[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1385-1] batik security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : batik
Version        : 1.7+dfsg-3+deb7u3
CVE ID         : CVE-2018-8013
Debian Bug     : 899374

Man Yue Mo discovered a security vulnerability in Apache Batik, an SVG
image library. A missing check for the class type before calling
newInstance when deserializing a subclass of AbstractDocument could
lead to information disclosure.

For Debian 7 "Wheezy", these problems have been fixed in version
1.7+dfsg-3+deb7u3.

We recommend that you upgrade your batik packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlsIZC5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeRpJg/9FgtqKs0srUIpJ/2d948m2od03F57d2OTvgiJUOKCNby3Qw0fLcDn0ajQ
mwaew7rx9MoTo9qTDB/OhqLxutDe99WNzLvCHa5xnCmbFLqoE4nWHX3nTJyPKDtg
ZjnLeAvIxw+K9ZaZIQ2Wv0k+zdXqkOurOVnGcb0JIwmUNooxMpw9m6kyWFMTpl9o
CDHNiVa+QsKfTeJVWzh2YsiVTjE9QU/1uk9Rzbut0KMLmkxIPke4xI7wSMhnBulw
eMbBJzxsvkVFznocaVoMxtx+HVLsgPEjAnnZYLW6lStuXievKV39iQZLmW20y7cB
Mht4qfHsP/JxFh0k4Pc8pCi7J7w0iUe+nHK1ri1DQ0Syya3YNRsFq7gmhbDIWi2u
s2B/nondqgJeL8lot+oSrJTNGziJzhxiaJ0h/NamihvJvrLZNhFf3jA+ZhvVkwaP
156jt8bsbI37zhIriJN0V+z/LXbb4tTAut85Lp9cYszx9zdetpV4qFZHcgTGPzk9
tz3Qg2LZ5RJ3RnvHADXVJTn7esho2ngBbdl8H1GPJ21ONppYcBWy1/Xnqwuo41rq
gZ0NpD/QLt7S9Dh/b0rAHMx2uM1UM9coNHI6KQFBLhlCgSKW25wQGsR1eVeZ352w
tCM4/fiEkbsqJn1dOruf37E3iiEv155P/mEQ3he2yDJZvhKOT6U=
=xZlH
-----END PGP SIGNATURE-----
Reply to: