-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5264-1 security@debian.org https://www.debian.org/security/ Markus Koschany October 29, 2022 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : batik CVE ID : CVE-2022-41704 CVE-2022-42890 It was discovered that Apache Batik, a SVG library for Java, allowed attackers to run arbitrary Java code by processing a malicious SVG file. For the stable distribution (bullseye), these problems have been fixed in version 1.12-4+deb11u1. We recommend that you upgrade your batik packages. For the detailed security status of batik please refer to its security tracker page at: https://security-tracker.debian.org/tracker/batik Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmNdoPxfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeSwixAAz3126lRuHpJFXreXL0dbIwiahb36LhtNx29gI7C5QkzFt49svIswJ7JM +n9GokhtggWNuyN7wF6fyQzH7VEZSYW9yzzoUbbduJoTnBArtwYyuKdfg1KnWl7h /Wzvd8JuyLtMDCXivlqNbatfenoipUclYtB7bupb+8YX71GKxh/vXU9kR6jS5eQL UnLk2SdbVMfwEna+KqEjt4yyS7SXWNJcMOVPbQLPhvjq8xMVAaShxNjn0hk7gGEt H2TBFSp7UcX8kmuPCES/70t8cS7jiA8FjRRz1M8Lf12SZGLbCCtZMQdlY4Lc0OP2 2Di2PTwSU0cg6dQJPR9zbXeBMA6Bff6hsCs4eFUugmPE28N7zSs4cjiNvn//+Kf4 C/unsaOMR6bony/z9AqjxjvYv34h3AVd0/8Bg9GLe6kYX38EaY7D/biiZKPgbkQz Xo6DU7rm8fFEGcTj/1yY+ScgznkfPob6QYLpT+b0jF+KpLPfA/Lz2bOh2DNHUVV9 hKLC3t8i02KPhxrwbbpeJ7L7F8o/Giw0Ho6m0RLCTm2+sR57t7cHF9B0PH7qZRsg Mp4GSrydeUUK8SZGMus1NnSmqbfd4GiY2Wohd3GiN+YqIK4lWbhNi3RZg2VFaGsV RRVtnBAgaCCZcd0BjvNEIpOoPXro97I0lqwKiAqBnKZobh86/dU= =yzAL -----END PGP SIGNATURE-----