Wheezy update of batik?

Emilio Pozuelo Monfort pochu at debian.org
Sun Apr 23 21:06:57 UTC 2017


On 23/04/17 21:50, Ola Lundqvist wrote:
> Dear maintainer(s),
> 
> The Debian LTS team would like to fix the security issues which are
> currently open in the Wheezy version of batik:
> https://security-tracker.debian.org/tracker/CVE-2017-5662

FWIW I investigated this a bit and there doesn't seem to be any details other
than what is in the advisory: i.e. I couldn't find the commit that fixes this
(looking at the svn repository) or an upstream bug report. I found a
security-related one, reported by Lars Krapf (as mentioned in the oss-security
mail) but that seemed different than CVE-2017-5662 and much older (see [1]).

Also our 1.8 and the upstream 1.9 tarballs have different layouts so it's hard
to compare them.

Cheers,
Emilio

[1] https://issues.apache.org/jira/browse/BATIK-1139



More information about the pkg-java-maintainers mailing list