Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id C7718200CF7 for ; Tue, 19 Sep 2017 13:57:04 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id C2C1A1609DD; Tue, 19 Sep 2017 11:57:04 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id DDAFA1609DB for ; Tue, 19 Sep 2017 13:57:03 +0200 (CEST) Received: (qmail 94156 invoked by uid 500); 19 Sep 2017 11:57:02 -0000 Mailing-List: contact user-help@poi.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "POI Users List" Delivered-To: mailing list user@poi.apache.org Received: (qmail 94144 invoked by uid 99); 19 Sep 2017 11:57:02 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 19 Sep 2017 11:57:02 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id DDE46183AB7 for ; Tue, 19 Sep 2017 11:57:01 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -2.301 X-Spam-Level: X-Spam-Status: No, score=-2.301 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001] autolearn=disabled Authentication-Results: spamd3-us-west.apache.org (amavisd-new); dkim=pass (1024-bit key) header.d=mitre.onmicrosoft.com Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id NksLZz_Doa0Y for ; Tue, 19 Sep 2017 11:57:00 +0000 (UTC) Received: from smtpvmsrv1.mitre.org (smtpvmsrv1.mitre.org [192.52.194.136]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTP id 2D56960D90 for ; Tue, 19 Sep 2017 11:57:00 +0000 (UTC) Received: from smtpvmsrv1.mitre.org (localhost.localdomain [127.0.0.1]) by localhost (Postfix) with SMTP id 7217C6C01A5 for ; Tue, 19 Sep 2017 07:56:59 -0400 (EDT) Received: from imshyb02.MITRE.ORG (imshyb02.mitre.org [129.83.29.3]) by smtpvmsrv1.mitre.org (Postfix) with ESMTP id 6565A6C009A for ; Tue, 19 Sep 2017 07:56:59 -0400 (EDT) Received: from imshyb02.MITRE.ORG (129.83.29.3) by imshyb02.MITRE.ORG (129.83.29.3) with Microsoft SMTP Server (TLS) id 15.0.1263.5; Tue, 19 Sep 2017 07:56:59 -0400 Received: from gcc01-CY1-obe.outbound.protection.outlook.com (10.140.19.249) by imshyb02.MITRE.ORG (129.83.29.3) with Microsoft SMTP Server (TLS) id 15.0.1263.5 via Frontend Transport; Tue, 19 Sep 2017 07:56:59 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mitre.onmicrosoft.com; s=selector1-mitre-org; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=qshj6q8pOIkBBeIujF1xBwz8P33oCDPHag1k3LXPz8Q=; b=nu4Dtt1oSZ9QX7yhLad2RQY1nzr19t4O0hJmwqkQBTaOHPVoekwL9brHv3kQBSqHcoKX0zZ1S4/Aql1x38UpqcCw+hKsKfYyLmAYbvYQjjHh3P2mcCc4H7vT8QJ/JzE5cxxymatsDyrP7Sp7irrBsxn0dAGPM7ql08Yt08jBc0o= Received: from MWHPR09MB1391.namprd09.prod.outlook.com (10.172.51.17) by MWHPR09MB1390.namprd09.prod.outlook.com (10.172.51.16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.56.11; Tue, 19 Sep 2017 11:56:52 +0000 Received: from MWHPR09MB1391.namprd09.prod.outlook.com ([10.172.51.17]) by MWHPR09MB1391.namprd09.prod.outlook.com ([10.172.51.17]) with mapi id 15.20.0056.016; Tue, 19 Sep 2017 11:56:52 +0000 From: "Allison, Timothy B." To: POI Users List Subject: RE: [ANNOUNCE] Apache POI 3.17 released Thread-Topic: [ANNOUNCE] Apache POI 3.17 released Thread-Index: AQHTLzhAb8BQmmF4hUKKG/9Da2weR6K62zKAgAFCRMA= Date: Tue, 19 Sep 2017 11:56:52 +0000 Message-ID: References: <7c7bc413-5f87-0cea-16e1-043b2fd3b80a@apache.org> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=tallison@mitre.org; x-originating-ip: [192.160.51.89] x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1;MWHPR09MB1390;6:ovYW/crcUlfhzaftgDmq0q12qyRyDoy1MW3d+cZiLAQDo1xY8+s8pmpy+eZXWS0q0S/fvWdCaMQWD1AhvQnESrJBpMZrgrlilgSQUi7gxgv7mzfeJU8/Nb8zvqJg6e94Q+SS1eTDfkUQO25VGkmcFllVcl7Im8KUhvRCRjtsZRGOfjqoJ67NopTV9ioUDYl4JSFJmGiAXlCO5/QB4xdlbZQ44H9dggFBC7RDzd0qOOIloQXgvr3vztAddETcxu707EhoBm4nAARati4SRlWswRqIQcoCdvQgDw2snK4alXatY2w/ElB34ZoaqTFuEzacIGA9nEp8jHc3J1f0yJIxUg==;5:p1kC0RDQXSikFsq9kgqR6B1AmTwD+atQQDPf4oepE64y8EjFYH3wnTK/axswrudK0PcZl/rtN6dSqKARw/sM8LL7948mec7yCpm1b1Kgoj+iDzYegCtzrPpLCXoFJ7lnNygFE4w6ySjdo0v7mn4ouA==;24:JXhtfAv+OwPLVFlJVz8nDV2rNHfvJ+mDaT5jRQSZh3ZVaoW/wf3lYzQb/wekjfBPkITxwJVnENPsCL6hW1SWOvJ5weG0BsEDlucO0G6ft4Y=;7:wtP4ZrAzKIKlUZc+F03CVvYpeq7LZ7y9WxGMs76GokKli8ma4MxK1OZH5wTcB6yxVPwRnIvsjAOHO8NWSsV9+Pt3S3WmP9+1K+rSy4jhpXQe3931W0+bLbFdv7fTWfV5aukZwHEcREFffcDRXi+M5HjZX/kq7gmKJfPXTzwgoouCpQIJ/JyZVuSBuiqehSX4IyrFdo7lyuWOwmA6IXft0fH15lNJgkt5und61xwbY8A= x-ms-exchange-antispam-srfa-diagnostics: