Hi Just for information. I based my conclusion on that the package is affected by a statement from security team that all versions from 1.0 are affected.
// Ola On 23 April 2017 at 23:06, Emilio Pozuelo Monfort <po...@debian.org> wrote: > On 23/04/17 21:50, Ola Lundqvist wrote: > > Dear maintainer(s), > > > > The Debian LTS team would like to fix the security issues which are > > currently open in the Wheezy version of batik: > > https://security-tracker.debian.org/tracker/CVE-2017-5662 > > FWIW I investigated this a bit and there doesn't seem to be any details > other > than what is in the advisory: i.e. I couldn't find the commit that fixes > this > (looking at the svn repository) or an upstream bug report. I found a > security-related one, reported by Lars Krapf (as mentioned in the > oss-security > mail) but that seemed different than CVE-2017-5662 and much older (see > [1]). > > Also our 1.8 and the upstream 1.9 tarballs have different layouts so it's > hard > to compare them. > > Cheers, > Emilio > > [1] https://issues.apache.org/jira/browse/BATIK-1139 > -- --- Inguza Technology AB --- MSc in Information Technology ---- / o...@inguza.com Folkebogatan 26 \ | o...@debian.org 654 68 KARLSTAD | | http://inguza.com/ Mobile: +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / ---------------------------------------------------------------
