[SECURITY] [DLA 182-1] batik security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 182-1] batik security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Fri, 27 Mar 2015 22:16:06 +0100 (CET)
Message-id: <[🔎] alpine.DEB.2.02.1503272215080.3308@jupiter.server.alteholz.net>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : batik
Version        : 1.7-6+deb6u1
CVE ID         : CVE-2015-0250
Debian Bug     : 780897

Nicolas Gregoire and Kevin Schaller discovered that Batik, a toolkit
for processing SVG images, would load XML external entities by
default. If a user or automated system were tricked into opening a
specially crafted SVG file, an attacker could possibly obtain access
to arbitrary files or cause resource consumption.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJVFciWXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHeR4P/3wIfzr/VlADC/4QAl8rWQYF
f/QtmG6KglFo97br0M9ZBnF3voMdXVwdE48k2rng8zenUX+Lduye76nFoKUymz1R
lo97QKqCoviRameOGB+o83dL92yYpxYassvUklGT7EEe2XbaVHPisY64iwZOvsZS
eHNbSUA6EUTqqns5uf8c2uYQM369CvA/NMl9KLjM7Di1wsmG2vDglXBDCPH8fprf
SGdNMnOuPf84AEDqMvVqXY3KLhT+ms2bPTGSwfGUyhAi82vvWs4GJjpjabVBcIpP
O60s/42tylJ11Z78Q5m5i3IAPAj8zZNvabbpL/mc059eazK6+r9Pz+V6SVyFPT1Z
IfkZnJ+1Byms5bo7kAoYjosre5+JfIX75sPGXkIhP+P9RNa2kRhD2W+aKLQFQcgl
5ahBF24D5qGh/7omKuLRHGD8u1ohs7RjQjtkii8GDrxTvi6273VMwNK3zJrfZ8mF
wZSFDmFvjfebTJHRPz9C+lKHbEY0b8fBDHiYzrReEOrDOJnkz/lvkvAjZjWlYeHI
DjrW48qjpK8w2uqSf/t4/alT5yPGGBNoGH0R5eOQgdyCXf9Q8srfT/Jq/WScTVMs
t37EXbA0yKwicakESjD6U5DwT2x9/dq4u1xn7qJtuAI0kPrzcrWUBZIdRCYitnmK
utOpi24sJzViHokfBBGN
=7Db/
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 181-1] xerces-c security update
Next by Date: [SECURITY] [DLA 183-1] libxfont security update
Previous by thread: [SECURITY] [DLA 181-1] xerces-c security update
Next by thread: [SECURITY] [DLA 183-1] libxfont security update
Index(es):
- Date
- Thread