Univention Bugzilla – Bug 51723
librsvg: Multiple issues (4.4)
Last modified: 2020-07-29 16:50:52 CEST
New Debian librsvg 2.40.21-0+deb9u1 fixes: This update addresses the following issues: * SIGFPE is raised in box_blur_line function of rsvg-filter.c (CVE-2017-11464) * Resource exhaustion via crafted SVG file with nested patterns (CVE-2019-20446)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/librsvg_2.40.16-1.dsc +++ apt/ucs_4.4-0-errata4.4-5/source/librsvg_2.40.21-0+deb9u1.dsc @@ -1,3 +1,12 @@ +2.40.21-0+deb9u1 [Wed, 22 Jul 2020 12:04:00 +0200] Emilio Pozuelo Monfort <pochu@debian.org>: + + * New upstream stable release. + * CVE-2019-20446: DoS via billion laughs attack. + * CVE-2017-11464: DoS via division-by-zero. + * Several crashes, leaks and rendering fixes. + * Revert some tests that fail due to slightly different text rendering + in stretch. + 2.40.16-1 [Mon, 13 Jun 2016 21:07:28 +0200] Michael Biebl <biebl@debian.org>: * New upstream release. <http://10.200.17.11/4.4-5/#6393518328468520218>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-5] fae7fb0d4c Bug #51723: librsvg 2.40.21-0+deb9u1 doc/errata/staging/librsvg.yaml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x664>