See http://xmlgraphics.apache.org/security.html.
On 6/26/15 5:42 PM, Chris Bowditch wrote:
Hi Vincent,
Yes Batik 1.8 contains the fix for CVE-2015-0250
Thanks,
Chris
On 26/06/2015 14:44, Vincent Timoney wrote:
Hi,
Thanks for your reply; Just to double-check is the new version of
Hi,
Thanks for your reply; Just to double-check is the new version of
batik-all.jar(1.8) contained within the new version of FOP (2.0) contains
the fix for the CVE-2015-0250?
Regards,
Vinnie
Vincent Timoney
Security Engineer
Hi,
In relation to CVE-2015-0250: The Apache FOP project contains a version
of
Batik called batik-all-1.7.jar. Is this affected that the above CVE?
Regards,
Vinnie
Vincent Timoney
Security Engineer
-
To
Yes, it is (you must be using FOP-1.1 or earlier if you have the 1.7
jar). You can replace it by version 1.7.1 if you wish. Version 1.7.1 is
the same as 1.7 but for the CVE-2015-0250 fix.
On 6/26/15 11:04 AM, Vincent Timoney wrote:
Hi,
In relation to CVE-2015-0250: The Apache FOP