Package: libjasperreports-java
Version: 6.3.1-1
Severity: important
Tags: security

The recent update of jasperreports apparently fixed CVE-2017-5528 and
CVE-2017-5529. There are still three CVE which are not addressed yet. The
advisory for CVE-2017-5532 mentions that the solution is to upgrade to
version 6.3.3 or 6.4.2. It is not clear to me whether the Debian
package is actually affected by CVE-2017-5533 or CVE-2017-14941 due to
lack of information.


This is the maintainer address of Debian's Java team
Please use for discussions and questions.

Reply via email to