Bug 23081 - batik new security issues CVE-2017-5662 and CVE-2018-8013
Summary: batik new security issues CVE-2017-5662 and CVE-2018-8013
Status: RESOLVED OLD
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 6
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: Java Stack Maintainers
QA Contact: Sec team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-05-24 13:31 CEST by David Walser
Modified: 2019-11-06 13:28 CET (History)
1 user (show)

See Also:
Source RPM: batik-1.9-5.mga7.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2018-05-24 13:31:11 CEST 
Apache has issued an advisory on May 23:
http://openwall.com/lists/oss-security/2018/05/23/1

The issue is fixed upstream in 1.10.

Mageia 5 and Mageia 6 are also affected.
David Walser 2018-05-24 13:31:19 CEST

Whiteboard: (none) => MGA6TOO

Comment 1 David Walser 2018-06-08 22:12:46 CEST 
Debian has issued an advisory for this on June 2:
https://www.debian.org/security/2018/dsa-4215
David Walser 2018-06-08 22:13:19 CEST

Summary: batik new security issue CVE-2018-8013 => batik new security issues CVE-2017-5662 and CVE-2018-8013

Comment 2 David Walser 2018-06-08 22:27:26 CEST 
Ubuntu has issued an advisory for this on May 29:
https://usn.ubuntu.com/3661-1/
Comment 3 David Walser 2018-06-10 20:18:19 CEST 
It looks like CVE-2017-5662 was fixed in 1.9, so Cauldron isn't affected.

Fedora has issued an advisory for this on June 9:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/5APJ7EBU6J7ETWEQ2NZHGZVGT6CNS2BL/
Comment 4 David Walser 2019-01-01 04:49:59 CET 
batik-1.10-1.mga7 uploaded for Cauldron by David Geiger.

Version: Cauldron => 6
Whiteboard: MGA6TOO => (none)

Comment 5 Mike Rambo 2019-11-06 13:28:12 CET 
Mageia 6 is EOL.

Resolution: (none) => OLD
CC: (none) => mrambo
Status: NEW => RESOLVED
Note You need to log in before you can comment on or make changes to this bug.