On 23/04/17 21:50, Ola Lundqvist wrote:
> Dear maintainer(s),
> 
> The Debian LTS team would like to fix the security issues which are
> currently open in the Wheezy version of batik:
> https://security-tracker.debian.org/tracker/CVE-2017-5662

FWIW I investigated this a bit and there doesn't seem to be any details other
than what is in the advisory: i.e. I couldn't find the commit that fixes this
(looking at the svn repository) or an upstream bug report. I found a
security-related one, reported by Lars Krapf (as mentioned in the oss-security
mail) but that seemed different than CVE-2017-5662 and much older (see [1]).

Also our 1.8 and the upstream 1.9 tarballs have different layouts so it's hard
to compare them.

Cheers,
Emilio

[1] https://issues.apache.org/jira/browse/BATIK-1139

__
This is the maintainer address of Debian's Java team
<http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. 
Please use
debian-j...@lists.debian.org for discussions and questions.

Reply via email to