tika_1.22-1_source.changes ACCEPTED into unstable
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Mon Aug 5 11:09:53 BST 2019
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 05 Aug 2019 11:41:25 +0200
Source: tika
Architecture: source
Version: 1.22-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
Changed-By: Emmanuel Bourg <ebourg at apache.org>
Closes: 933744 933745 933746
Changes:
tika (1.22-1) unstable; urgency=medium
.
* New upstream release
- Fixes CVE-2019-10088: A carefully crafted or corrupt zip file can cause
an out of memory error in RecursiveParserWrapper (Closes: #933744)
- Fixes CVE-2019-10094: A carefully crafted package/compressed file that,
when unzipped/uncompressed yields the same file (a quine), causes a stack
overflow error in RecursiveParserWrapper (Closes: #933746)
- Fixes CVE-2019-10093: A carefully crafted 2003ml or 2006ml file could
consume all available SAXParsers in the pool and lead to very long hangs.
(Closes: #933745)
- Refreshed the patches
- Ignore the new dependency on c3p0 (not used)
Checksums-Sha1:
69ec0990d617453dfe50b66c1fad682e3f11326c 2754 tika_1.22-1.dsc
88c6cc8d3b91c77a12f7eb421acc94cf65ee4fd4 23333532 tika_1.22.orig.tar.xz
e29a2e8bbbbfea3fd6b4554404d1ea742bee78b0 7640 tika_1.22-1.debian.tar.xz
454be34f89e6dfaccb2cc0f5f8d91da6a6c7b355 13207 tika_1.22-1_source.buildinfo
Checksums-Sha256:
ade5061dae979d66afa77b99e498c29ba6cec0e902f3700f6c87430e52030453 2754 tika_1.22-1.dsc
0407432e3581a65530fd8bff13f2848894b03b28fd46dc0dd7b16daa60b0f559 23333532 tika_1.22.orig.tar.xz
b4820f6b2d679f81256d584b96e26487e804b9448b0030808d4a87973d53b41f 7640 tika_1.22-1.debian.tar.xz
857a247817eb93f5d160a51df9b1aea56ef331633d7230b42312281e167ad6fd 13207 tika_1.22-1_source.buildinfo
Files:
9a53af116bd589963b241af204cb2db2 2754 java optional tika_1.22-1.dsc
ac1619d5a5612b5c2f2fb878225354ce 23333532 java optional tika_1.22.orig.tar.xz
e738ec8a00850fd72c579dfbbf15daee 7640 java optional tika_1.22-1.debian.tar.xz
0255bed2399db3962e55bcadaab90b20 13207 java optional tika_1.22-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJGBAEBCgAwFiEEuM5N4hCA3PkD4WxA9RPEGeS50KwFAl1H+ssSHGVib3VyZ0Bh
cGFjaGUub3JnAAoJEPUTxBnkudCsE+EQALAtKL/wuLNvZUK82WgK54pVUbdR7Igm
l2t9iv8JSbIWh3tqaOpQfORHzDNpOsy8sDmnaUaKB2pRl/GFLgvyWLoglc/nyLN+
Uq4PriQP2WfynEjyN5cDTe0BPX+YMO20Sd85ki/6cgF31i3KdAeH7wKob4Jc60/p
QRahBbDNVum8KB16+DQTv0Lzrx0tMpCcwRWSMGhPv0BFpOzDF5HdtWg33YG+1ysW
z8ev1eBunIuglxpPfX5muCluBv6V9skrNTTHypD+eumsOSwE2AI+VGNtfGcOioIh
1q0BD8kBK0iG+VSiy91QaH83ADt4cIHfeKnC+svrHA9aZM5cf4X2qtKILuCDuuQv
YXsHm/VX/YgNFkZ1jJER4gmiNkcMMI5ufUAAAIxeuhiovtywLC2QdqplwHB6HpuK
IQt2N/1jVXoPvZWcivuYyx3QW1fVi69ItlXqq1RxwjPFh3MVCiL7xNDFBnQyGdLH
bpw5Cil1PI507FIfEhSoaH6nzcEgVGTbhDHYF6LMeAoFA7vUaRQH5l4YOFTpJNRW
XGkpNSYfYw8ZxpsD6zFma3HuPzPipe04lnUG+LgnmosI7Lh5Tl50fLRquU8LaufY
cgO9R8IJF9qHiDlrU6NchCJ/3ttlIwHdL40M2XmaYZedME44lNiOc89QLSx/e443
CI8LHIJZ+OKn
=VfAq
-----END PGP SIGNATURE-----
Thank you for your contribution to Debian.
More information about the pkg-java-maintainers
mailing list