On 23/04/17 21:50, Ola Lundqvist wrote: > Dear maintainer(s), > > The Debian LTS team would like to fix the security issues which are > currently open in the Wheezy version of batik: > https://security-tracker.debian.org/tracker/CVE-2017-5662
FWIW I investigated this a bit and there doesn't seem to be any details other than what is in the advisory: i.e. I couldn't find the commit that fixes this (looking at the svn repository) or an upstream bug report. I found a security-related one, reported by Lars Krapf (as mentioned in the oss-security mail) but that seemed different than CVE-2017-5662 and much older (see [1]). Also our 1.8 and the upstream 1.9 tarballs have different layouts so it's hard to compare them. Cheers, Emilio [1] https://issues.apache.org/jira/browse/BATIK-1139 __ This is the maintainer address of Debian's Java team <http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use debian-j...@lists.debian.org for discussions and questions.
