[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

reproducing tika vulnerabilities in jessie/buster

Hi Emmanuel,

I'd like to determine the status of CVE-2019-10094, CVE-2019-10093 and
CVE-2019-10088 in tika[0] for jessie and buster.

I had a look at the source code: so far CVE-2019-10094 and CVE-2019-10088
don't seem to affect jessie. I have doubts concerning CVE-2019-10093.

Being able to reproduce these vulnerabilities would help.

I first thought of passing the reproducers to tika-app.jar, but it looks
like tika-app is not built by the Debian package. The POM is ignored. I
wonder why?

Since you are the Debian maintainer of this package, do you have any
advices which could help me to reproduce these vulnerabilties with the code
from jessie/buster?

thanks for your work!


[0] https://security-tracker.debian.org/tracker/source-package/tika

                Hugo Lefeuvre (hle)    |    www.owl.eu.com
RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD
ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C

Attachment: signature.asc
Description: PGP signature

Reply to: