Debian Bug report logs -
#775171
libapache-poi-java: CVE-2014-9527
Reported by: Moritz Muehlenhoff <jmm@inutil.org>
Date: Mon, 12 Jan 2015 06:33:02 UTC
Severity: important
Tags: security
Found in version libapache-poi-java/3.6+dfsg-2
Fixed in version libapache-poi-java/3.10.1-2
Done: Emmanuel Bourg <ebourg@apache.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>:
Bug#775171; Package libapache-poi-java.
(Mon, 12 Jan 2015 06:33:07 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>.
(Mon, 12 Jan 2015 06:33:07 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: libapache-poi-java
Severity: important
Tags: security
Justification: user security hole
This was assigned CVE-2014-9527:
https://issues.apache.org/bugzilla/show_bug.cgi?id=57272
Could you please make a targeted fix for jessie?
Cheers,
Moritz
Reply sent
to Emmanuel Bourg <ebourg@apache.org>:
You have taken responsibility.
(Mon, 12 Jan 2015 15:24:05 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer.
(Mon, 12 Jan 2015 15:24:05 GMT) (full text, mbox, link).
Message #10 received at 775171-close@bugs.debian.org (full text, mbox, reply):
Source: libapache-poi-java
Source-Version: 3.10.1-2
We believe that the bug you reported is fixed in the latest version of
libapache-poi-java, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 775171@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Emmanuel Bourg <ebourg@apache.org> (supplier of updated libapache-poi-java package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Mon, 12 Jan 2015 15:06:33 +0100
Source: libapache-poi-java
Binary: libapache-poi-java libapache-poi-java-doc
Architecture: source all
Version: 3.10.1-2
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Emmanuel Bourg <ebourg@apache.org>
Description:
libapache-poi-java - Apache POI - Java API for Microsoft Documents
libapache-poi-java-doc - Apache POI - Java API for Microsoft Documents (Documentation)
Closes: 775171
Changes:
libapache-poi-java (3.10.1-2) unstable; urgency=medium
.
* Fixed CVE-2014-9527: Infinite loop on corrupted PPT file (Closes: #775171)
* Standards-Version updated to 3.9.6 (no changes)
* Moved the package to Git
Checksums-Sha1:
339c435e1cc8a28444b662ed0e50afc158c8258d 2371 libapache-poi-java_3.10.1-2.dsc
d3e8f2fd81acb131a817dbe76178da8dfe7cb70d 10236 libapache-poi-java_3.10.1-2.debian.tar.xz
30959a4c61ef1062db4542bc6a47de16b57a19bc 7569128 libapache-poi-java_3.10.1-2_all.deb
395a5e0df3fe91fd596cd5fc839cf0a0bf50009d 2700048 libapache-poi-java-doc_3.10.1-2_all.deb
Checksums-Sha256:
48fca34391f6bc6c88b4af20c9d501a51ce3f13af9b0d7cb515738c01d5459c0 2371 libapache-poi-java_3.10.1-2.dsc
556853a5270fcc51222cc87773d9870e8ca452a7266b6d5b66ffade40d95dd99 10236 libapache-poi-java_3.10.1-2.debian.tar.xz
d8063a00792c3114d380b23e9e9909af05487bdbdee7e2355e17cb56248a4746 7569128 libapache-poi-java_3.10.1-2_all.deb
a1dc428c2cd39094d26c0703d92e9a55542bba034e061eec3aa70662cc2c3769 2700048 libapache-poi-java-doc_3.10.1-2_all.deb
Files:
9038c83aa1173f6edf48a67a981681ea 2371 java optional libapache-poi-java_3.10.1-2.dsc
2110ae2b36cf4847c7033c8fa8595718 10236 java optional libapache-poi-java_3.10.1-2.debian.tar.xz
f88821758a7ebcaaef21740932e9e2d1 7569128 java optional libapache-poi-java_3.10.1-2_all.deb
2138ac5f8cef9fd98c2a2e65bac8ac97 2700048 doc optional libapache-poi-java-doc_3.10.1-2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJUs9ZcAAoJEPUTxBnkudCs6ngQAK/d9kMbTxGPxvn0e7EjhKUG
pP4gBegV4sUPG7gfuQwr6QH9fqXCwLjgIysB5SK0FglnyhlQnA0K5s1D6/KxYd6S
pVo4tfqNdrkk2nHI6ceQO90NEkjdQe6uGDGFFjf3LoInavxPY/RO8G7a4LDvlni/
m2/tbZhj66LL8iHTu+jyWLbzPUBwwm9TsTSU2Ld3olYibQdNT3uZokxoGAS9TTLH
RHzo/veOQ39jTHAqUTlKXnJE0XV9xWtF/NNEhQVaehXAvH96oNtqymJUwoZTzkIZ
MfuJMKhYD/8g/zA3+Ejy4iJ66a8k7fMEyTLxR29Y/Ot6Ptqe0qPr9QfRsTt6RIqs
RCNPDxeFU+wQbvpmds0RKTkOIO3BbwyvW6/LbSZUZIKx8xUNG/E+OE9GVOP8ytkG
bd2xpabC7fJ7rjdTeEx65wA0A2xAVcl0dBHKMzge9UueT6Rr8UAM/4KmOuG8s63Q
6PegUkCrmoJ0z4HiBIjlZ9yyO2cac1cRVJ5Q5jGj65QaxZso1uXMtzZNCNWtlXN7
eQQkK2WgbPkdT4NvjZJP7T8zs0UNv6mp/rpGLHh4Yb9gPwXMxPfTwikLUsqeBVfK
d1yNa8snpU6iIfzGeYx10xh4ZbBTnwn4snTIyUFTR38c0CLBVX9E45P2sVX3wjVB
kzopDv/PsTz8FbCCmEAy
=rDdl
-----END PGP SIGNATURE-----
Marked as found in versions libapache-poi-java/3.6+dfsg-2.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Mon, 12 Jan 2015 16:51:05 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 15 Feb 2015 07:30:32 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:05:50 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon