Bug#780897: batik: CVE-2015-0250
Salvatore Bonaccorso
carnil at debian.org
Sun Mar 22 14:02:38 UTC 2015
Hi Tony,
On Sat, Mar 21, 2015 at 04:31:38PM -0700, tony mancill wrote:
> On 03/21/2015 12:07 AM, Salvatore Bonaccorso wrote:
> > Source: batik
> > Version: 1.7-1
> > Severity: important
> > Tags: security upstream
> >
> > Hi,
> >
> > the following vulnerability was published for batik.
> >
> > CVE-2015-0250[0]:
> > information disclosure
> >
> > If you fix the vulnerability please also make sure to include the
> > CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> >
> > For further information see:
> >
> > [0] https://security-tracker.debian.org/tracker/CVE-2015-0250
> > [1] http://seclists.org/oss-sec/2015/q1/864
> >
> > Regards,
> > Salvatore
>
> Hello Salvatore,
>
> Thank you for the bug report and the detailed information in
> security-tracker.d.o. I was able to reproduce the information
> disclosure and test that the version just uploaded to unstable no longer
> exhibits the disclosure.
Thanks for the fixes! batik has now already be unblocked by Niels
Thykier AFAICS.
Regards,
Salvatore
More information about the pkg-java-maintainers
mailing list