[ubuntu/bionic-security] batik 1.10-2~18.04.1 (Accepted)
Paulo Flabiano Smorigo
pfsmorigo at canonical.com
Thu May 25 19:20:21 UTC 2023
batik (1.10-2~18.04.1) bionic-security; urgency=medium
* SECURITY UPDATE: Server-Side Request Forgery
- debian/patches/CVE-2019-17566.patch: BATIK-1276: Allow blocking of
external resources.
- debian/patches/CVE-2020-11987.patch: BATIK-1284: Dont load DTDs in
NodePickerPanel.
- debian/patches/CVE-2022-38398.patch: BATIK-1331: Jar url should be
blocked by DefaultExternalResourceSecurity.
- debian/patches/CVE-2022-38648.patch: BATIK-1333: Block external
resource before calling fop.
- debian/patches/CVE-2022-40146.patch: BATIK-1335: Jar url should be
blocked by DefaultScriptSecurity.
- debian/patches/CVE-2022-41704.patch: BATIK-1338: Block loading jar
inside svg.
- debian/patches/CVE-2022-42890.patch: BATIK-1345: Restrict what java
classes can be run thru rhino.
- CVE-2019-17566
- CVE-2020-11987
- CVE-2022-38398
- CVE-2022-38648
- CVE-2022-40146
- CVE-2022-41704
- CVE-2022-42890
Date: 2023-05-23 14:57:07.749101+00:00
Changed-By: Paulo Flabiano Smorigo <pfsmorigo at canonical.com>
Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
https://launchpad.net/ubuntu/+source/batik/1.10-2~18.04.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Bionic-changes
mailing list