Your message dated Sun, 29 Mar 2015 15:47:05 +0000 with message-id <e1ycfqx-0002mn...@franck.debian.org> and subject line Bug#780897: fixed in batik 1.7+dfsg-3+deb7u1 has caused the Debian Bug report #780897, regarding batik: CVE-2015-0250 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 780897: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780897 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: batik Version: 1.7-1 Severity: important Tags: security upstream Hi, the following vulnerability was published for batik. CVE-2015-0250[0]: information disclosure If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-0250 [1] http://seclists.org/oss-sec/2015/q1/864 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: batik Source-Version: 1.7+dfsg-3+deb7u1 We believe that the bug you reported is fixed in the latest version of batik, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 780...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. tony mancill <tmanc...@debian.org> (supplier of updated batik package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 24 Mar 2015 05:17:00 +0000 Source: batik Binary: libbatik-java Architecture: source all Version: 1.7+dfsg-3+deb7u1 Distribution: wheezy-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: tony mancill <tmanc...@debian.org> Description: libbatik-java - xml.apache.org SVG Library Closes: 780897 Changes: batik (1.7+dfsg-3+deb7u1) wheezy-security; urgency=high . * Team upload. * Add debian/patches/cve_2015_0250.patch to disable external XML entity resolution (information disclosure). This addresses CVE-2015-0250. (Closes: #780897) Checksums-Sha1: 0859c65dc3e5e61ded733b353916dba8963c35a9 2264 batik_1.7+dfsg-3+deb7u1.dsc b9e8d2bdedcb1ddf553c9b99115165264cf8b4b8 4290288 batik_1.7+dfsg.orig.tar.xz 9603ec612a42fb5e01017f69c29d9e03d15a6046 12858 batik_1.7+dfsg-3+deb7u1.debian.tar.gz ccce71c3b8cf9f9c8619c7df068397864915b162 8699530 libbatik-java_1.7+dfsg-3+deb7u1_all.deb Checksums-Sha256: 56ebcb1209ddb4b2f90dab2ca67c858fd3227272077213e9147ac844fdb2fcfb 2264 batik_1.7+dfsg-3+deb7u1.dsc 2003bc124a01cedb1ebebda32c1412a0a8292573348d751f8b06fa24dcf03124 4290288 batik_1.7+dfsg.orig.tar.xz 9c0de3e256d8cfb590d71abc502e997e090d0ce0083621ba68fa0db24495729e 12858 batik_1.7+dfsg-3+deb7u1.debian.tar.gz 7131041547b048bfed0182a8244805783b744eb8dd50ec452b7674ba355961b1 8699530 libbatik-java_1.7+dfsg-3+deb7u1_all.deb Files: 2fc3db85b876f69f4875a8bc9b505c7e 2264 java optional batik_1.7+dfsg-3+deb7u1.dsc dfd317fa0c7bc9782273c05d3045b90c 4290288 java optional batik_1.7+dfsg.orig.tar.xz 0cb637c19e4d4d1c4bc438f9ea7de7fe 12858 java optional batik_1.7+dfsg-3+deb7u1.debian.tar.gz 1ba8477bfcf677a0d5be7564e002daa8 8699530 java optional libbatik-java_1.7+dfsg-3+deb7u1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJVFOJKAAoJECHSBYmXSz6WkFYP+waR/2wu3Aapb6AMtvRw0dpG Rvx55NkEb7148EphpunS68sYU1A3e2doemx0NY5JrxNkcVOKVSY/nDmyd6Q/pwwB NX1PpsMvcrMvnJwGnB/3eRGIbP4wQLAsphxP8hFVSwLhCLeoINBE0qh20jis0IrL +fJN0ZW1qdCJNYlzV94dWBpdULXdgbzDaFbKrafl4oGZt2gBaiCOMX4kQVd7dAQ2 QE5yj+CG31Q5pc+Lid3BO+rZ6xWSGRGslbT3DiSmHf/H7QJUlFMFNV8qsuo2HAjP QqZTOcL0fxq0MDg73rDNB/a0z9tr5ZqUnYCBZoD3ZrBjQpQKLuILvImW6jGXKMuy 6/SkXqihKTqEdXqK3nbutfP8aNK+IR2fwX/vcYBneoFhUHzRgZNEY0dYHNYaD25y g5Jy3n50gfIO9iSAwht4OyxgK8Wa8kzo7UA6F3bj37aJMh0X8Z0j9hasFmSlxllz 4fcqept42TgeuSVCQByT6iXNwbzf8CL0LAvswPmdBSdDECpKFTy8LqjQ5Mn+ljYB S0oZdrV5Mss+pwz5o2ZtQtk/7k4WrxD1hQNnSkQd714ph0OWM0h63+zfi53GCTh7 kdb9qZijLAZCMJSppeXEoccbVRsSrrq+fJKl9KzRNGu1VlafAJb+OuMZgs9HSB1Q 7WAHy0sdCIUrctpllvL6 =gTBS -----END PGP SIGNATURE-----
--- End Message ---
__ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
