-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 29 Oct 2022 16:15:28 CEST Source: batik Architecture: source Version: 1.10-2+deb10u2 Distribution: buster-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Checksums-Sha1: f0915cce4bc1e4cb250937561a0f1cf665be1ae1 2332 batik_1.10-2+deb10u2.dsc 7fe65c7594207a52cbda62f91dd9c6ce3345983b 5549417 batik_1.10.orig.tar.gz 369a0c46243f095788d462e40aef12be0d87808f 33628 batik_1.10-2+deb10u2.debian.tar.xz dbfa3a9dc31ef70d741628ba85a674d878f970c7 15493 batik_1.10-2+deb10u2_amd64.buildinfo Checksums-Sha256: 049548cc7a4efd70e7f1e648443a2f1a0cf1acdb01fd5397258c86f3b2c90ea4 2332 batik_1.10-2+deb10u2.dsc 800af9f9eede082fed10fe76de87d31653c634afa32e85f1091c73bede6d14be 5549417 batik_1.10.orig.tar.gz 69f5b872f2d5ff5101744f83e8568c31b6296cf3a974cd624da358a58a6ba375 33628 batik_1.10-2+deb10u2.debian.tar.xz 85ba1e1a34faf2ae5895cdd848c13f60d353a61a6db9a2570163761136c2154f 15493 batik_1.10-2+deb10u2_amd64.buildinfo Changes: batik (1.10-2+deb10u2) buster-security; urgency=high . * Team upload. * Fix CVE-2022-41704 and CVE-2022-42890: It was discovered that Apache Batik, an SVG library for Java, allowed attackers to run arbitrary Java code when processing a malicious SVG file. Files: b88c894c4e8a7e017781c15bcb00b981 2332 java optional batik_1.10-2+deb10u2.dsc 312d7ff1d9106e0a3d61361b9e94e5e1 5549417 java optional batik_1.10.orig.tar.gz 159fc0dc3a2df4f1233dff9f012c96a9 33628 java optional batik_1.10-2+deb10u2.debian.tar.xz c92961ff080854dfb4996ff1f3274a62 15493 java optional batik_1.10-2+deb10u2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmNdNYlfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkX6oP/ivpG2fz69IU6a+I/CPjr5wBCcHpk/TQMdFG Iva/ZNhNisrupFVLbP91QyUxXoi3liB30iaSCYVe4ug7vBJr6F3MGWPXCkzC8VnO HpP1bQyU1vFcRlDYJCguhtkE6wTj4dT3jg6ymbgaIIhYpqF7wxKCFU3/PCFmxDT3 QgwUfjajIpvWYcym/Qgf9yx7/AUe7cLRnLralLApJALVM6OzHJh8RZzsWj7AST7l cJTZCs0RhIpS1mn1oeVggs7QHtogFYW4dHur4GS2zD2eI3IQvUQwXndrH7c09QcB ndhQ4TdTAymH/08dYocRtZfru2ThoAug1PNgDWb/W6/ALxu9oLkfW1aFvW5cE3Ey zJK5XsmMZe8lpT3eSBVRj1psbbtuPXZrk/Ixays7cMQI/BVdI0TtxHAzWGLRnnG9 iLSGeqAAL5I6aFZLmbpVihi30PcHQf5CJZOQmY1JF2UysRxP8RT6ge4fa7Ri8F9M xfxcwmzP9kN4T+oYpEJTEnXav8PXqzzR92bdBRGd/G43MJD5LGzCV9y7bG4G8raF PpJ/8aeojxia4v3ju/qNzGedJ+qaNaonP08XZfynqXj3B+eGswMfUZgehz6rYKqo RRMv7AmbI2xe6JlWtRUFHPmUjnN6+O3paZML+KAAvSTzHo1FY1iQWF6R678s3krK zY13qOHx =QoqO -----END PGP SIGNATURE-----