After much digging, I believe I have found the relevant issue and
commits to fix the CVE-2017-5661 issue in fop. I have backported the
patch to our 1.0 release in LTS and it seems to compile fine. However, I
haven't performed any tests because I lack experience with that peculiar
Therefore, here is the fop package ready for testing, as usual:
Thanks for any feedback!
Je viens d'un pays où engagé veut dire que tu t'es trouvé une job.
- Patrice Desbiens
This is the maintainer address of Debian's Java team
debian-j...@lists.debian.org for discussions and questions.