poi-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Allison, Timothy B." <talli...@mitre.org>
Subject RE: [ANNOUNCE] Apache POI 3.17 released
Date Tue, 19 Sep 2017 11:56:52 GMT
David,
  Thank you for raising this issue.  If fellow devs are +1, I can fill out the paper work.
 Single CVE or multiple?

      Best,

             Tim

-----Original Message-----
From: davidedillard@gmail.com [mailto:davidedillard@gmail.com] 
Sent: Monday, September 18, 2017 12:40 PM
To: user@poi.apache.org
Subject: Re: [ANNOUNCE] Apache POI 3.17 released

On 2017-09-16 18:06, Andreas Beeker <kiwiwings@apache.org> wrote: 
> The Apache POI project is pleased to announce the release of POI 3.17.
> Featured are a handful of new areas of functionality, and numerous bug fixes.
> Changes
> ------------
> The most notable changes in this release are:
> 
> - Various modules: add sanity checks and fix infinite loops / OOMs 
> caused by fuzzed data

I've looked through the specific changes and several appear to be vulnerabilities (e.g. 61294
and 61300 among others).  Is the POI project planning to get CVEs for these issues?  If not,
I'm happy to get them myself.  It makes the world a better place :-)


Thanks,

David

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@poi.apache.org For additional commands, e-mail: user-help@poi.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@poi.apache.org
For additional commands, e-mail: user-help@poi.apache.org


Mime
View raw message