Your message dated Sat, 11 Jul 2020 10:32:21 +0000
with message-id <[email protected]>
and subject line Bug#964510: fixed in batik 1.8-4+deb9u2
has caused the Debian Bug report #964510,
regarding batik: CVE-2019-17566
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
964510: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964510
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: batik
X-Debbugs-CC: [email protected]
Severity: important
Version: 1.8-4
Tags: security
Hi,
The following vulnerability was published for batik.
CVE-2019-17566[0]: SSRF vulnerability
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
Note that this is fixed upstream in 1.13, and the fix is easy to backport. You
may want to consider fixing this for buster and stretch via the upcoming point
release.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-17566
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17566
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: batik
Source-Version: 1.8-4+deb9u2
Done: Emilio Pozuelo Monfort <[email protected]>
We believe that the bug you reported is fixed in the latest version of
batik, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Emilio Pozuelo Monfort <[email protected]> (supplier of updated batik package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 10 Jul 2020 19:30:17 +0200
Source: batik
Architecture: source
Version: 1.8-4+deb9u2
Distribution: stretch
Urgency: medium
Maintainer: Debian Java Maintainers
<[email protected]>
Changed-By: Emilio Pozuelo Monfort <[email protected]>
Closes: 964510
Changes:
batik (1.8-4+deb9u2) stretch; urgency=medium
.
* Non-maintainer upload.
* CVE-2019-17566: Server-side request forgery via xlink:href attributes.
(Closes: #964510)
Checksums-Sha1:
264e4c9da18747c4f40a43e1d4f44210157d6a64 2222 batik_1.8-4+deb9u2.dsc
4846f1632c81b4747ed75aa57bc9cc39938d431e 15532 batik_1.8-4+deb9u2.debian.tar.xz
78e2a2e39a7ff2a687c59f05097b11fbd3aba6d2 5251
batik_1.8-4+deb9u2_source.buildinfo
Checksums-Sha256:
ba4209606e2ab69acf87dd48bf9c3c00918e70bfc2c8bcf5f8b41ac0116a7c4f 2222
batik_1.8-4+deb9u2.dsc
ce10e93a6f73aa8555f23f025ee284e4d7f9ce7004ac74a123d2ad33f648a642 15532
batik_1.8-4+deb9u2.debian.tar.xz
8134d22f91c03151b11c2b7f2f5e2fbf07e671e3525d4230ca2a0e078a1dee7a 5251
batik_1.8-4+deb9u2_source.buildinfo
Files:
95f1d2934da03c704be7f8456d5b663c 2222 java optional batik_1.8-4+deb9u2.dsc
b1be62692e72f5d6cbc12182222e0753 15532 java optional
batik_1.8-4+deb9u2.debian.tar.xz
7fe2dde7ca2576788c6549b73a6eeec1 5251 java optional
batik_1.8-4+deb9u2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl8IpdsACgkQnUbEiOQ2
gwLZLhAAro4sntCr+ew0T0pqc9XbJGGfMXSR0VYTmjAUGyQ9J6jLDUu9/tvPeZ9u
0JDuUR26pOIPkM1BIodveDVvVoQ0T9Ytdrr03t5MbVFQyPxAz5BX3TPIec0Jvis6
wZGMr2R17y6qu0bn7J4I9OrUlONjUCWGJEsCk+0q+wG+ViBCpsdAk3QDCBrZBIrz
LzLKOB+N9hlz0FoiL4TcCQjB+51BNb6xph3kQYXjjfPE+7At6LbLiGY/99+1ZtzP
GLSVanx85x43tBdc/5khgxRnByjmWsYiRCDm2dODOX/E6mOAaJfE9T4ytGco6wqv
fBsJCrwZQ3O4JZz2bTAaJL9kex/l6kftCnuvIJKWBm3LDiblnEDvAn2bF9fvFVz6
/Q+LMqwtIS/36H5xJFXuRRNHOAQstsVkMd2/cjS73b/L9Ta8s+gX8rQt/VH/pqfC
1eQXH8u+z069KwNVKShQ4CL3Ai5DOhjm9h5IttYPxfUq4Wnpg9Rp2htOwq2R44Az
QD9mxEEled/A8MpC4OZNzz6/jy9Sv/ndFvxjRep7pmVAzR1UxzRiomRt24Kwwr4W
EJsywp2Es6kuElGn8Otkpz73LvuVYyngHri8NfrJK5HmaTwn1OhSz+25Iwhmr1/A
AsYiM8zreQ6AQdmtffKOe1rr21/PZwKuahWKnStHIR/uoU5SCls=
=VqHD
-----END PGP SIGNATURE-----
--- End Message ---
__
This is the maintainer address of Debian's Java team
<https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
Please use
[email protected] for discussions and questions.
