Hi Emmanuel,
I'd like to determine the status of CVE-2019-10094, CVE-2019-10093 and
CVE-2019-10088 in tika[0] for jessie and buster.
I had a look at the source code: so far CVE-2019-10094 and CVE-2019-10088
don't seem to affect jessie. I have doubts concerning CVE-2019-10093.
Being able to repro
IIUC, ASF policy is not to update the commit message in git. See #16:
https://www.apache.org/security/committers.html
On Tue, Aug 13, 2019 at 1:58 AM Hugo Lefeuvre wrote:
>
> Hi Tim,
>
> > Y. You got CVE-2019-10088:
> > https://github.com/apache/tika/commit/426be73b9e7500fa3d441231fa4e473de34743f
Hi,
On Thu, Aug 08, 2019 at 02:15:52PM +0200, Markus Koschany wrote:
> Am 08.08.19 um 00:50 schrieb Sylvain Beucler:
> > So I reworked CVE-2017-5647, which involved 5 new commits related to
> > non-blocking I/O (NIO2 and COMET).
> > Stable build.
> >
> > Then I got upstream to renew their new cer
