Bug 23081

Summary: batik new security issues CVE-2017-5662 and CVE-2018-8013
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Java Stack Maintainers <java>
Status: RESOLVED OLD QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: mhrambo3501
Version: 6   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: batik-1.9-5.mga7.src.rpm CVE:
Status comment:

Description David Walser 2018-05-24 13:31:11 CEST 
Apache has issued an advisory on May 23:
http://openwall.com/lists/oss-security/2018/05/23/1

The issue is fixed upstream in 1.10.

Mageia 5 and Mageia 6 are also affected.
David Walser 2018-05-24 13:31:19 CEST

Whiteboard: (none) => MGA6TOO

Comment 1 David Walser 2018-06-08 22:12:46 CEST 
Debian has issued an advisory for this on June 2:
https://www.debian.org/security/2018/dsa-4215
David Walser 2018-06-08 22:13:19 CEST

Summary: batik new security issue CVE-2018-8013 => batik new security issues CVE-2017-5662 and CVE-2018-8013

Comment 2 David Walser 2018-06-08 22:27:26 CEST 
Ubuntu has issued an advisory for this on May 29:
https://usn.ubuntu.com/3661-1/
Comment 3 David Walser 2018-06-10 20:18:19 CEST 
It looks like CVE-2017-5662 was fixed in 1.9, so Cauldron isn't affected.

Fedora has issued an advisory for this on June 9:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/5APJ7EBU6J7ETWEQ2NZHGZVGT6CNS2BL/
Comment 4 David Walser 2019-01-01 04:49:59 CET 
batik-1.10-1.mga7 uploaded for Cauldron by David Geiger.

Version: Cauldron => 6
Whiteboard: MGA6TOO => (none)

Comment 5 Mike Rambo 2019-11-06 13:28:12 CET 
Mageia 6 is EOL.

Resolution: (none) => OLD
CC: (none) => mrambo
Status: NEW => RESOLVED