Back to batik PTS page

Accepted batik 1.10-2+deb10u3 (source) into oldoldstable

To: debian-lts-changes@lists.debian.org, dispatch@tracker.debian.org
Subject: Accepted batik 1.10-2+deb10u3 (source) into oldoldstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Sat, 14 Oct 2023 20:20:21 +0000
Debian: DAK
Debian-architecture: source
Debian-archive-action: accept
Debian-changes: batik_1.10-2+deb10u3_source.changes
Debian-source: batik
Debian-suite: oldoldstable
Debian-version: 1.10-2+deb10u3
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.seger; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=CoxH+Jt/kFyotl6YU0EjMHUuN1FMA+l5wlE1TlP/JUQ=; b=GCD/7E90odv91STuq7LkkEI0Kk IV8qEcpdf7ZMUxOC2lXqx3yY8ZoA7IjYcs5t9qYSSeG/p12ez1TOMRFygUipwvM1Oc0+Fa340XN8t 4ype/Hs65RSQzFk9i7aDvcYiro7PLjM1eDcDXewakfgRNRc411en0F899j6ceV6bMMgk6D8R64IgD IIlX1b0uwOHi+Hrah0OE4H3FSGLxD4yG0efCvKmmGXjr/p9WFGAoHk6FDJ+aUfNitjDIWiHEyn+zE F19AcCC2rz0OLGwHki2cz62WIUDUglA9JPfKv3gQhJRqAxB106et5AfJTyFJv+cWFa72++RSn5YEm QtMnAymw==;
Mail-followup-to: debian-lts@lists.debian.org
Message-id: <E1qrl7V-001zAQ-QY@seger.debian.org>
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 08 Oct 2023 14:30:21 +0000
Source: batik
Architecture: source
Version: 1.10-2+deb10u3
Distribution: buster-security
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Closes: 984829 1020589
Changes:
 batik (1.10-2+deb10u3) buster-security; urgency=medium
 .
   * LTS Team upload
   * Fix CVE-2020-11987: a server-side request forgery was found,
     caused by improper input validation by the NodePickerPanel.
     By using a specially-crafted argument, an attacker could exploit
     this vulnerability to cause the underlying server to make
     arbitrary GET requests. (Closes: #984829)
   * Fix multiple Server-Side Request Forgery (SSRF) vulnerabilities
     (Closes: #1020589):
     - CVE-2022-38398: A Server-Side Request Forgery (SSRF) vulnerability
       was found that allows an attacker to load a url thru the jar
       protocol.
     - CVE-2022-38648: A Server-Side Request Forgery (SSRF) vulnerability
       was found that allows an attacker to fetch external resources.
     - CVE-2022-40146: A Server-Side Request Forgery (SSRF) vulnerability
       was found that allows an attacker to access files using a Jar url.
   * Fix multiple Server-Side Request Forgery (SSRF) vulnerabilities:
     - CVE-2022-44729: A Server-Side Request Forgery (SSRF) vulnerability
       was found. A malicious SVG could trigger loading external resources
       by default, causing resource consumption or in some
       cases even information disclosure.
     - CVE-2022-44730: A Server-Side Request Forgery (SSRF) vulnerability
       was found. A malicious SVG can probe user profile / data and send
       it directly as parameter to a URL.
Checksums-Sha1:
 ff31060090cfe2c701678041fb62ab0c8f44b059 2206 batik_1.10-2+deb10u3.dsc
 5cc63e27631680b5bfed0ed50944026dbaf36650 38044 batik_1.10-2+deb10u3.debian.tar.xz
 d67b549a95daff6e7ac819f35128f84e21d127b7 15314 batik_1.10-2+deb10u3_i386.buildinfo
Checksums-Sha256:
 c0fd53102c2b183fca57af802e49024fd0fbd8317cd096ae182d9d346467ba47 2206 batik_1.10-2+deb10u3.dsc
 fd7429db242eb0ba7bfa88dc836fd8fc09efab98614f2797210b649479706d6e 38044 batik_1.10-2+deb10u3.debian.tar.xz
 d72559b223b13df20bee322772a2b52d73e0a63abe90bb35753edbda631c61ca 15314 batik_1.10-2+deb10u3_i386.buildinfo
Files:
 c7df8e1c1573c885d2e52f1ca485a1f2 2206 java optional batik_1.10-2+deb10u3.dsc
 06c9040007ac3973976cdf41db142f92 38044 java optional batik_1.10-2+deb10u3.debian.tar.xz
 198fe03da0c09c373b00c974469f2cc4 15314 java optional batik_1.10-2+deb10u3_i386.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmUq9CARHHJvdWNhQGRl
Ymlhbi5vcmcACgkQADoaLapBCF8raA/9HownjUzt3c3c4njzPVGHFajn7Ce8DngF
rPUFORwZmCODX0qHL0WiXexat55lPtAcU0XlAtGcSyZgV0WJotKNhWK47gsaM4QX
baCEWZJz5a2ZJADcxFPTZJyoFUNfHH5j/gYBeOQ7WHTX4pkGlQbDvqdCbZOpiNmc
0OF/+f343vt01b3pzve0QrdL5s92RuBGjwrBtZv+79cn0U89gwxgCCScTAnyM06S
TJPOspPVI6+DOTfOqXiaYCDJP0ZoQ6FHVJo5mQ03e069Uz+mLnyE3VuSp3iUUFtG
EBo7phDPgK+I7y0V8THq36j0nmIpUfv/pGqJB8l5yd6ZnCBDSaTgV1E/o8yF++/3
yZhLf4QkY1940HjSR8xnFqHBzs/wo16cR8k1wLbhxJef795umT0SaR3tXVgg1B+Y
FDGB6NfbHEpfQVQ1Y2iXWBFh8B2vLYgxHvYfF00Qukw5rEoyL3la7rAizSi6TQUJ
1EPxuUw7UZYgD07gOIYWN5Ck/Xtq6906WEplOBQ2+OEC8nHANon+PuN81i6zdbGR
02xPypURBxNFDLMLTZFk2jXblqug0G0+iQwoHmP9Ckj5wENwuOFEi/K/Pq13wuRM
hgfutlOhklFaIcyKm9x20yGqy3KrUYObc164BU+NXnWxgjB2zyiCTccUYHLy5h6o
v4cqF5sf4Z0=
=drFq
-----END PGP SIGNATURE-----