Candidate: CVE-2017-5644
PublicDate: 2017-03-24 14:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5644
 http://www.openwall.com/lists/oss-security/2017/03/20/9
Description:
 Apache POI in versions prior to release 3.15 allows remote attackers to
 cause a denial of service (CPU consumption) via a specially crafted OOXML
 file, aka an XML Entity Expansion (XEE) attack.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858301
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [5.5 MEDIUM]

Patches_libapache-poi-java:
upstream_libapache-poi-java: released (3.17-1)
precise_libapache-poi-java: ignored (reached end-of-life)
precise/esm_libapache-poi-java: DNE (precise was needs-triage)
trusty_libapache-poi-java: ignored (reached end-of-life)
trusty/esm_libapache-poi-java: DNE (trusty was needs-triage)
vivid/stable-phone-overlay_libapache-poi-java: DNE
vivid/ubuntu-core_libapache-poi-java: DNE
xenial_libapache-poi-java: ignored (end of standard support, was needed)
yakkety_libapache-poi-java: ignored (reached end-of-life)
zesty_libapache-poi-java: ignored (reached end-of-life)
artful_libapache-poi-java: ignored (reached end-of-life)
bionic_libapache-poi-java: not-affected (4.0.1-1~18.03)
cosmic_libapache-poi-java: not-affected (4.0.1-1~18.03)
disco_libapache-poi-java: not-affected (4.0.1-1~18.03)
eoan_libapache-poi-java: not-affected (4.0.1-1~18.03)
focal_libapache-poi-java: not-affected (4.0.1-1~18.03)
groovy_libapache-poi-java: not-affected (4.0.1-1~18.03)
hirsute_libapache-poi-java: not-affected (4.0.1-1~18.03)
impish_libapache-poi-java: not-affected (4.0.1-1~18.03)
jammy_libapache-poi-java: not-affected (4.0.1-1~18.03)
devel_libapache-poi-java: not-affected (4.0.1-1~18.03)