pdfbox-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tilman Hausherr <THaush...@t-online.de>
Subject Re: PDFBox: Java Deserialization
Date Sat, 05 Mar 2016 16:53:48 GMT
Am 05.03.2016 um 17:46 schrieb Gary Grosso:
> Hi Tilman,
>
> My interest in this is only casual at this point (wanting only to be knowledgeable if
someone asks), but I am unable to find that message.

It was in the dev list - and here's my answers:
https://mail-archives.apache.org/mod_mbox/pdfbox-dev/201601.mbox/%3C56A378EC.4000705%40t-online.de%3E
https://mail-archives.apache.org/mod_mbox/pdfbox-dev/201601.mbox/%3C56A37B30.40502%40t-online.de%3E

Tilman

>
> Thanks,
> Gary
>
>
>
> -----Original Message-----
> From: Tilman Hausherr [mailto:THausherr@t-online.de]
> Sent: Saturday, March 5, 2016 2:28 AM
> To: users@pdfbox.apache.org
> Subject: Re: PDFBox: Java Deserialization
>
> I already answered on January 22.
>
> Tilman
>
> Am 05.03.2016 um 00:01 schrieb Kiernan, Dan:
>> Good afternoon, our company utilizes the PDFBox software and have been notified by
our internal IT staff that there is a potential risk for programs developed with Java code,
where they deserialize untrusted data without verifying the results first.  Would anyone on
this mailing list be able to advise as to whether this particular software is at risk.
>>
>> Additional background about the vulnerability is available at the following web link:
 http://cwe.mitre.org/data/definitions/502.html
>>
>> Due to the nature of this particular risk our company is very concerned and appreciate
any insight and assistance in determining this would be appreciated.  If there are any questions
or concerns please do not hesitate to contact me.
>>
>> Thank you,
>> Dan Kiernan
>> The Principal Financial Group(r) | Connect with Us on Twitter<http://www.twitter.com/theprincipal>
| Facebook<http://www.facebook.com/PrincipalFinancial> | Blog<blog.principal.com>
| LinkedIn<http://www.principal.com/linkedin> | YouTube<http://www.youtube.com/principalfinancial>
>>
>>
>>
>> -----Message Disclaimer-----
>>
>> This e-mail message is intended only for the use of the individual or entity to which
it is addressed, and may contain information that is privileged, confidential and exempt from
disclosure under applicable law. If you are not the intended recipient, any dissemination,
distribution or copying of this communication is strictly prohibited. If you have received
this communication in error, please notify us immediately by reply email to Connect@principal.com
and delete or destroy all copies of the original message and attachments thereto. Email sent
to or from the Principal Financial Group or any of its member companies may be retained as
required by law or regulation.
>>
>> Nothing in this message is intended to constitute an Electronic signature for purposes
of the Uniform Electronic Transactions Act (UETA) or the Electronic Signatures in Global and
National Commerce Act ("E-Sign") unless a specific statement to the contrary is included in
this message.
>>
>> If you no longer wish to receive any further solicitation from the Principal Financial
Group you may unsubscribe at https://www.principal.com/do-not-contact-form any time.
>>
>> If you are a Canadian resident and no longer wish to receive commercial electronic
messages you may unsubscribe at https://www.principal.com/do-not-email-request-canadian-residents
any time.
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@pdfbox.apache.org
> For additional commands, e-mail: users-help@pdfbox.apache.org
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@pdfbox.apache.org
> For additional commands, e-mail: users-help@pdfbox.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@pdfbox.apache.org
For additional commands, e-mail: users-help@pdfbox.apache.org


Mime
View raw message