Bug#780897: batik: CVE-2015-0250
tony mancill
tmancill at debian.org
Sat Mar 21 23:31:38 UTC 2015
On 03/21/2015 12:07 AM, Salvatore Bonaccorso wrote:
> Source: batik
> Version: 1.7-1
> Severity: important
> Tags: security upstream
>
> Hi,
>
> the following vulnerability was published for batik.
>
> CVE-2015-0250[0]:
> information disclosure
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> For further information see:
>
> [0] https://security-tracker.debian.org/tracker/CVE-2015-0250
> [1] http://seclists.org/oss-sec/2015/q1/864
>
> Regards,
> Salvatore
Hello Salvatore,
Thank you for the bug report and the detailed information in
security-tracker.d.o. I was able to reproduce the information
disclosure and test that the version just uploaded to unstable no longer
exhibits the disclosure.
Version 1.7+dfsg-5 addresses this bug for sid and should also be
appropriate for jessie. I'll look at wheezy and squeeze next.
Thank you,
tony
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-java-maintainers/attachments/20150321/51092ee6/attachment.sig>
More information about the pkg-java-maintainers
mailing list