Your message dated Sat, 21 Mar 2015 23:33:53 +0000
with message-id <e1yzstt-0005no...@franck.debian.org>
and subject line Bug#780897: fixed in batik 1.7+dfsg-5
has caused the Debian Bug report #780897,
regarding batik: CVE-2015-0250
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
780897: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780897
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: batik
Version: 1.7-1
Severity: important
Tags: security upstream

Hi,

the following vulnerability was published for batik.

CVE-2015-0250[0]:
information disclosure

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2015-0250
[1] http://seclists.org/oss-sec/2015/q1/864

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: batik
Source-Version: 1.7+dfsg-5

We believe that the bug you reported is fixed in the latest version of
batik, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 780...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
tony mancill <tmanc...@debian.org> (supplier of updated batik package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 21 Mar 2015 15:24:17 -0700
Source: batik
Binary: libbatik-java
Architecture: source all
Version: 1.7+dfsg-5
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers 
<pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: tony mancill <tmanc...@debian.org>
Description:
 libbatik-java - xml.apache.org SVG Library
Closes: 771539 780897
Changes:
 batik (1.7+dfsg-5) unstable; urgency=medium
 .
   [ tony mancill ]
   * Team upload.
   * Update homepage URL to https://xmlgraphics.apache.org/batik/ in
     debian/control and debian/copyright. (Closes: #771539)
   * Add debian/patches/cve_2015_0250.patch to disable external XML entity
     resolution (information disclosure).  This addresses CVE-2015-0250.
     (Closes: #780897)
 .
   [ Emmanuel Bourg ]
   * Replaced the Build-Id in the manifests with a constant value
     to make the build reproducible.
Checksums-Sha1:
 705e68ba6f4c03e37a8259151c86c553463cbe84 2213 batik_1.7+dfsg-5.dsc
 bc9d69b97e2587e2a33435f9b88566e4d0bedd3b 12580 batik_1.7+dfsg-5.debian.tar.xz
 d7a66b06cc122f90cf634be692bc6aa456065472 2861372 
libbatik-java_1.7+dfsg-5_all.deb
Checksums-Sha256:
 e733554f0a4106b7266b677dfb2982c9260e0448fb7d710698f05a2064f46352 2213 
batik_1.7+dfsg-5.dsc
 8c5ab35e8edca96f119e7550e8839490dc526bbcec732740bac32c43762ea15d 12580 
batik_1.7+dfsg-5.debian.tar.xz
 086e18bd07ba13cf4bd9af87b82d0347970f5a91625a01b0a77f1e23d156e0d2 2861372 
libbatik-java_1.7+dfsg-5_all.deb
Files:
 3e58c10ce9d1a027cdfcf3e2af64d64c 2213 java optional batik_1.7+dfsg-5.dsc
 1d66de13c1bc0f4eda258e2eae70d51d 12580 java optional 
batik_1.7+dfsg-5.debian.tar.xz
 a6354d8253db3df6edbf6cd7100a56e5 2861372 java optional 
libbatik-java_1.7+dfsg-5_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJVDf4LAAoJECHSBYmXSz6Ws0cP+wV0YEeFTd8F6Q3GuYNWU0JD
Rf+pJucLrvRy4aSNci2f+B9aGJJyoNtYyspf5N4MtvPM4JVU/Pij5qEychShZf8r
ajSu85PAFCnvc65HLXsCAT4SkUXdWl/M6YYe8/jg5DAfZf0Tl+tqXR2imjiAnGJz
cgcF3AxilOAk4ywSFyPATBF71btwAKHoy29sSlk6T1V7aSCZhBp0TMMWdLDDCabH
ENrFdL+ATQMKRviaxhyi4dsssGL8S9vrU5I4nkqUF8f/VA0X215V8l8U9Nv+pRnv
UTgOWyB6thVNgLuFc53SP9UuOo9vF+gOXHqr4l0jPt10Jk6g+pDQPBmMiRa1SrPO
xo9nvOmuyyaNDHeg43bWKlLnXUotb+TTqxQVNL9xrUMe0BO7Zpb+t5GozctRqgW4
qPReweJ/Q+Gs8C+YbKOUH3LND7os6a4hSiO23OkGgSh1Tpvi7XoP0/qUgpFV4rhX
8HiiQv4Xdz2o/GG30NYbsG9WpwBszf0Uz8Fa9t+vY46s7WzzDHLpit0tzHt+nfzm
tSyoNuXqyBvGDYx/JhZFzKQ2ZsHAUXuDXBc1uP90mEreXCkd5MCZcrh497UqtFPO
GbJE2fiG45dBz05Zd1uqntQJH/uCbgbaAWHkOBUZ5ALJDwbsEZcLiG/tz6h8P5u5
FYVWtOUZxVWYD+s4Z7YB
=kO10
-----END PGP SIGNATURE-----

--- End Message ---
__
This is the maintainer address of Debian's Java team
<http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Reply via email to