Bug#964510: batik: CVE-2019-17566
Emilio Pozuelo Monfort
pochu at debian.org
Wed Jul 8 09:10:56 BST 2020
Package: batik
X-Debbugs-CC: team at security.debian.org
Severity: important
Version: 1.8-4
Tags: security
Hi,
The following vulnerability was published for batik.
CVE-2019-17566[0]: SSRF vulnerability
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
Note that this is fixed upstream in 1.13, and the fix is easy to backport. You
may want to consider fixing this for buster and stretch via the upcoming point
release.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-17566
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17566
Please adjust the affected versions in the BTS as needed.
More information about the pkg-java-maintainers
mailing list