Hi, We identified https://svn.apache.org/repos/asf/poi/trunk@1734182 as fixing this vulnerability, it was applied on Mar 9th 2016, which means it was already included in beta1 and thus you should be save.
Dominik On Mar 31, 2017 09:27, "Yasufumi Mizoguchi" <yasufumi0...@gmail.com> wrote: > Hi, > > Does anyone can tell me if POI 3.15-beta1 is safe from > CVE-2017-5644 (http://www.securityfocus.com/bid/96983) ? > > > I am using POI 3.15-beta1 bundled with Solr 6.2.2 in production, > and heard about the vulnerability. > > Writing a comment about this on a related Apache JIRA issue, > (https://issues.apache.org/jira/browse/SOLR-9552) > I got an advice about the vulnerability. (Thanks Tim :-) ) > > After above, I googled about the cause of the vulnerability but > in vain. > So, I am in fix now. > > Regards, > > Yasufumi > > --------------------------------------------------------------------- > To unsubscribe, e-mail: user-unsubscr...@poi.apache.org > For additional commands, e-mail: user-h...@poi.apache.org > >
