Register | Log in

tika

Apache Tika - content analysis toolkit

Choose email to subscribe with

general

source: tika (main)
version: 1.22-1
maintainer: Debian Java Maintainers (archive) (DMD)
uploaders: Emmanuel Bourg [DMD]
arch: all
std-ver: 4.4.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.5-1
stable: 1.20-1
testing: 1.22-1
unstable: 1.22-1

versioned links

1.5-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.20-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.22-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libtika-java

action needed

3 security issues in buster high

There are 3 open security issues in buster.

1 important issue:

CVE-2019-10094: A carefully crafted package/compressed file that, when unzipped/uncompressed yields the same file (a quine), causes a StackOverflowError in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Apache Tika users should upgrade to 1.22 or later.

2 issues skipped by the security teams:

CVE-2019-10093: In Apache Tika 1.19 to 1.21, a carefully crafted 2003ml or 2006ml file could consume all available SAXParsers in the pool and lead to very long hangs. Apache Tika users should upgrade to 1.22 or later.
CVE-2019-10088: A carefully crafted or corrupt zip file can cause an OOM in Apache Tika's RecursiveParserWrapper in versions 1.7-1.21. Users should upgrade to 1.22 or later.

Please fix them.

Created: 2019-08-02 Last update: 2019-09-20 19:00

6 security issues in jessie high

There are 6 open security issues in jessie.

1 important issue:

CVE-2019-10093: In Apache Tika 1.19 to 1.21, a carefully crafted 2003ml or 2006ml file could consume all available SAXParsers in the pool and lead to very long hangs. Apache Tika users should upgrade to 1.22 or later.

5 issues skipped by the security teams:

CVE-2018-1339: A carefully crafted (or fuzzed) file can trigger an infinite loop in Apache Tika's ChmParser in versions of Apache Tika before 1.18.
CVE-2018-8017: In Apache Tika 1.2 to 1.18, a carefully crafted file can trigger an infinite loop in the IptcAnpaParser.
CVE-2016-4434: Apache Tika before 1.13 does not properly initialize the XML parser or choose handlers, which might allow remote attackers to conduct XML External Entity (XXE) attacks via vectors involving (1) spreadsheets in OOXML files and (2) XMP metadata in PDF and other file formats, a related issue to CVE-2016-2175.
CVE-2018-11762: In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline (--extract-dir=) and the input file has an embedded file with an absolute path, such as "C:/evil.bat", tika-app would overwrite that file.
CVE-2018-11761: In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack.

Please fix them.

Created: 2016-05-26 Last update: 2019-09-20 19:00

lintian reports 1 error high

Lintian reports 1 error about this package. You should make the package lintian clean getting rid of them.

Created: 2019-08-28 Last update: 2019-08-28 02:41

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.4.1 instead of 4.4.0).

Created: 2019-09-29 Last update: 2019-09-29 23:41

news

[2019-08-10] tika 1.22-1 MIGRATED to testing (Debian testing watch)
[2019-08-05] Accepted tika 1.22-1 (source) into unstable (Emmanuel Bourg)
[2019-07-17] tika 1.21-1 MIGRATED to testing (Debian testing watch)
[2019-07-11] Accepted tika 1.21-1 (source) into unstable (Emmanuel Bourg)
[2019-01-27] tika 1.20-1 MIGRATED to testing (Debian testing watch)
[2019-01-22] Accepted tika 1.20-1 (source) into unstable (Emmanuel Bourg)
[2019-01-19] Accepted tika 1.18-1 (source) into unstable (Emmanuel Bourg)
[2019-01-07] Accepted tika 1.8-1 (source) into unstable (Emmanuel Bourg)
[2017-01-14] tika REMOVED from testing (Debian testing watch)
[2016-12-29] tika 1.5-5 MIGRATED to testing (Debian testing watch)
[2016-10-04] Accepted tika 1.5-5 (source all) into unstable (Emmanuel Bourg)
[2016-07-12] tika REMOVED from testing (Debian testing watch)
[2015-12-12] tika 1.5-4 MIGRATED to testing (Debian testing watch)
[2015-12-06] Accepted tika 1.5-4 (source all) into unstable (Markus Koschany)
[2015-11-27] tika 1.5-3 MIGRATED to testing (Britney)
[2015-11-21] Accepted tika 1.5-3 (source all) into unstable (Markus Koschany)
[2015-05-31] Accepted tika 1.5-2 (source all) into unstable (Emmanuel Bourg)
[2014-09-22] tika 1.5-1 MIGRATED to testing (Britney)
[2014-09-17] Accepted tika 1.5-1 (source all) into unstable, unstable (Emmanuel Bourg) (signed by: tony mancill)

bugs [bug history graph]

all: 0

links

homepage
lintian (1, 0)
buildd: logs, clang, reproducibility
popcon
browse source code
edit tags
security tracker

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing