-
batik (1.10-2~18.04.1) bionic-security; urgency=medium
* SECURITY UPDATE: Server-Side Request Forgery
- debian/patches/CVE-2019-17566.patch: BATIK-1276: Allow blocking of
external resources.
- debian/patches/CVE-2020-11987.patch: BATIK-1284: Dont load DTDs in
NodePickerPanel.
- debian/patches/CVE-2022-38398.patch: BATIK-1331: Jar url should be
blocked by DefaultExternalResourceSecurity.
- debian/patches/CVE-2022-38648.patch: BATIK-1333: Block external
resource before calling fop.
- debian/patches/CVE-2022-40146.patch: BATIK-1335: Jar url should be
blocked by DefaultScriptSecurity.
- debian/patches/CVE-2022-41704.patch: BATIK-1338: Block loading jar
inside svg.
- debian/patches/CVE-2022-42890.patch: BATIK-1345: Restrict what java
classes can be run thru rhino.
- CVE-2019-17566
- CVE-2020-11987
- CVE-2022-38398
- CVE-2022-38648
- CVE-2022-40146
- CVE-2022-41704
- CVE-2022-42890
-- Paulo Flabiano Smorigo <email address hidden> Mon, 22 May 2023 17:34:34 -0300
-
batik (1.10-2~18.04) bionic; urgency=medium
* Backport for OpenJDK 11. LP: #1814133.
batik (1.10-2) unstable; urgency=medium
* Team upload.
* Fixed the build failure with Java 11 (Closes: #913050)
* Tightened the version of maven-debian-helper required to build batik
(Closes: #902532)
* Standards-Version updated to 4.2.1
* Use salsa.debian.org Vcs-* URLs
batik (1.10-1) unstable; urgency=medium
* Team upload.
* New upstream version 1.10.
- squiggle works as expected again after updating the policy patch.
(Closes: #884481)
- Fix CVE-2018-8013: information disclosure vulnerability.
(Closes: #899374)
* Drop 07_optional_rhino_and_jython_dependencies.patch. Applied upstream.
* Remove repack scripts and use Files-Excluded mechanism instead.
* Update the watch file. Use Files-Excluded.
* Ignore jython artifact and add no-Jython-support.patch. Jython as a
scripting language for Batik is no longer supported because the dependency
complicates transitions. (Closes: #884536)
* Ignore batik-test-old module.
-- Matthias Klose <email address hidden> Tue, 26 Feb 2019 13:09:09 +0100
-
batik (1.9-3) unstable; urgency=medium
* Team upload.
* Made the rhino and jython dependencies optional (Closes: #875322)
* Removed the unused dependencies on libbsf-java, libcommons-io-java
and libcommons-logging-java
* Build with Maven instead of Ant
* Build with the DH sequencer instead of CDBS
* Standards-Version updated to 4.1.1
* Switch to debhelper level 10
-- Emmanuel Bourg <email address hidden> Mon, 02 Oct 2017 16:55:14 +0200