2 ignored security issues in stretch

package:
libpdfbox-java
severity:
low
created:
2018-06-30
last updated:
2019-04-20

There are 2 open security issues in stretch.
2 issues skipped by the security teams:
  • CVE-2018-11797: In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree.
  • CVE-2018-8036: In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to an out of memory exception in Apache PDFBox's AFMParser.
Please fix them.