Is POI 3.15-beta1 is safe from CVE-2017-5644 ?

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Is POI 3.15-beta1 is safe from CVE-2017-5644 ?

Yasufumi Mizoguchi
Hi,

Does anyone can tell me if POI 3.15-beta1 is safe from
CVE-2017-5644 (http://www.securityfocus.com/bid/96983) ?


I am using POI 3.15-beta1 bundled with Solr 6.2.2 in production,
and heard about the vulnerability.

Writing a comment about this on a related Apache JIRA issue,
(https://issues.apache.org/jira/browse/SOLR-9552)
I got an advice about the vulnerability. (Thanks Tim :-) )

After above, I googled about the cause of the vulnerability but
in vain.
So, I am in fix now.

Regards,

Yasufumi

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Is POI 3.15-beta1 is safe from CVE-2017-5644 ?

Dominik Stadler
Hi,

We identified https://svn.apache.org/repos/asf/poi/trunk@1734182 as fixing
this vulnerability, it was applied on Mar 9th 2016, which means it was
already included in beta1 and thus you should be save.

Dominik

On Mar 31, 2017 09:27, "Yasufumi Mizoguchi" <[hidden email]> wrote:

> Hi,
>
> Does anyone can tell me if POI 3.15-beta1 is safe from
> CVE-2017-5644 (http://www.securityfocus.com/bid/96983) ?
>
>
> I am using POI 3.15-beta1 bundled with Solr 6.2.2 in production,
> and heard about the vulnerability.
>
> Writing a comment about this on a related Apache JIRA issue,
> (https://issues.apache.org/jira/browse/SOLR-9552)
> I got an advice about the vulnerability. (Thanks Tim :-) )
>
> After above, I googled about the cause of the vulnerability but
> in vain.
> So, I am in fix now.
>
> Regards,
>
> Yasufumi
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [hidden email]
> For additional commands, e-mail: [hidden email]
>
>
Reply | Threaded
Open this post in threaded view
|

Re: Is POI 3.15-beta1 is safe from CVE-2017-5644 ?

Yasufumi Mizoguchi
Hi, Dominik.

Thank you for replying me.
I am so relieved.

Thanks,

Yasufumi


On 2017/04/01 1:52, Dominik Stadler wrote:

> Hi,
>
> We identified https://svn.apache.org/repos/asf/poi/trunk@1734182 as fixing
> this vulnerability, it was applied on Mar 9th 2016, which means it was
> already included in beta1 and thus you should be save.
>
> Dominik
>
> On Mar 31, 2017 09:27, "Yasufumi Mizoguchi" <[hidden email]> wrote:
>
>> Hi,
>>
>> Does anyone can tell me if POI 3.15-beta1 is safe from
>> CVE-2017-5644 (http://www.securityfocus.com/bid/96983) ?
>>
>>
>> I am using POI 3.15-beta1 bundled with Solr 6.2.2 in production,
>> and heard about the vulnerability.
>>
>> Writing a comment about this on a related Apache JIRA issue,
>> (https://issues.apache.org/jira/browse/SOLR-9552)
>> I got an advice about the vulnerability. (Thanks Tim :-) )
>>
>> After above, I googled about the cause of the vulnerability but
>> in vain.
>> So, I am in fix now.
>>
>> Regards,
>>
>> Yasufumi
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: [hidden email]
>> For additional commands, e-mail: [hidden email]
>>
>>


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]