You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@poi.apache.org by Yasufumi Mizoguchi <ya...@gmail.com> on 2017/03/31 07:27:25 UTC
Is POI 3.15-beta1 is safe from CVE-2017-5644 ?
Hi,
Does anyone can tell me if POI 3.15-beta1 is safe from
CVE-2017-5644 (http://www.securityfocus.com/bid/96983) ?
I am using POI 3.15-beta1 bundled with Solr 6.2.2 in production,
and heard about the vulnerability.
Writing a comment about this on a related Apache JIRA issue,
(https://issues.apache.org/jira/browse/SOLR-9552)
I got an advice about the vulnerability. (Thanks Tim :-) )
After above, I googled about the cause of the vulnerability but
in vain.
So, I am in fix now.
Regards,
Yasufumi
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@poi.apache.org
For additional commands, e-mail: user-help@poi.apache.org
Re: Is POI 3.15-beta1 is safe from CVE-2017-5644 ?
Posted by Yasufumi Mizoguchi <ya...@gmail.com>.
Hi, Dominik.
Thank you for replying me.
I am so relieved.
Thanks,
Yasufumi
On 2017/04/01 1:52, Dominik Stadler wrote:
> Hi,
>
> We identified https://svn.apache.org/repos/asf/poi/trunk@1734182 as fixing
> this vulnerability, it was applied on Mar 9th 2016, which means it was
> already included in beta1 and thus you should be save.
>
> Dominik
>
> On Mar 31, 2017 09:27, "Yasufumi Mizoguchi" <ya...@gmail.com> wrote:
>
>> Hi,
>>
>> Does anyone can tell me if POI 3.15-beta1 is safe from
>> CVE-2017-5644 (http://www.securityfocus.com/bid/96983) ?
>>
>>
>> I am using POI 3.15-beta1 bundled with Solr 6.2.2 in production,
>> and heard about the vulnerability.
>>
>> Writing a comment about this on a related Apache JIRA issue,
>> (https://issues.apache.org/jira/browse/SOLR-9552)
>> I got an advice about the vulnerability. (Thanks Tim :-) )
>>
>> After above, I googled about the cause of the vulnerability but
>> in vain.
>> So, I am in fix now.
>>
>> Regards,
>>
>> Yasufumi
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: user-unsubscribe@poi.apache.org
>> For additional commands, e-mail: user-help@poi.apache.org
>>
>>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@poi.apache.org
For additional commands, e-mail: user-help@poi.apache.org
Re: Is POI 3.15-beta1 is safe from CVE-2017-5644 ?
Posted by Dominik Stadler <do...@gmx.at>.
Hi,
We identified https://svn.apache.org/repos/asf/poi/trunk@1734182 as fixing
this vulnerability, it was applied on Mar 9th 2016, which means it was
already included in beta1 and thus you should be save.
Dominik
On Mar 31, 2017 09:27, "Yasufumi Mizoguchi" <ya...@gmail.com> wrote:
> Hi,
>
> Does anyone can tell me if POI 3.15-beta1 is safe from
> CVE-2017-5644 (http://www.securityfocus.com/bid/96983) ?
>
>
> I am using POI 3.15-beta1 bundled with Solr 6.2.2 in production,
> and heard about the vulnerability.
>
> Writing a comment about this on a related Apache JIRA issue,
> (https://issues.apache.org/jira/browse/SOLR-9552)
> I got an advice about the vulnerability. (Thanks Tim :-) )
>
> After above, I googled about the cause of the vulnerability but
> in vain.
> So, I am in fix now.
>
> Regards,
>
> Yasufumi
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@poi.apache.org
> For additional commands, e-mail: user-help@poi.apache.org
>
>