1
Candidate: CVE-2016-5000
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5000
5
https://marc.info/?l=oss-security&m=146921513313216&w=2
7
The XLSX2CSV example in Apache POI before 3.14 allows remote attackers to
8
read arbitrary files via a crafted OpenXML document containing an external
9
entity declaration in conjunction with an entity reference, related to an
10
XML External Entity (XXE) issue.
13
sarnold> Debian says the vulnerable example isn't packaged
16
Discovered-by: Mauro Gentile
19
Patches_libapache-poi-java:
20
upstream_libapache-poi-java: released (3.14)
21
precise_libapache-poi-java: ignored (reached end-of-life)
22
precise/esm_libapache-poi-java: DNE (precise was needs-triage)
23
trusty_libapache-poi-java: needs-triage
24
vivid/stable-phone-overlay_libapache-poi-java: DNE
25
vivid/ubuntu-core_libapache-poi-java: DNE
26
wily_libapache-poi-java: ignored (reached end-of-life)
27
xenial_libapache-poi-java: needs-triage
28
yakkety_libapache-poi-java: ignored (reached end-of-life)
29
zesty_libapache-poi-java: ignored (reached end-of-life)
30
artful_libapache-poi-java: needs-triage
31
bionic_libapache-poi-java: needs-triage
32
devel_libapache-poi-java: needs-triage