Accepted libpdfbox-java 1:1.7.0+dfsg-4+deb7u1 (source all) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 06 Jun 2016 13:28:50 +0200
Source: libpdfbox-java
Binary: libpdfbox-java libpdfbox-java-doc libjempbox-java libjempbox-java-doc libfontbox-java libfontbox-java-doc
Architecture: source all
Version: 1:1.7.0+dfsg-4+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
libfontbox-java - Java font library
libfontbox-java-doc - Java font library (Documentation)
libjempbox-java - XMP Compatible Java Library
libjempbox-java-doc - XMP Compatible Java Library (documentation)
libpdfbox-java - PDF library for Java
libpdfbox-java-doc - PDF library for Java (documentation)
Changes:
libpdfbox-java (1:1.7.0+dfsg-4+deb7u1) wheezy-security; urgency=high
.
* Non-maintainer upload by the LTS team.
* Fix CVE-2016-2175:
Apache PDFBox parses different XML data within PDF files such as XMP and
the initialization of the XML parsers did not protect against XML External
Entity (XXE) vulnerabilities. According to www.owasp.org: "This attack
may lead to the disclosure of confidential data, denial of service, server
side request forgery, port scanning from the perspective of the machine
where the parser is located, and other system impacts."
Checksums-Sha1:
cb04eb1b47b7ab1102c5369464a73a6ccc4dd65f 2689 libpdfbox-java_1.7.0+dfsg-4+deb7u1.dsc
b9cec2b2f3d2ac84ac9f8b0097de4df3ab40914b 5522984 libpdfbox-java_1.7.0+dfsg.orig.tar.gz
0a8c54d8d5327cbdae13f3bd4cca2f3de378c932 10064 libpdfbox-java_1.7.0+dfsg-4+deb7u1.debian.tar.gz
e35256649e06265276cda6dc9c3befa392004cd2 8832958 libpdfbox-java_1.7.0+dfsg-4+deb7u1_all.deb
fc26fe678cd0856d4e804e66ab2172b7f761e2b8 1367764 libpdfbox-java-doc_1.7.0+dfsg-4+deb7u1_all.deb
c25392edda3ea736af0a26e02f1c051fb44451c4 55786 libjempbox-java_1.7.0+dfsg-4+deb7u1_all.deb
78c969d8ffb289d9c97ae4e83afc05caa74dd2ee 97402 libjempbox-java-doc_1.7.0+dfsg-4+deb7u1_all.deb
18635edfb1fb96f379c94425ae07f3275e4cafbc 178346 libfontbox-java_1.7.0+dfsg-4+deb7u1_all.deb
215ef112e1f00d690154c857d6bcca7c2ee4324d 171824 libfontbox-java-doc_1.7.0+dfsg-4+deb7u1_all.deb
Checksums-Sha256:
2483d992fa800d60a613a0c4c387bb9d2184833741fdc9e936513f181e58e8e8 2689 libpdfbox-java_1.7.0+dfsg-4+deb7u1.dsc
0b396e625ca312536db4f82a4863c1c08fc972aa278f9622a7a9981fb0622e31 5522984 libpdfbox-java_1.7.0+dfsg.orig.tar.gz
b5dc1e790eea9a475e93d3c9f00cba5fc2c793296a6dc7e4acbf6ca21d07929a 10064 libpdfbox-java_1.7.0+dfsg-4+deb7u1.debian.tar.gz
