Wheezy update of batik?
Emilio Pozuelo Monfort
pochu at debian.org
Sun Apr 23 21:06:57 UTC 2017
On 23/04/17 21:50, Ola Lundqvist wrote:
> Dear maintainer(s),
>
> The Debian LTS team would like to fix the security issues which are
> currently open in the Wheezy version of batik:
> https://security-tracker.debian.org/tracker/CVE-2017-5662
FWIW I investigated this a bit and there doesn't seem to be any details other
than what is in the advisory: i.e. I couldn't find the commit that fixes this
(looking at the svn repository) or an upstream bug report. I found a
security-related one, reported by Lars Krapf (as mentioned in the oss-security
mail) but that seemed different than CVE-2017-5662 and much older (see [1]).
Also our 1.8 and the upstream 1.9 tarballs have different layouts so it's hard
to compare them.
Cheers,
Emilio
[1] https://issues.apache.org/jira/browse/BATIK-1139
More information about the pkg-java-maintainers
mailing list