UbuntuUpdates.org

Package "batik"

Name: batik

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • xml.apache.org SVG Library
Latest version: 1.7.ubuntu-8ubuntu2.14.04.3
Release: trusty (14.04)
Level: security
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "batik" in Trusty

Repository Area Version
base main 1.7.ubuntu-8ubuntu2
updates main 1.7.ubuntu-8ubuntu2.14.04.3

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.7.ubuntu-8ubuntu2.14.04.3 2018-05-29 13:06:23 UTC

  batik (1.7.ubuntu-8ubuntu2.14.04.3) trusty-security; urgency=medium

  * SECURITY UPDATE: Information disclosure vulnerability
    - debian/patches/CVE-2018-8013.patch: fix in
      sources/org/apache/batik/dom/AbstractDocument.java.
    - CVE-2018-8013

 -- <email address hidden> (Leonidas S. Barbosa) Mon, 28 May 2018 14:08:13 -0300
Source diff to previous version
CVE-2018-8013 In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name w

Version: 1.7.ubuntu-8ubuntu2.14.04.2 2017-05-09 16:07:17 UTC

  batik (1.7.ubuntu-8ubuntu2.14.04.2) trusty-security; urgency=medium

  * SECURITY UPDATE: SSRF through external DTD resolution
    - debian/patches/CVE-2017-5662.patch: disable external DTD resolution
      in sources/org/apache/batik/dom/util/SAXDocumentFactory.java.
    - Thanks to Debian for the patch backport.
    - CVE-2017-5662

 -- Marc Deslauriers <email address hidden> Thu, 04 May 2017 12:48:26 -0400
Source diff to previous version
CVE-2017-5662 In Apache Batik before 1.9, files lying on the filesystem of the server which uses batik can be revealed to arbitrary users who send maliciously form

Version: 1.7.ubuntu-8ubuntu2.14.04.1 2015-03-25 14:06:41 UTC

  batik (1.7.ubuntu-8ubuntu2.14.04.1) trusty-security; urgency=medium

  * SECURITY UPDATE: XML external entity information disclosure
    - debian/patches/cve_2015_0250.patch: disable external entities in
      sources/org/apache/batik/dom/util/SAXDocumentFactory.java.
    - Thanks to Debian for the patch backport.
    - CVE-2015-0250
 -- Marc Deslauriers <email address hidden> Tue, 24 Mar 2015 10:51:32 -0400
CVE-2015-0250 information disclosure


About   -   Send Feedback to @ubuntu_updates