4bf6f89539c6adc0c5c70828eb07f4c1d9f0a26c4e41267bbb2eb84bccf86b66 8832958 libpdfbox-java_1.7.0+dfsg-4+deb7u1_all.deb
adbdf0a498cb891bda7fe2c8957fe0f677b47266a03ceb801064ea9394235c8e 1367764 libpdfbox-java-doc_1.7.0+dfsg-4+deb7u1_all.deb
ed756eb268eb8aa6708cff66dadf120aee6f4eab8d026ef91a86af02f05a3415 55786 libjempbox-java_1.7.0+dfsg-4+deb7u1_all.deb
ca8ecaa6c1caa95def4954cc3b67644c46eedf6ce66577daba962d4cadd6eb05 97402 libjempbox-java-doc_1.7.0+dfsg-4+deb7u1_all.deb
8784aa94c4edab971f18ea563a4a7e115ff6767d673e8ceae4b3f0f4f76133a3 178346 libfontbox-java_1.7.0+dfsg-4+deb7u1_all.deb
bd48bc842d7abc60b1f6c891bf1efb3c12b29b4bfe8d6bd763fe4b4156af7625 171824 libfontbox-java-doc_1.7.0+dfsg-4+deb7u1_all.deb
Files:
6f64eef24b89b21553488c789f4c32d2 2689 java extra libpdfbox-java_1.7.0+dfsg-4+deb7u1.dsc
d0ab1b38f03d009748268c600af69695 5522984 java extra libpdfbox-java_1.7.0+dfsg.orig.tar.gz
9156f5e387f038e40c0c032ed452debe 10064 java extra libpdfbox-java_1.7.0+dfsg-4+deb7u1.debian.tar.gz
33099519cedf001719112e182dbdd21a 8832958 java extra libpdfbox-java_1.7.0+dfsg-4+deb7u1_all.deb
bb1ffe1ef03bb3a714afcce9dbe91105 1367764 doc extra libpdfbox-java-doc_1.7.0+dfsg-4+deb7u1_all.deb
fcdc6d86badef03406d20749641a6f09 55786 java extra libjempbox-java_1.7.0+dfsg-4+deb7u1_all.deb
4b60e5ee5d10f617e667d9f6073f321a 97402 doc extra libjempbox-java-doc_1.7.0+dfsg-4+deb7u1_all.deb
42ce7f6f1817fc03df3f060aed910000 178346 java extra libfontbox-java_1.7.0+dfsg-4+deb7u1_all.deb
495739bf4d26e1c7b31904e9aa57c0b5 171824 doc extra libfontbox-java-doc_1.7.0+dfsg-4+deb7u1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQJ8BAEBCgBmBQJXVWDwXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE
OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1Hkd24P/RjPUqtv04RgD528GG/YycN1
t8btyr6+Ml4bAdVbWGwbq568WTeGUCWA0saNz8DDUcfKqxpNFk/+F7S2eINbegBE
COhNvcOyWHPMVLuqSUYkXZLbz26SLaWT1nZ6BHxf+xQW4rA8TG9TTmh6fzw/mP0E
y5fmTC87XslGlgo3Ij0oxvB4WM/oeP8SQNhA5ZDApJ/KasxNbJyyAmPLYp5aLyA8
FkkGGZZcj2PHVn3tUacyZ1JpebMqKZJI+J0B28bMcAG47HnuUDQmb4IHQ+xwGhY8
KbZS5gqCtC3lUu93boogKuAmWvIxPssIGB9HtLTHS1ien8ubu4o57KuJoK+x81dV
Y9nlvFn/ZXyhlG5nsgDV0+i7rFm26O9/Yk5WUKjWlzAZwvSVscy/xQyz8cRZAJLp
ZQrPEl1oD79tfxa+A3I8S4EZl431HQHTKmet73LEiCSfE8B1GimPf6mJALXGxSft
+P/34zdd+bDY8yg60CHRg7Wi9nXB9CgDrx1acLGaqHly8Z+GoGT3d8L7oFkYmoXb
2qTP7YXDYfgqmZUTyPYut66W2Kjl+NJJrQjQiKKXD5oS/TnWZgpjT7Wug5sT8UfR
4e+PVlVNqZ40qhkCRkbQpCdslwqbLoVxFnsKkYTqVOc5NRCvKXWt6h2LO/8fII0a
8/Pl/jF4LUYAsi7TNr4M
=A3+f
-----END PGP SIGNATURE-----