security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}

To: dev@tika.apache.org
Cc: debian-lts@lists.debian.org
Subject: security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}
From: Hugo Lefeuvre <hle@owl.eu.com>
Date: Fri, 9 Aug 2019 16:14:27 +0200
Message-id: <[🔎] 20190809141427.GC4348@behemoth.owl.eu.com.local>

Dear tika developers,

I'd like to backport the security fixes for CVE-2019-10088, CVE-2019-10093
and CVE-2019-10094 to older tika releases in Debian.

I had a look at the changelog, the corresponding commit seems to be
https://github.com/apache/tika/commit/426be73b9e7500fa3d441231fa4e473de34743f6

Can anybody confirm? Are there other fixes I should consider applying?

thanks!

regards,
Hugo Lefeuvre (Debian LTS team)

-- 
                Hugo Lefeuvre (hle)    |    www.owl.eu.com
RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD
ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C

Attachment: signature.asc
Description: PGP signature

Reply to:

Follow-Ups:
- Re: security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}
  - From: Tim Allison <tallison@apache.org>

Prev by Date: Re: imagemagick: CVE-2019-13305/CVE-2019-13306
Next by Date: LTS
Previous by thread: Re: imagemagick: CVE-2019-13305/CVE-2019-13306
Next by thread: Re: security fixes for CVE-2019-10088 and CVE-2019-1009{3,4}
Index(es):
- Date
- Thread