On 03/21/2015 12:07 AM, Salvatore Bonaccorso wrote: > Source: batik > Version: 1.7-1 > Severity: important > Tags: security upstream > > Hi, > > the following vulnerability was published for batik. > > CVE-2015-0250[0]: > information disclosure > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2015-0250 > [1] http://seclists.org/oss-sec/2015/q1/864 > > Regards, > Salvatore
Hello Salvatore, Thank you for the bug report and the detailed information in security-tracker.d.o. I was able to reproduce the information disclosure and test that the version just uploaded to unstable no longer exhibits the disclosure. Version 1.7+dfsg-5 addresses this bug for sid and should also be appropriate for jessie. I'll look at wheezy and squeeze next. Thank you, tony
signature.asc
Description: OpenPGP digital signature
__ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use [email protected] for discussions and questions.
