Bug 28491

Summary: batik new security issue CVE-2020-11987
Product: Mageia Reporter: Nicolas Lécureuil <mageia>
Component: SecurityAssignee: Java Stack Maintainers <java>
Status: RESOLVED DUPLICATE QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: luigiwalser, ouaurelien
Version: 7   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: batik-1.10-1.mga7.src.rpm CVE: CVE-2020-11987
Status comment: Fixed upstream in 1.14
Bug Depends on: 28439    
Bug Blocks: 26800    

Description Nicolas Lécureuil 2021-02-28 17:23:47 CET 
+++ This bug was initially created as a clone of Bug #28439 +++

Apache has issued an advisory on February 24:
https://www.openwall.com/lists/oss-security/2021/02/24/2

The issue is fixed upstream in 1.14:
https://xmlgraphics.apache.org/security.html

Mageia 7 and Mageia 8 are also affected.
Comment 1 Aurelien Oudelet 2021-02-28 20:27:11 CET 
Assigning to Java stack maintainers.

CVE: (none) => CVE-2020-11987
CC: (none) => ouaurelien
Assignee: bugsquad => java

Aurelien Oudelet 2021-02-28 20:27:36 CET

CC: java => (none)

David Walser 2021-03-01 17:41:24 CET

Summary: batik new security issue CVE-2020-11987 (for mageia 7 ) => batik new security issue CVE-2020-11987
Blocks: 28479 => 26800

David Walser 2021-03-01 17:41:56 CET

Source RPM: batik-1.13-1.mga8.src.rpm => batik-1.10-1.mga7.src.rpm
Status comment: (none) => Fixed upstream in 1.14

David Walser 2021-03-01 17:44:14 CET

CC: mageia, security => (none)

Comment 2 Nicolas Lécureuil 2021-03-14 09:44:51 CET 
closing as dupplicate as we will adresse the 2 CVE in the same bugreport.

*** This bug has been marked as a duplicate of bug 26800 ***

Resolution: (none) => DUPLICATE
Status: NEW => RESOLVED

Comment 3 David Walser 2021-03-14 15:11:08 CET 
Wrong bug.

*** This bug has been marked as a duplicate of bug 28439 ***