Bug#780897: batik: CVE-2015-0250
Hi Tony, On Sat, Mar 21, 2015 at 04:31:38PM -0700, tony mancill wrote: On 03/21/2015 12:07 AM, Salvatore Bonaccorso wrote: Source: batik Version: 1.7-1 Severity: important Tags: security upstream Hi, the following vulnerability was published for batik. CVE-2015-0250[0]: information disclosure If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-0250 [1] http://seclists.org/oss-sec/2015/q1/864 Regards, Salvatore Hello Salvatore, Thank you for the bug report and the detailed information in security-tracker.d.o. I was able to reproduce the information disclosure and test that the version just uploaded to unstable no longer exhibits the disclosure. Thanks for the fixes! batik has now already be unblocked by Niels Thykier AFAICS. Regards, Salvatore __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
Bug#780897: batik: CVE-2015-0250
Source: batik Version: 1.7-1 Severity: important Tags: security upstream Hi, the following vulnerability was published for batik. CVE-2015-0250[0]: information disclosure If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-0250 [1] http://seclists.org/oss-sec/2015/q1/864 Regards, Salvatore __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.
Bug#780897: batik: CVE-2015-0250
On 03/21/2015 12:07 AM, Salvatore Bonaccorso wrote: Source: batik Version: 1.7-1 Severity: important Tags: security upstream Hi, the following vulnerability was published for batik. CVE-2015-0250[0]: information disclosure If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-0250 [1] http://seclists.org/oss-sec/2015/q1/864 Regards, Salvatore Hello Salvatore, Thank you for the bug report and the detailed information in security-tracker.d.o. I was able to reproduce the information disclosure and test that the version just uploaded to unstable no longer exhibits the disclosure. Version 1.7+dfsg-5 addresses this bug for sid and should also be appropriate for jessie. I'll look at wheezy and squeeze next. Thank you, tony signature.asc Description: OpenPGP digital signature __ This is the maintainer address of Debian's Java team http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers. Please use debian-j...@lists.debian.org for discussions and questions.