Your message dated Sun, 03 Jun 2018 11:32:35 +0000 with message-id <e1fprft-000bwh...@fasolo.debian.org> and subject line Bug#899374: fixed in batik 1.7+dfsg-5+deb8u1 has caused the Debian Bug report #899374, regarding batik: CVE-2018-8013 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 899374: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=899374 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: batik Version: 1.5beta2-1 Severity: important Tags: security upstream fixed-upstream Hi, The following vulnerability was published for batik. CVE-2018-8013[0]: Apache Batik information disclosure vulnerability Unfortunately the report does not share details, but it was posted at [1], refering as affected versions 1.0 up to 1.9.1 and fixed in 1.10. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-8013 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8013 [1] http://www.openwall.com/lists/oss-security/2018/05/23/1 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: batik Source-Version: 1.7+dfsg-5+deb8u1 We believe that the bug you reported is fixed in the latest version of batik, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 899...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Markus Koschany <a...@debian.org> (supplier of updated batik package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 30 May 2018 18:25:57 +0200 Source: batik Binary: libbatik-java Architecture: source all Version: 1.7+dfsg-5+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintain...@lists.alioth.debian.org> Changed-By: Markus Koschany <a...@debian.org> Description: libbatik-java - xml.apache.org SVG Library Closes: 860566 899374 Changes: batik (1.7+dfsg-5+deb8u1) jessie-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2017-5662: XXE information disclosure. (Closes: #860566) * Fix CVE-2018-8013: information disclosure when deserializing a subclass of AbstractDocument. (Closes: #899374) Checksums-Sha1: 8fb1c80d46209741775983914a49fcfd1e1f4d96 2406 batik_1.7+dfsg-5+deb8u1.dsc b9e8d2bdedcb1ddf553c9b99115165264cf8b4b8 4290288 batik_1.7+dfsg.orig.tar.xz 6f8bf33eca55ba17861790d33e155763e1137d49 13216 batik_1.7+dfsg-5+deb8u1.debian.tar.xz e8fb3db286e99a4957bdfeb60e7491e541c1cc64 2857362 libbatik-java_1.7+dfsg-5+deb8u1_all.deb Checksums-Sha256: 92b5a0e69774ce59e172146c08cbc6ace4b3c1e9071ad2fa782a464b61c0f8f1 2406 batik_1.7+dfsg-5+deb8u1.dsc 2003bc124a01cedb1ebebda32c1412a0a8292573348d751f8b06fa24dcf03124 4290288 batik_1.7+dfsg.orig.tar.xz 999690e66fca860ad148dd0e9644f34af2b2240d3002c70952277a2211e4a16e 13216 batik_1.7+dfsg-5+deb8u1.debian.tar.xz d9ea60d22acdafacd739ed2e4b1837c43a4f3eb147e752c6105b2f0542d4342c 2857362 libbatik-java_1.7+dfsg-5+deb8u1_all.deb Files: 0322ac72f75c8e4d2ad4df0d74ed01dc 2406 java optional batik_1.7+dfsg-5+deb8u1.dsc dfd317fa0c7bc9782273c05d3045b90c 4290288 java optional batik_1.7+dfsg.orig.tar.xz 14cfa5f522198f00cd8605712a7a4a08 13216 java optional batik_1.7+dfsg-5+deb8u1.debian.tar.xz 8234cf3833fab70f808053d597d1ff22 2857362 java optional libbatik-java_1.7+dfsg-5+deb8u1_all.deb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlsP4yBfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkQDsP/RT7ffy4r/qal+5PZ2daeRLsxsj/aAt2llX7 7tC05540Zxn0MgVp8AwGW8nfK/UYF+aE/kYOylxCwyXvDiEa6OC0hUOJKZUt9hWq 2SKa69SSKbRvZF4wMbqUt4ZYCbRmgbxdxQSSvtTn+U3wKAk9GFkTcu/vCc6QzpMo PB1XmHNbVkoc2ZwhlIxj21uzeEr5J8ofKaIuhcos6IgR0xaEfUjvN3s1LQky1zYZ P3vk7I3z+YVnQoVXsvUn8J0H2xli9aMIUFZTHSSFdTnaoHB/fbmMJTsgFKEFrCWP GnXyPKrw75IRzwFaiRtDGPKC7L+oHNgmbXRnagnM2MNigHqXSknD+BM34uVtwV3b /I3cKn3pEuabUg9P1nAW+V5aISQzQq2U6tlaTy1vTi5zr8yAxY/2R3itS/bjdUol ka4zWpgflOl5WnT7Yd3RP+NpqxXrhNWKRExRe0BFkV4BTY+Ahi6EFRupjwKXa5Zg ZjKjadRHQMhYnud4IU7mqrHFI1q1M2RPpleVh+IwZfW03P1rGFNy7HGn2m70VkVr hRa9cmldXad0ZKrpoQ7+PhLt7RzEA9sLhvUXi8WXU0OKe1dylvByro3bZWN6dTus eV3Vv85lky1ofnwDDVcj/waMR9SqfkxyYvph2CsQu44oJLjElyM4i6a82SPhAfc7 lNGj4w5M =jb4l -----END PGP SIGNATURE-----
--- End Message ---
__ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
