Accepted batik 1.10-2+deb10u2 (source) into oldstable
- To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
- Subject: Accepted batik 1.10-2+deb10u2 (source) into oldstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Sat, 29 Oct 2022 14:30:22 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: batik_1.10-2+deb10u2_source.changes
- Debian-source: batik
- Debian-suite: oldstable
- Debian-version: 1.10-2+deb10u2
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.seger; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=kb9jCOxfQsLr9CmXHMAjzbigdsfCwkcvkvS9rknN3z4=; b=c2/oa5JLUsgX/sbFoX6HTiLDjZ QCUqsCEkSdh3T4MPtEhlU6JTaPo0DRCJQj/B02rcySaSixQh57E3i0znpbkvXUvzruzGOaKKV0arW Id6kIQvHwFDo9vyJlIm89UFCpkZf80WtV0CYkh8kvMWXp2azVii8fYEzBzsnosFlCZWdcUIVHW7G/ 8nCBlvAxGDkw5RgOQcBgBNLZihbVB6XJ3O9KgLToC96jh7T7Ei07iDBJzXVNeS5HQf0f08MIoGnjV N2tvm2IPdWeq7c6dBw1WexazI7TxsqxFP0AN+QtyYL5+2J1ESxnvhkqn7fU+N8qYjGn83n3e+9Hz7 TdidvsmA==;
- Mail-followup-to: debian-lts@lists.debian.org
- Message-id: <E1oomqs-00GVF3-JN@seger.debian.org>
- Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 29 Oct 2022 16:15:28 CEST
Source: batik
Architecture: source
Version: 1.10-2+deb10u2
Distribution: buster-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Checksums-Sha1:
f0915cce4bc1e4cb250937561a0f1cf665be1ae1 2332 batik_1.10-2+deb10u2.dsc
7fe65c7594207a52cbda62f91dd9c6ce3345983b 5549417 batik_1.10.orig.tar.gz
369a0c46243f095788d462e40aef12be0d87808f 33628 batik_1.10-2+deb10u2.debian.tar.xz
dbfa3a9dc31ef70d741628ba85a674d878f970c7 15493 batik_1.10-2+deb10u2_amd64.buildinfo
Checksums-Sha256:
049548cc7a4efd70e7f1e648443a2f1a0cf1acdb01fd5397258c86f3b2c90ea4 2332 batik_1.10-2+deb10u2.dsc
800af9f9eede082fed10fe76de87d31653c634afa32e85f1091c73bede6d14be 5549417 batik_1.10.orig.tar.gz
69f5b872f2d5ff5101744f83e8568c31b6296cf3a974cd624da358a58a6ba375 33628 batik_1.10-2+deb10u2.debian.tar.xz
85ba1e1a34faf2ae5895cdd848c13f60d353a61a6db9a2570163761136c2154f 15493 batik_1.10-2+deb10u2_amd64.buildinfo
Changes:
batik (1.10-2+deb10u2) buster-security; urgency=high
.
* Team upload.
* Fix CVE-2022-41704 and CVE-2022-42890:
It was discovered that Apache Batik, an SVG library for Java, allowed
attackers to run arbitrary Java code when processing a malicious SVG file.
Files:
b88c894c4e8a7e017781c15bcb00b981 2332 java optional batik_1.10-2+deb10u2.dsc
312d7ff1d9106e0a3d61361b9e94e5e1 5549417 java optional batik_1.10.orig.tar.gz
159fc0dc3a2df4f1233dff9f012c96a9 33628 java optional batik_1.10-2+deb10u2.debian.tar.xz
c92961ff080854dfb4996ff1f3274a62 15493 java optional batik_1.10-2+deb10u2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmNdNYlfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkX6oP/ivpG2fz69IU6a+I/CPjr5wBCcHpk/TQMdFG
Iva/ZNhNisrupFVLbP91QyUxXoi3liB30iaSCYVe4ug7vBJr6F3MGWPXCkzC8VnO
HpP1bQyU1vFcRlDYJCguhtkE6wTj4dT3jg6ymbgaIIhYpqF7wxKCFU3/PCFmxDT3
QgwUfjajIpvWYcym/Qgf9yx7/AUe7cLRnLralLApJALVM6OzHJh8RZzsWj7AST7l
cJTZCs0RhIpS1mn1oeVggs7QHtogFYW4dHur4GS2zD2eI3IQvUQwXndrH7c09QcB
ndhQ4TdTAymH/08dYocRtZfru2ThoAug1PNgDWb/W6/ALxu9oLkfW1aFvW5cE3Ey
zJK5XsmMZe8lpT3eSBVRj1psbbtuPXZrk/Ixays7cMQI/BVdI0TtxHAzWGLRnnG9
iLSGeqAAL5I6aFZLmbpVihi30PcHQf5CJZOQmY1JF2UysRxP8RT6ge4fa7Ri8F9M
xfxcwmzP9kN4T+oYpEJTEnXav8PXqzzR92bdBRGd/G43MJD5LGzCV9y7bG4G8raF
PpJ/8aeojxia4v3ju/qNzGedJ+qaNaonP08XZfynqXj3B+eGswMfUZgehz6rYKqo
RRMv7AmbI2xe6JlWtRUFHPmUjnN6+O3paZML+KAAvSTzHo1FY1iQWF6R678s3krK
zY13qOHx
=QoqO
-----END PGP SIGNATURE-----