[ubuntu/kinetic-updates] batik 1.14-2ubuntu0.1 (Accepted)

Ubuntu Archive Robot ubuntu-archive-robot at lists.canonical.com
Thu May 25 19:58:38 UTC 2023

batik (1.14-2ubuntu0.1) kinetic-security; urgency=medium

  * SECURITY UPDATE: Server-Side Request Forgery
    - debian/patches/CVE-2022-38398.patch: BATIK-1331: Jar url should be
      blocked by DefaultExternalResourceSecurity.
    - debian/patches/CVE-2022-38648.patch: BATIK-1333: Block external
      resource before calling fop.
    - debian/patches/CVE-2022-40146.patch: BATIK-1335: Jar url should be
      blocked by DefaultScriptSecurity.
    - debian/patches/CVE-2022-41704.patch: BATIK-1338: Block loading jar
      inside svg.
    - debian/patches/CVE-2022-42890.patch: BATIK-1345: Restrict what java
      classes can be run thru rhino.
    - CVE-2022-38398
    - CVE-2022-38648
    - CVE-2022-40146
    - CVE-2022-41704
    - CVE-2022-42890

Date: 2023-05-23 19:26:07.297490+00:00
Changed-By: Paulo Flabiano Smorigo <pfsmorigo at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the kinetic-changes mailing list