it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5264-1] batik security update

From: Markus Koschany <apo AT debian.org>
To: debian-security-announce AT lists.debian.org
Subject: [IT-SecNots] [SECURITY] [DSA 5264-1] batik security update
Date: Sat, 29 Oct 2022 21:58:51 +0000
Authentication-results: mail.piratenpartei.de; dkim=none; spf=none (mail.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 82.195.75.100) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"; dmarc=none
List-archive: https://lists.debian.org/msgid-search/Y12iG3DlR8zMTfE4 AT seger.debian.org
List-id: <debian-security-announce.lists.debian.org>
List-url: <http://lists.debian.org/debian-security-announce/>
Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From:Date :Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=W7SGqlX1qs0HmqQ+J8YzsT32wOEzDQ1AQnOZZjOwXHc=; b=Ka RhbiuthXbLYgR8nJYOL5A6nV+HBpQMdByUXzqPEJ+cojLEyhuUnG2B/ci10cU8d2jJgXblASkrWz+ d5wt93m2RL/9ot7ohYUqmWXkz60QSzOCeZYmWwlkzrv9OVUS8bkqJAGNfLuOjdfUsA0Te4Se20YLe ZOWMLw+sXsU6gAWPguY0J8i4RLELmFo9Gh81+mnlS0DErAeif8H4gG1RMYHck4TliorXNrXArP6MI SulmClqXdxQ+DLuhSBWrwtiP3Nsswr+8Y5S4Ey43e9maytxGTDa3yYaZJqPuRYnEtmP9cYsT80/lJ jElg+KVm8nczd7F8It0a9dMDjVbPhkdg==;
Old-return-path: <apo AT seger.debian.org>
Priority: urgent
Resent-date: Sat, 29 Oct 2022 22:15:13 +0000 (UTC)
Resent-from: debian-security-announce AT lists.debian.org
Resent-message-id: <tTpiN-6ZAPE.A.F7D.xXaXjB@bendel>
Resent-sender: debian-security-announce-request AT lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5264-1 security AT debian.org
https://www.debian.org/security/ Markus Koschany
October 29, 2022 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : batik
CVE ID : CVE-2022-41704 CVE-2022-42890

It was discovered that Apache Batik, a SVG library for Java, allowed
attackers to run arbitrary Java code by processing a malicious SVG file.

For the stable distribution (bullseye), these problems have been fixed in
version 1.12-4+deb11u1.

We recommend that you upgrade your batik packages.

For the detailed security status of batik please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/batik

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmNdoPxfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeSwixAAz3126lRuHpJFXreXL0dbIwiahb36LhtNx29gI7C5QkzFt49svIswJ7JM
+n9GokhtggWNuyN7wF6fyQzH7VEZSYW9yzzoUbbduJoTnBArtwYyuKdfg1KnWl7h
/Wzvd8JuyLtMDCXivlqNbatfenoipUclYtB7bupb+8YX71GKxh/vXU9kR6jS5eQL
UnLk2SdbVMfwEna+KqEjt4yyS7SXWNJcMOVPbQLPhvjq8xMVAaShxNjn0hk7gGEt
H2TBFSp7UcX8kmuPCES/70t8cS7jiA8FjRRz1M8Lf12SZGLbCCtZMQdlY4Lc0OP2
2Di2PTwSU0cg6dQJPR9zbXeBMA6Bff6hsCs4eFUugmPE28N7zSs4cjiNvn//+Kf4
C/unsaOMR6bony/z9AqjxjvYv34h3AVd0/8Bg9GLe6kYX38EaY7D/biiZKPgbkQz
Xo6DU7rm8fFEGcTj/1yY+ScgznkfPob6QYLpT+b0jF+KpLPfA/Lz2bOh2DNHUVV9
hKLC3t8i02KPhxrwbbpeJ7L7F8o/Giw0Ho6m0RLCTm2+sR57t7cHF9B0PH7qZRsg
Mp4GSrydeUUK8SZGMus1NnSmqbfd4GiY2Wohd3GiN+YqIK4lWbhNi3RZg2VFaGsV
RRVtnBAgaCCZcd0BjvNEIpOoPXro97I0lqwKiAqBnKZobh86/dU=
=yzAL
-----END PGP SIGNATURE-----

[IT-SecNots] [SECURITY] [DSA 5264-1] batik security update, Markus Koschany, 30.10.2022

Archiv bereitgestellt durch MHonArc 2.6.24.