Your message dated Fri, 27 Mar 2015 19:03:30 +0000
with message-id <[email protected]>
and subject line Bug#780897: fixed in batik 1.7-6+deb6u1
has caused the Debian Bug report #780897,
regarding batik: CVE-2015-0250
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
780897: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780897
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: batik
Version: 1.7-1
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for batik.
CVE-2015-0250[0]:
information disclosure
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-0250
[1] http://seclists.org/oss-sec/2015/q1/864
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: batik
Source-Version: 1.7-6+deb6u1
We believe that the bug you reported is fixed in the latest version of
batik, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thorsten Alteholz <[email protected]> (supplier of updated batik package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 27 Mar 2015 19:30:00 +0100
Source: batik
Binary: libbatik-java
Architecture: source all
Version: 1.7-6+deb6u1
Distribution: squeeze-lts
Urgency: high
Maintainer: Debian Java Maintainers
<[email protected]>
Changed-By: Thorsten Alteholz <[email protected]>
Description:
libbatik-java - xml.apache.org SVG Library
Closes: 780897
Changes:
batik (1.7-6+deb6u1) squeeze-lts; urgency=high
.
* Non-maintainer upload by the Squeeze LTS Team.
* Add debian/patches/cve_2015_0250.patch to disable external XML entity
resolution (information disclosure). This addresses CVE-2015-0250.
(Closes: #780897)
Checksums-Sha1:
6b494629c426f9d896a5e5bb7ee0f56d8da7ab5d 2330 batik_1.7-6+deb6u1.dsc
6fbd1c593484bf5a7f8d9e2aadb5871c635b4753 12434325 batik_1.7.orig.tar.gz
927d832999b451cb34a66702df8c98d18b9d0908 11763 batik_1.7-6+deb6u1.debian.tar.gz
bd2a4fb27d293ceec79665fed7841b7dbffac5ed 9535078
libbatik-java_1.7-6+deb6u1_all.deb
Checksums-Sha256:
745fe5c5545f0bc0f66c50e0b2078ed3f06797ae41ad82438490a90245ab4d06 2330
batik_1.7-6+deb6u1.dsc
ad4b3cc786f067eff03a9e30f7f9d43ddca749b36be267ee4eb437a02f3a0bc0 12434325
batik_1.7.orig.tar.gz
5c2f17e848628ef2cec832f4dfab947c5e6c3f3fc6bf34896eb4a5c5c84ac525 11763
batik_1.7-6+deb6u1.debian.tar.gz
1850590fa14b47b24acb7ec6e48bcb83d12c9da6847064930566f85bfd9a4cc2 9535078
libbatik-java_1.7-6+deb6u1_all.deb
Files:
41c02d12261cb358793d08ff9d6f5433 2330 java optional batik_1.7-6+deb6u1.dsc
e102c0d999e9136b88ce1e6e56e3a6ac 12434325 java optional batik_1.7.orig.tar.gz
803b2d905e85d3c69e137ee2bbefcd7f 11763 java optional
batik_1.7-6+deb6u1.debian.tar.gz
1afd9f596ff45e089d660c14f8cf48d0 9535078 java optional
libbatik-java_1.7-6+deb6u1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQJ8BAEBCgBmBQJVFacNXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHMgYQAJyiXpqpvb1X8k126RtL8tui
lFw+spLncH/UtIr5Jc7+6bCr4hqYcp46dypKXAhuclLCrJPdjPZJm9lVUts8FXQI
u9LTmHo1u9nLMBYF/DneMzvQ4WjCXsems2griB+IeGtujl6/3/g4FUs3MgeYtyMA
LY2Qtw3KWX2IH/rH4qrb+oQdyk/vmPG0EwdfM8pals4dkNW4QUxlWCiyhZRu7kuo
d1aXIz0zIn6lxwZJhacSZTW6zU1dMJWUmABXqMfOPeKxiIIA6eR4jT0vRLzHXew0
hbN4/74g2Y4UOn5cqAKRABzJwy7h8akpV3MBpYIjGmhjOJsO+YHAXPmoMWV5Z+B7
VwiEX+yWZBnRRJEe7S1xqXrM5wtPh2q/Vibnkq36DrbtE6x34yRBU+ZI8DCgTBzj
mSXLrbntXrxAr9GGDYTmNpfRiMeWFpgduWXys7mSSIsCn6Bva/U+1idDk1aS5Ycm
oKvY/bFMW1RAbB0ew4iERNQiqnhuQrrGTagiGuVWcw2o5JcjZU5XSYX0aEQylFVK
P4f/DE9YE59UoUJOqAjVHQ1WGqCFVPOEjdi2PKl/L7bKCulubGlhdSkPxiwPdLVj
JQWKXAVTlxkLwgvKQI6CAMvNEyGNoDgT66+MU6NN4UAmbNCZBxwSYfHvLzsRbAgX
5FZc2EV3hz5/e0rRX1Q8
=m5dl
-----END PGP SIGNATURE-----
--- End Message ---
__
This is the maintainer address of Debian's Java team
<http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>.
Please use
[email protected] for discussions and questions.
