-
batik (1.14-1ubuntu0.2) jammy-security; urgency=medium
- debian/patches/CVE-2022-38398.patch: BATIK-1331: Jar url should be
blocked by DefaultExternalResourceSecurity.
- debian/patches/CVE-2022-38648.patch: BATIK-1333: Block external
resource before calling fop.
- debian/patches/CVE-2022-40146.patch: BATIK-1335: Jar url should be
blocked by DefaultScriptSecurity.
- debian/patches/CVE-2022-41704.patch: BATIK-1338: Block loading jar
inside svg.
- debian/patches/CVE-2022-42890.patch: BATIK-1345: Restrict what java
classes can be run thru rhino.
- CVE-2022-38398
- CVE-2022-38648
- CVE-2022-40146
- CVE-2022-41704
- CVE-2022-42890
-- Paulo Flabiano Smorigo <email address hidden> Tue, 23 May 2023 15:45:29 -0300
-
batik (1.14-1) unstable; urgency=medium
* Team upload.
* New upstream version 1.14 (Closes: #1000561)
Addresses CVE-2020-11987 (Closes: #984829)
* Set Rules-Requires-Root: no in debian/control
* Let java7-runtime-headless satisfy Recommends (Closes: #1000405)
* Delete patch for CVE-2109-17566; applied upstream
* Update poms; add batik-shared-resources; remove batik-test-util
* Add build-dep on libmaven-dependency-plugin-java
-- tony mancill <email address hidden> Tue, 23 Nov 2021 21:28:11 -0800
-
batik (1.12-4) unstable; urgency=medium
* Team upload.
* Add manifest for batik-i18n.
* Mark in batik-css manifest it requires batik-i18n.
-- Sudip Mukherjee <email address hidden> Wed, 23 Sep 2020 11:46:22 +0100