Format: 1.8
Date: Tue, 23 May 2023 15:42:39 -0300
Source: batik
Binary: libbatik-java
Built-For-Profiles: noudeb
Architecture: all
Version: 1.14-2ubuntu0.1
Distribution: kinetic
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@lcy02-amd64-089.buildd>
Changed-By: Paulo Flabiano Smorigo <pfsmorigo@canonical.com>
Description:
 libbatik-java - xml.apache.org SVG Library
Changes:
 batik (1.14-2ubuntu0.1) kinetic-security; urgency=medium
 .
   * SECURITY UPDATE: Server-Side Request Forgery
     - debian/patches/CVE-2022-38398.patch: BATIK-1331: Jar url should be
       blocked by DefaultExternalResourceSecurity.
     - debian/patches/CVE-2022-38648.patch: BATIK-1333: Block external
       resource before calling fop.
     - debian/patches/CVE-2022-40146.patch: BATIK-1335: Jar url should be
       blocked by DefaultScriptSecurity.
     - debian/patches/CVE-2022-41704.patch: BATIK-1338: Block loading jar
       inside svg.
     - debian/patches/CVE-2022-42890.patch: BATIK-1345: Restrict what java
       classes can be run thru rhino.
     - CVE-2022-38398
     - CVE-2022-38648
     - CVE-2022-40146
     - CVE-2022-41704
     - CVE-2022-42890
Checksums-Sha1:
 93a2d1172f142ed637b8c0116b24637071bf1ec0 15826 batik_1.14-2ubuntu0.1_amd64.buildinfo
 4fb0e0f9f0e43dccc4a1d2ec8afc50342a953068 3867552 libbatik-java_1.14-2ubuntu0.1_all.deb
Checksums-Sha256:
 d8e4ad4aa11c406535e69e93e6be003da82f6efefb92a4056b2da61efa542f30 15826 batik_1.14-2ubuntu0.1_amd64.buildinfo
 6960d40f8f985895ccff1ad5606ddd77f17895db2b9be4384024323cc1e61f21 3867552 libbatik-java_1.14-2ubuntu0.1_all.deb
Files:
 e08b1cfe955ec3293856bb25da60bd70 15826 java optional batik_1.14-2ubuntu0.1_amd64.buildinfo
 2b465e314618ab47b93d5cdd06b89f32 3867552 java optional libbatik-java_1.14-2ubuntu0.1_all.deb
Original-Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>