SSOS; x-ms-office365-filtering-correlation-id: 83174146-4cee-4227-01bb-08d4ff558484 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(300000500095)(300135000095)(300000501095)(300135300095)(22001)(300000502095)(300135100095)(2017030254152)(48565401081)(300000503095)(300135400095)(2017052603199)(201703131423075)(201703031133081)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095);SRVR:MWHPR09MB1390; x-ms-traffictypediagnostic: MWHPR09MB1390: x-exchange-antispam-report-test: UriScan:; x-microsoft-antispam-prvs: x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(93006095)(93001095)(3002001)(10201501046)(100000703101)(100105400095)(6055026)(6041248)(20161123560025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123555025)(20161123564025)(20161123562025)(20161123558100)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095);SRVR:MWHPR09MB1390;BCL:0;PCL:0;RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095);SRVR:MWHPR09MB1390; x-forefront-prvs: 04359FAD81 x-forefront-antispam-report: SFV:NSPM;SFS:(10009020)(6009001)(346002)(376002)(13464003)(199003)(377424004)(189002)(252514010)(24454002)(377454003)(2950100002)(105586002)(6916009)(478600001)(68736007)(7696004)(55016002)(9686003)(99286003)(25786009)(106356001)(53936002)(102836003)(6246003)(6116002)(66066001)(3846002)(86362001)(53546010)(229853002)(3280700002)(8936002)(54356999)(76176999)(7736002)(14454004)(305945005)(316002)(81166006)(2906002)(345774005)(2900100001)(189998001)(50986999)(3660700001)(81156014)(8676002)(5660300001)(74316002)(77096006)(97736004)(6506006)(33656002)(101416001)(6436002);DIR:OUT;SFP:1101;SCL:1;SRVR:MWHPR09MB1390;H:MWHPR09MB1391.namprd09.prod.outlook.com;FPR:;SPF:None;PTR:InfoNoRecords;A:1;MX:1;LANG:en; received-spf: None (protection.outlook.com: mitre.org does not designate permitted sender hosts) spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Sep 2017 11:56:52.4129 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: c620dc48-1d50-4952-8b39-df4d54d74d82 X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR09MB1390 X-OriginatorOrg: mitre.org X-MITRE: 8GQsMWxq66rxk57w archived-at: Tue, 19 Sep 2017 11:57:05 -0000 David, Thank you for raising this issue. If fellow devs are +1, I can fill out = the paper work. Single CVE or multiple? Best, Tim -----Original Message----- From: davidedillard@gmail.com [mailto:davidedillard@gmail.com]=20 Sent: Monday, September 18, 2017 12:40 PM To: user@poi.apache.org Subject: Re: [ANNOUNCE] Apache POI 3.17 released On 2017-09-16 18:06, Andreas Beeker wrote:=20 > The Apache POI project is pleased to announce the release of POI 3.17. > Featured are a handful of new areas of functionality, and numerous bug fi= xes. > Changes > ------------ > The most notable changes in this release are: >=20 > - Various modules: add sanity checks and fix infinite loops / OOMs=20 > caused by fuzzed data I've looked through the specific changes and several appear to be vulnerabi= lities (e.g. 61294 and 61300 among others). Is the POI project planning to= get CVEs for these issues? If not, I'm happy to get them myself. It make= s the world a better place :-) Thanks, David --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscribe@poi.apache.org For additional comm= ands, e-mail: user-help@poi.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscribe@poi.apache.org For additional commands, e-mail: user-help@poi.apache.org