
Facebook<http://www.facebook.com/PrincipalFinancial> | Blog<blog.principal.com> |
LinkedIn<http://www.principal.com/linkedin> | YouTube<http://www.youtube.com/principalfinancial>
-----Message Disclaimer-----
This e-mail message is intended only for the use of the individual or entity to
which it is addressed, and may contain information that is privileged,
confidential and exempt from disclosure under applicable law. If you are not
the intended recipient, any dissemination, distribution or copying of this
communication is strictly prohibited. If you have received this communication
in error, please notify us immediately by reply email to [email protected]
and delete or destroy all copies of the original message and attachments
thereto. Email sent to or from the Principal Financial Group or any of its
member companies may be retained as required by law or regulation.
Nothing in this message is intended to constitute an Electronic signature for purposes of
the Uniform Electronic Transactions Act (UETA) or the Electronic Signatures in Global and
National Commerce Act ("E-Sign") unless a specific statement to the contrary is
included in this message.
If you no longer wish to receive any further solicitation from the Principal
Financial Group you may unsubscribe at
https://www.principal.com/do-not-contact-form any time.
If you are a Canadian resident and no longer wish to receive commercial
electronic messages you may unsubscribe at
https://www.principal.com/do-not-email-request-canadian-residents any time.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
