-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 29 Oct 2022 16:37:36 CEST Source: batik Architecture: source Version: 1.12-4+deb11u1 Distribution: bullseye-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Checksums-Sha1: dabaa965b2e87e35eb94089b25dd77a05fbaa8e5 2338 batik_1.12-4+deb11u1.dsc 8eb190f841dffc125e673bd6849cc0fc047879ab 4350968 batik_1.12.orig.tar.xz 3d6716208735405f006513304bf214eb01982509 33520 batik_1.12-4+deb11u1.debian.tar.xz 2ec6c7ef1030ad54c8bbdff84763f0feee16bd13 15755 batik_1.12-4+deb11u1_amd64.buildinfo Checksums-Sha256: 8101a09bab3955f869a494bcb6ee00b7a039a8502d7f9aa97d9982ce3266e085 2338 batik_1.12-4+deb11u1.dsc 0d40dfe6bf6ca13082678576332747ee045a1d387432709e2095f07cfd2c006c 4350968 batik_1.12.orig.tar.xz f7c983c6a3db84b0d26e2f4e54ac908f2b57235aaf028d82b0e341abd8875e2b 33520 batik_1.12-4+deb11u1.debian.tar.xz 957384bc2681c7bf552ed739d9754777ad1c6dfb5a97192c64db48b378bedbe4 15755 batik_1.12-4+deb11u1_amd64.buildinfo Changes: batik (1.12-4+deb11u1) bullseye-security; urgency=high . * Team upload. * Fix CVE-2022-41704 and CVE-2022-42890: It was discovered that Apache Batik, an SVG library for Java, allowed attackers to run arbitrary Java code by processing a malicious SVG file. Files: 2319b6cc28a47cd1a7e237e40e3375ed 2338 java optional batik_1.12-4+deb11u1.dsc faf8f2171bf66ab4c662c78b3f7adcdc 4350968 java optional batik_1.12.orig.tar.xz 1213d3a1c2af0a0bbb457671677b4f1e 33520 java optional batik_1.12-4+deb11u1.debian.tar.xz 58f6fb040d478004420bed1e7ad8ebc1 15755 java optional batik_1.12-4+deb11u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmNdOzFfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1Hk88kP/3A51z9UWgMPfHUNn8PnT8BsAArdmaCsVZHb ALXU+7sm5OTtRtEVHJpc6hRQAGokLhCpIGXYstBHkwkNkQSMzBrpk+Y+OJk6XphF NZFf0Mh1HNUosubTzfg5/XQscdAKiVfEVRgD9FmhWCWDgAvsEsII4ucKTe291u2r ZkVzycxMOvEhQb4Klx/8jOaXlkb5ot0OiY3s06SdCIkvqR6SvR+7CITEbbJpIo1w bqInDv7EgnP9Sld/QcVX4ybPS9FxobUjrz2x+ivBICZy1XbrKrNCBMoyhHe/2HmS x1vD00FNxOM3FgYtL8tenR3qmhGErT9V6T2pSbM2O2gDg9ccyl5hYC0HSxr3dRiu sFdq6YNKr4UgAz59m6y1JRtJVyWb4lRbs1asHm/Es0O0RL4hEIMuGf2e0f1XIl1a 2NST8cmc0TzDRbTjq7kmZj6LNN6g2plz4+2jpI8r6p+Gb0EtyXCKCWCOy51NqRBv V4pAQ+6ESZzjOl5D3rLzuDkyprZjR3sNPxcD7MC1sdUo1Bl/qHUjXfHuaLOM5eRy HQePKddRq4db3Dzg0vDtyRe6Ifu+oQd4aEpv8DlUMTV1S+DFRcfFNQRvSlT9Cg28 CKshrFYnbsnYHLV5IvCnCmMU1RfSd/EsPC3WBqeLQrrjk3PNeZmmr3fug5rkjInt Iz/TYjMV =32ts -----END PGP SIGNATURE-----