| Release | Version |
|---|---|
| stretch | 1.8-4+deb9u2 |
| stretch (security) | 1.8-4+deb9u1 |
| buster | 1.10-2+deb10u1 |
| bullseye | 1.12-4 |
| bookworm | 1.14-1 |
| sid | 1.14-1 |
| Bug | stretch | buster | bullseye | bookworm | sid | Description |
|---|---|---|---|---|---|---|
| CVE-2020-11987 | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | Apache Batik 1.13 is vulnerable to server-side request forgery, caused ... |
| Bug | Description |
|---|---|
| CVE-2019-17566 | Apache Batik is vulnerable to server-side request forgery, caused by i ... |
| CVE-2018-8013 | In Apache Batik 1.x before 1.10, when deserializing subclass of `Abstr ... |
| CVE-2017-5662 | In Apache Batik before 1.9, files lying on the filesystem of the serve ... |
| CVE-2015-0250 | XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) ... |
| CVE-2005-0508 | Unknown vulnerability in Squiggle for Batik before 1.5.1 allows attack ... |
| DSA / DLA | Description |
|---|---|
| DSA-4215-1 | batik - security update |
| DLA-1385-1 | batik - security update |
| DLA-926-1 | batik - security update |
| DSA-3205-1 | batik - security update |
| DLA-182-1 | batik - security update |