1
PublicDateAtUSN: 2015-03-18
2
Candidate: CVE-2015-0250
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0250
6
http://seclists.org/oss-sec/2015/q1/864
7
https://usn.ubuntu.com/usn/usn-2548-1
9
XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG
10
conversion classes in Apache Batik 1.x before 1.8 allows remote attackers
11
to read arbitrary files or cause a denial of service via a crafted SVG
16
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780897
17
https://issues.apache.org/jira/browse/BATIK-1018
18
https://issues.apache.org/jira/browse/BATIK-1113
20
Discovered-by: Nicolas Gregoire and Kevin Schaller
24
upstream: https://svn.apache.org/viewvc?diff_format=h&view=revision&revision=1664335
25
upstream_batik: released (1.7+dfsg-5)
26
lucid_batik: ignored (reached end-of-life)
27
precise_batik: released (1.7.ubuntu-8ubuntu1.1)
28
trusty_batik: released (1.7.ubuntu-8ubuntu2.14.04.1)
29
utopic_batik: released (1.7.ubuntu-8ubuntu2.14.10.1)
30
devel_batik: released (1.7.ubuntu-8ubuntu3)