Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted tika 1.5-1+deb8u1 (source all) into oldoldstable
Date: Sat, 28 Mar 2020 08:30:17 +0000
Signed by: Anton Gladky <gladk@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 27 Mar 2020 21:08:21 +0100
Source: tika
Binary: libtika-java
Architecture: source all
Version: 1.5-1+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Anton Gladky <gladk@debian.org>
Description:
 libtika-java - Apache Tika - content analysis toolkit
Closes: 954302 954303
Changes:
 tika (1.5-1+deb8u1) jessie-security; urgency=high
 .
   * Non-maintainer upload by the LTS Security Team.
   * CVE-2020-1950
        carefully crafted or corrupt PSD file can cause excessive memory
        usage in Apache. (Closes: #954303)
   * CVE-2020-1951
        Infinite Loop (DoS) vulnerability in Apache Tika's PSDParser.
        (Closes: #954302)
Checksums-Sha1:
 024f2c5584df8e52e7ae9560b0a6ec047685896f 2301 tika_1.5-1+deb8u1.dsc
 5d3901f2519968a04d3ed117f6cd3cde43ad2c4c 655724 tika_1.5.orig.tar.xz
 e4263aa35f730b9de2e9c81f5f36a7f8a3e05175 11872 tika_1.5-1+deb8u1.debian.tar.xz
 11719b03dca0f8f7f29aabb9794a590ec4e6542e 944970 libtika-java_1.5-1+deb8u1_all.deb
Checksums-Sha256:
 4127fdb47c13a4750c972f5daae7013e9362970cc076cce4989d8f1e3ab50ef6 2301 tika_1.5-1+deb8u1.dsc
 83e6ac41e8494936f83a4b4a2798592802165e78e3599d27fedb1f3f3137eeeb 655724 tika_1.5.orig.tar.xz
 0e699205630ae6d39abfb0169f9fccfc98dfc96403cc3f637bccfbf79aee4ee8 11872 tika_1.5-1+deb8u1.debian.tar.xz
 d5dedca4336eea58edba68b64e9be92ff2d590a2892adfc72eb01b09f2b9e2c5 944970 libtika-java_1.5-1+deb8u1_all.deb
Files:
 e5b2797666ffdb695cb06b2e90bb6d3d 2301 java optional tika_1.5-1+deb8u1.dsc
 1950ffcfca3d75a044357655dfd7ba4e 655724 java optional tika_1.5.orig.tar.xz
 40df88b495b7049707295d14c705ceba 11872 java optional tika_1.5-1+deb8u1.debian.tar.xz
 a869fa33b290028af87db5909b8753bd 944970 java optional libtika-java_1.5-1+deb8u1_all.deb

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAl5/B94RHGdsYWRrQGRl
Ymlhbi5vcmcACgkQ0+Fzg8+n/wYD6BAAke5uvmUf6p4XFM7d9cZIVXUUmGXvhiEc
M1RmdOxCxbkrG8MYS3MkXLY7lhRMLDmKVhQcml9Rt6E4AmXUn2evYSh3d+xfWTLi
OAJp4I6cG/7C57lcILE04mz98VtvWm1YDIiidcC/Ub3z/I1otYl0WiZ0tgHQr3e1
gjIe6BdH9eWR4wcNsoLn6jttZfhaZ+5wBOn6V0yUja2iWAcYOprTY0dWvet3sSFx
m6Bu/4My9ZLGdK38ApLwFRiP/m8rqtdwHGd0Kn0eJfhpAzQSW53OC+7ZUQBMtayP
F77V3BILIdvqvf8cnQWLzPHkIsOgQFuuomg7LS4k8uHi8IRU1L58zR7rzs2QHwvG
F9X/49jQ9U2aaLWRxNnIawYlXt/ru/VL1e6s4DJz9TvtEIDSxujQtF481snInHUN
GIph9NU7+Z6I04lTo+Gu3sK1o+5hMMqqivHzfOkaEzk3EEfMJA+j2ig/Oi2bubLE
KLdIsdwAZyIIO9tDqwqJVOHAsLT1NSgnzyi7xHtsbYhZ/zRtFHJUke4OpYzO6c6j
gKjPkPO4J3vsrkQXPr/ia25p50hfKYJOHb/AvRpKxDjV6hOI447nhR69ckvqmezX
YRTDnxauzqXvrowrTFXoK5Opw2OGUiL9RRe0GLAiD1MZoZ8dr1Lv1243DHI/5vwl
gLAxqQeoudk=
=H0bE
-----END PGP SIGNATURE-----

News for package tika