Hi, As previously mentioned, I have worked on an update for the Batik package. I have basically assumed the issue is the upstream BATIK-1139 issue, and used the patches refered to there:
https://issues.apache.org/jira/browse/BATIK-1139 That may be incorrect and because we don't have a reproducer associated with the CVE, there's no direct way for me to test this. Since Batik seems to be a rather complex piece of software, I haven't attempted to reproduce the issue documented there. I have, however, uploaded a patched version of the Debian package for wheezy users to test, in my usual location: https://people.debian.org/~anarcat/debian/wheezy-lts/ Thank you for your attention, A. -- The illusion of freedom will continue as long as it's profitable to continue the illusion. At the point where the illusion becomes too expensive to maintain, they will just take down the scenery, they will pull back the curtains, they will move the tables and chairs out of the way and you will see the brick wall at the back of the theater. - Frank Zappa