Debian Package Tracker

From: Emmanuel Bourg <ebourg@apache.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted tika 1.22-1 (source) into unstable
Date: Mon, 05 Aug 2019 10:09:53 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 05 Aug 2019 11:41:25 +0200
Source: tika
Architecture: source
Version: 1.22-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Emmanuel Bourg <ebourg@apache.org>
Closes: 933744 933745 933746
Changes:
 tika (1.22-1) unstable; urgency=medium
 .
   * New upstream release
     - Fixes CVE-2019-10088: A carefully crafted or corrupt zip file can cause
       an out of memory error in RecursiveParserWrapper (Closes: #933744)
     - Fixes CVE-2019-10094: A carefully crafted package/compressed file that,
       when unzipped/uncompressed yields the same file (a quine), causes a stack
       overflow error in RecursiveParserWrapper (Closes: #933746)
     - Fixes CVE-2019-10093: A carefully crafted 2003ml or 2006ml file could
       consume all available SAXParsers in the pool and lead to very long hangs.
       (Closes: #933745)
     - Refreshed the patches
     - Ignore the new dependency on c3p0 (not used)
Checksums-Sha1:
 69ec0990d617453dfe50b66c1fad682e3f11326c 2754 tika_1.22-1.dsc
 88c6cc8d3b91c77a12f7eb421acc94cf65ee4fd4 23333532 tika_1.22.orig.tar.xz
 e29a2e8bbbbfea3fd6b4554404d1ea742bee78b0 7640 tika_1.22-1.debian.tar.xz
 454be34f89e6dfaccb2cc0f5f8d91da6a6c7b355 13207 tika_1.22-1_source.buildinfo
Checksums-Sha256:
 ade5061dae979d66afa77b99e498c29ba6cec0e902f3700f6c87430e52030453 2754 tika_1.22-1.dsc
 0407432e3581a65530fd8bff13f2848894b03b28fd46dc0dd7b16daa60b0f559 23333532 tika_1.22.orig.tar.xz
 b4820f6b2d679f81256d584b96e26487e804b9448b0030808d4a87973d53b41f 7640 tika_1.22-1.debian.tar.xz
 857a247817eb93f5d160a51df9b1aea56ef331633d7230b42312281e167ad6fd 13207 tika_1.22-1_source.buildinfo
Files:
 9a53af116bd589963b241af204cb2db2 2754 java optional tika_1.22-1.dsc
 ac1619d5a5612b5c2f2fb878225354ce 23333532 java optional tika_1.22.orig.tar.xz
 e738ec8a00850fd72c579dfbbf15daee 7640 java optional tika_1.22-1.debian.tar.xz
 0255bed2399db3962e55bcadaab90b20 13207 java optional tika_1.22-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJGBAEBCgAwFiEEuM5N4hCA3PkD4WxA9RPEGeS50KwFAl1H+ssSHGVib3VyZ0Bh
cGFjaGUub3JnAAoJEPUTxBnkudCsE+EQALAtKL/wuLNvZUK82WgK54pVUbdR7Igm
l2t9iv8JSbIWh3tqaOpQfORHzDNpOsy8sDmnaUaKB2pRl/GFLgvyWLoglc/nyLN+
Uq4PriQP2WfynEjyN5cDTe0BPX+YMO20Sd85ki/6cgF31i3KdAeH7wKob4Jc60/p
QRahBbDNVum8KB16+DQTv0Lzrx0tMpCcwRWSMGhPv0BFpOzDF5HdtWg33YG+1ysW
z8ev1eBunIuglxpPfX5muCluBv6V9skrNTTHypD+eumsOSwE2AI+VGNtfGcOioIh
1q0BD8kBK0iG+VSiy91QaH83ADt4cIHfeKnC+svrHA9aZM5cf4X2qtKILuCDuuQv
YXsHm/VX/YgNFkZ1jJER4gmiNkcMMI5ufUAAAIxeuhiovtywLC2QdqplwHB6HpuK
IQt2N/1jVXoPvZWcivuYyx3QW1fVi69ItlXqq1RxwjPFh3MVCiL7xNDFBnQyGdLH
bpw5Cil1PI507FIfEhSoaH6nzcEgVGTbhDHYF6LMeAoFA7vUaRQH5l4YOFTpJNRW
XGkpNSYfYw8ZxpsD6zFma3HuPzPipe04lnUG+LgnmosI7Lh5Tl50fLRquU8LaufY
cgO9R8IJF9qHiDlrU6NchCJ/3ttlIwHdL40M2XmaYZedME44lNiOc89QLSx/e443
CI8LHIJZ+OKn
=VfAq
-----END PGP SIGNATURE-----
News for package tika
