Univention Bugzilla – Bug 55193
librsvg: Multiple issues (5.0)
Last modified: 2022-09-13 17:50:22 CEST
New Debian librsvg 2.44.10-2.1+deb10u3 fixes: This update addresses the following issue: * Resource exhaustion via crafted SVG file with nested patterns (CVE-2019-20446)
--- mirror/ftp/pool/main/libr/librsvg/librsvg_2.44.10-2.1.dsc +++ apt/ucs_5.0-0-errata5.0-2/source/librsvg_2.44.10-2.1+deb10u3.dsc @@ -1,3 +1,21 @@ +2.44.10-2.1+deb10u3 [Sun, 20 Sep 2020 21:21:54 +0200] Emilio Pozuelo Monfort <pochu@debian.org>: + + * nalgebra-borrow-mutable-immutable.patch: + - Update checksum for cg.rs. + * cssparser-dont-assign-to-borrowed-variable.patch: + - Fix another build failure with rustc 1.41. + +2.44.10-2.1+deb10u2 [Sun, 20 Sep 2020 10:48:42 +0200] Emilio Pozuelo Monfort <pochu@debian.org>: + + * nalgebra-borrow-mutable-immutable.patch: fix build with rustc 1.41. + * Don-t-drop-nodes-recursively-to-avoid-stack-over.patch: fix stack + exhaustion due to recursion when freeing nodes, which caused FTBFS + on ppc64el and s390x with the newly introduced tests for CVE-2019-20446. + +2.44.10-2.1+deb10u1 [Wed, 22 Jul 2020 13:11:57 +0200] Emilio Pozuelo Monfort <pochu@debian.org>: + + * CVE-2019-20446: DoS via billion laughs attack. + 2.44.10-2.1 [Thu, 25 Apr 2019 15:55:18 -0400] Boyuan Yang <byang@debian.org>: * Non-maintainer upload. <http://piuparts.knut.univention.de/5.0-2/#8796638996583847140>
OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-2] 5e0dbee754 Bug #55193: librsvg 2.44.10-2.1+deb10u3 doc/errata/staging/librsvg.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x417>