-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 27 Mar 2020 21:08:21 +0100 Source: tika Binary: libtika-java Architecture: source all Version: 1.5-1+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Anton Gladky <gladk@debian.org> Description: libtika-java - Apache Tika - content analysis toolkit Closes: 954302 954303 Changes: tika (1.5-1+deb8u1) jessie-security; urgency=high . * Non-maintainer upload by the LTS Security Team. * CVE-2020-1950 carefully crafted or corrupt PSD file can cause excessive memory usage in Apache. (Closes: #954303) * CVE-2020-1951 Infinite Loop (DoS) vulnerability in Apache Tika's PSDParser. (Closes: #954302) Checksums-Sha1: 024f2c5584df8e52e7ae9560b0a6ec047685896f 2301 tika_1.5-1+deb8u1.dsc 5d3901f2519968a04d3ed117f6cd3cde43ad2c4c 655724 tika_1.5.orig.tar.xz e4263aa35f730b9de2e9c81f5f36a7f8a3e05175 11872 tika_1.5-1+deb8u1.debian.tar.xz 11719b03dca0f8f7f29aabb9794a590ec4e6542e 944970 libtika-java_1.5-1+deb8u1_all.deb Checksums-Sha256: 4127fdb47c13a4750c972f5daae7013e9362970cc076cce4989d8f1e3ab50ef6 2301 tika_1.5-1+deb8u1.dsc 83e6ac41e8494936f83a4b4a2798592802165e78e3599d27fedb1f3f3137eeeb 655724 tika_1.5.orig.tar.xz 0e699205630ae6d39abfb0169f9fccfc98dfc96403cc3f637bccfbf79aee4ee8 11872 tika_1.5-1+deb8u1.debian.tar.xz d5dedca4336eea58edba68b64e9be92ff2d590a2892adfc72eb01b09f2b9e2c5 944970 libtika-java_1.5-1+deb8u1_all.deb Files: e5b2797666ffdb695cb06b2e90bb6d3d 2301 java optional tika_1.5-1+deb8u1.dsc 1950ffcfca3d75a044357655dfd7ba4e 655724 java optional tika_1.5.orig.tar.xz 40df88b495b7049707295d14c705ceba 11872 java optional tika_1.5-1+deb8u1.debian.tar.xz a869fa33b290028af87db5909b8753bd 944970 java optional libtika-java_1.5-1+deb8u1_all.deb -----BEGIN PGP SIGNATURE----- iQJFBAEBCgAvFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAl5/B94RHGdsYWRrQGRl Ymlhbi5vcmcACgkQ0+Fzg8+n/wYD6BAAke5uvmUf6p4XFM7d9cZIVXUUmGXvhiEc M1RmdOxCxbkrG8MYS3MkXLY7lhRMLDmKVhQcml9Rt6E4AmXUn2evYSh3d+xfWTLi OAJp4I6cG/7C57lcILE04mz98VtvWm1YDIiidcC/Ub3z/I1otYl0WiZ0tgHQr3e1 gjIe6BdH9eWR4wcNsoLn6jttZfhaZ+5wBOn6V0yUja2iWAcYOprTY0dWvet3sSFx m6Bu/4My9ZLGdK38ApLwFRiP/m8rqtdwHGd0Kn0eJfhpAzQSW53OC+7ZUQBMtayP F77V3BILIdvqvf8cnQWLzPHkIsOgQFuuomg7LS4k8uHi8IRU1L58zR7rzs2QHwvG F9X/49jQ9U2aaLWRxNnIawYlXt/ru/VL1e6s4DJz9TvtEIDSxujQtF481snInHUN GIph9NU7+Z6I04lTo+Gu3sK1o+5hMMqqivHzfOkaEzk3EEfMJA+j2ig/Oi2bubLE KLdIsdwAZyIIO9tDqwqJVOHAsLT1NSgnzyi7xHtsbYhZ/zRtFHJUke4OpYzO6c6j gKjPkPO4J3vsrkQXPr/ia25p50hfKYJOHb/AvRpKxDjV6hOI447nhR69ckvqmezX YRTDnxauzqXvrowrTFXoK5Opw2OGUiL9RRe0GLAiD1MZoZ8dr1Lv1243DHI/5vwl gLAxqQeoudk= =H0bE -----END PGP SIGNATURE-----