Accepted batik 1.12-4+deb11u1 (source) into proposed-updates
- To: debian-changes@lists.debian.org
- Subject: Accepted batik 1.12-4+deb11u1 (source) into proposed-updates
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Sat, 05 Nov 2022 15:32:08 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: batik_1.12-4+deb11u1_source.changes
- Debian-source: batik
- Debian-suite: proposed-updates
- Debian-version: 1.12-4+deb11u1
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=UdSZp1rFWVZrPQ0QhzxGdH+B3rQ1OWL8dInOZxLgBuY=; b=cxPSm7Fo1g0W/7yK37GBog7rhb NXLYrk0Hqgx/yLbtoc4kx61dA1ZOfnRMp71ksTMoI/AiaSTrk6wvhztV7cIhwoL+A0em65cw09W/h EMTm3W3Rpbq9P8zBEAN75L5GjJcVf8NorpmwTBjZwNRT6F62IQUAJbVRGfBanuYeC9GjW/jjHugjW 3+TCHaefm76U8/B2cD6CqB6A8BMjeWFzF0Q9XA5seq3dMZXz2mCHivshhS12oHIX4bVWqd070SpzR lir4CEfMGukCgoiwbIXoknQK9Vn8NH0BA7UL8stoO4tpaDCpxTA81jpq7ee5uRZbSnrMI3s2/sOAX LRGe+6/g==;
- Mail-followup-to: debian-devel@lists.debian.org
- Message-id: <E1orL9U-00C7Ai-Qv@fasolo.debian.org>
- Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 29 Oct 2022 16:37:36 CEST
Source: batik
Architecture: source
Version: 1.12-4+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Checksums-Sha1:
dabaa965b2e87e35eb94089b25dd77a05fbaa8e5 2338 batik_1.12-4+deb11u1.dsc
8eb190f841dffc125e673bd6849cc0fc047879ab 4350968 batik_1.12.orig.tar.xz
3d6716208735405f006513304bf214eb01982509 33520 batik_1.12-4+deb11u1.debian.tar.xz
2ec6c7ef1030ad54c8bbdff84763f0feee16bd13 15755 batik_1.12-4+deb11u1_amd64.buildinfo
Checksums-Sha256:
8101a09bab3955f869a494bcb6ee00b7a039a8502d7f9aa97d9982ce3266e085 2338 batik_1.12-4+deb11u1.dsc
0d40dfe6bf6ca13082678576332747ee045a1d387432709e2095f07cfd2c006c 4350968 batik_1.12.orig.tar.xz
f7c983c6a3db84b0d26e2f4e54ac908f2b57235aaf028d82b0e341abd8875e2b 33520 batik_1.12-4+deb11u1.debian.tar.xz
957384bc2681c7bf552ed739d9754777ad1c6dfb5a97192c64db48b378bedbe4 15755 batik_1.12-4+deb11u1_amd64.buildinfo
Changes:
batik (1.12-4+deb11u1) bullseye-security; urgency=high
.
* Team upload.
* Fix CVE-2022-41704 and CVE-2022-42890:
It was discovered that Apache Batik, an SVG library for Java, allowed
attackers to run arbitrary Java code by processing a malicious SVG file.
Files:
2319b6cc28a47cd1a7e237e40e3375ed 2338 java optional batik_1.12-4+deb11u1.dsc
faf8f2171bf66ab4c662c78b3f7adcdc 4350968 java optional batik_1.12.orig.tar.xz
1213d3a1c2af0a0bbb457671677b4f1e 33520 java optional batik_1.12-4+deb11u1.debian.tar.xz
58f6fb040d478004420bed1e7ad8ebc1 15755 java optional batik_1.12-4+deb11u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmNdOzFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hk88kP/3A51z9UWgMPfHUNn8PnT8BsAArdmaCsVZHb
ALXU+7sm5OTtRtEVHJpc6hRQAGokLhCpIGXYstBHkwkNkQSMzBrpk+Y+OJk6XphF
NZFf0Mh1HNUosubTzfg5/XQscdAKiVfEVRgD9FmhWCWDgAvsEsII4ucKTe291u2r
ZkVzycxMOvEhQb4Klx/8jOaXlkb5ot0OiY3s06SdCIkvqR6SvR+7CITEbbJpIo1w
bqInDv7EgnP9Sld/QcVX4ybPS9FxobUjrz2x+ivBICZy1XbrKrNCBMoyhHe/2HmS
x1vD00FNxOM3FgYtL8tenR3qmhGErT9V6T2pSbM2O2gDg9ccyl5hYC0HSxr3dRiu
sFdq6YNKr4UgAz59m6y1JRtJVyWb4lRbs1asHm/Es0O0RL4hEIMuGf2e0f1XIl1a
2NST8cmc0TzDRbTjq7kmZj6LNN6g2plz4+2jpI8r6p+Gb0EtyXCKCWCOy51NqRBv
V4pAQ+6ESZzjOl5D3rLzuDkyprZjR3sNPxcD7MC1sdUo1Bl/qHUjXfHuaLOM5eRy
HQePKddRq4db3Dzg0vDtyRe6Ifu+oQd4aEpv8DlUMTV1S+DFRcfFNQRvSlT9Cg28
CKshrFYnbsnYHLV5IvCnCmMU1RfSd/EsPC3WBqeLQrrjk3PNeZmmr3fug5rkjInt
Iz/TYjMV
=32ts
-----END PGP SIGNATURE-----