Publishing details
Changelog
librsvg (2.48.9-1ubuntu0.20.04.4) focal-security; urgency=medium
* SECURITY UPDATE: Arbitrary file read when xinclude href has special
characters
- debian/patches/CVE-2023-38633.patch: validate URLs in
librsvg/rsvg-handle.c, rsvg_internals/src/allowed_url.rs,
rsvg_internals/src/filters/component_transfer.rs, tests/*.
- debian/patches/fix_old_rust_compat.patch: fix compatibility with
older rust versions in rsvg_internals/src/allowed_url.rs.
- CVE-2023-38633
* Don't fail the build on tests error for i386
-- Marc Deslauriers <email address hidden> Fri, 28 Jul 2023 08:56:58 -0400
Builds
Built packages
-
gir1.2-rsvg-2.0
gir files for renderer library for SVG files
-
librsvg2-2
SAX-based renderer library for SVG files (runtime)
-
librsvg2-2-dbgsym
debug symbols for librsvg2-2
-
librsvg2-bin
command-line utility to convert SVG files
-
librsvg2-bin-dbgsym
debug symbols for librsvg2-bin
-
librsvg2-common
SAX-based renderer library for SVG files (extra runtime)
-
librsvg2-common-dbgsym
debug symbols for librsvg2-common
-
librsvg2-dev
SAX-based renderer library for SVG files (development)
-
librsvg2-doc
SAX-based renderer library for SVG files (documentation)
Package files