Package: libjasperreports-java Version: 6.3.1-1 Severity: important Tags: security
The recent update of jasperreports apparently fixed CVE-2017-5528 and CVE-2017-5529. There are still three CVE which are not addressed yet. The advisory for CVE-2017-5532 mentions that the solution is to upgrade to version 6.3.3 or 6.4.2. It is not clear to me whether the Debian package is actually affected by CVE-2017-5533 or CVE-2017-14941 due to lack of information. Markus __ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
