Accepted libapache-poi-java 3.17-1 (source) into unstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 17 Jan 2019 10:43:53 +0100
Source: libapache-poi-java
Binary: libapache-poi-java libapache-poi-java-doc
Architecture: source
Version: 3.17-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Emmanuel Bourg <ebourg@apache.org>
Description:
libapache-poi-java - Apache POI - Java API for Microsoft Documents
libapache-poi-java-doc - Apache POI - Java API for Microsoft Documents (Documentation)
Closes: 800958 858301 888651
Changes:
libapache-poi-java (3.17-1) unstable; urgency=medium
.
* Team upload.
* New upstream release (Closes: #800958)
- Fixes CVE-2017-5644: XML Entity Expansion (XEE) attack with specially
crafted OOXML file (Closes: #858301)
- Fixes CVE-2017-12626: Infinite Loops while parsing crafted WMF, EMF, MSG
and macros. Out of memory errors while parsing crafted DOC, PPT and XLS
(Closes: #888651)
- Refreshed the patches
- New dependencies on libcurvesapi-java and libcommons-collections4-java
- Updated the path to the Maven artifacts produced by the build
- Added xmlbeans to the build classpath
- Patched the xsds to resolve the external schemas in offline mode
- Disabled the JMH benchmarks
* Build with Java 8 temporarily
* Standards-Version updated to 4.3.0
Checksums-Sha1:
f3709123708d1e328d320baa668b2e065e4a96f3 2504 libapache-poi-java_3.17-1.dsc
6b31a72cdca37494362ca9a0dc9b2095d543ff26 71723032 libapache-poi-java_3.17.orig.tar.xz
3a3bebb374f4a459482092f1d5d115814e8aa03a 11736 libapache-poi-java_3.17-1.debian.tar.xz
309fe75367457bc457c1165558a61071865fcf2c 14547 libapache-poi-java_3.17-1_source.buildinfo
Checksums-Sha256:
112ae1fe5383bdaa9cf1db75b0eb65da5a319e4cf3efc5eb71732267e7bb2ba1 2504 libapache-poi-java_3.17-1.dsc
d6491e73830b0331e66a431fd9823f682ac1a81b80412f28658d32018b6dec1e 71723032 libapache-poi-java_3.17.orig.tar.xz
319489d9cf3b659f8d3369d53dc61c71c8e44558a064a13a9edcca473a6d677e 11736 libapache-poi-java_3.17-1.debian.tar.xz
3dc591d35fdf0bc203a3744ca0e11bc1d0c4d44b79541005407462f94dc72296 14547 libapache-poi-java_3.17-1_source.buildinfo
Files:
490ac72e18356a51470a5107d2a61f01 2504 java optional libapache-poi-java_3.17-1.dsc
85b30b6906fc2943cf2817c4f718b323 71723032 java optional libapache-poi-java_3.17.orig.tar.xz
c747cabf11998ed0a73aa6a9cfa3a1cd 11736 java optional libapache-poi-java_3.17-1.debian.tar.xz
955554d170ef838800e4a1543c728bcf 14547 java optional libapache-poi-java_3.17-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJGBAEBCgAwFiEEuM5N4hCA3PkD4WxA9RPEGeS50KwFAlxAVEMSHGVib3VyZ0Bh
cGFjaGUub3JnAAoJEPUTxBnkudCsIiIP/jlWPBZsfjuWDjuk+t1wyWi73X1iUu6N
t4nd9u4omGhCNjTVuCw825VoyHS3k7erXakyfMtxk5RpGLWn4Ifj2kEYHVfCYb4d
HMA94lu2tPpRhS5BCLN9H6BxskIPi06S1FYb5DqbT+m4ZIPDtMV5d8DG50F6xieh
ygM070ZyD3IYBblYKXkQmoBsL80c8gdCLIozJpbG3zMV69P6GQDwurAnajBs7tdY
vMP0h3nRyHn3IrlAHvrFgWy6xxlcMiv1y2G/xtREQr339rTqpIF7SZBSZ17gQIjY
srWwZygAIF8AKMjPpB0oNZZgGz0SnApgkpotgiaLVp9i7vHy2hMdtlIWoz0s9qoP
M9eQyvTMlWYh72vCiqc0guAycPBrFSKK/CdOHh38jAZYmU9hh/E6oEaQ1BHktIQp
edIw7/GSbAjkKdJKITfMt5KFd6LfFuJVUODuBFE/M1AGNCyu/PL7uFQfPmaURmRE
h/lFKUtX57Hk3EZx6OWQ3QJzt0volmoNTpY9O3kUlWI7XfWsxHpil0WxV3xV/zwv
Pl4FuTeNor14hXlwD4HbniDShwpyfUfma812b7cmAwP8qi51iUhsGV9NQNFunzo7
UkGBGKxPzb/MgqNOYvhdyBqjbP6sxFEp97mXbUkt7yM0ehLtROw9CTlz0MceWNX5
09UVHKPhvN0Y
=TMsi
-----END PGP SIGNATURE-----