[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 477-1] librsvg security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : librsvg
Version        : 2.36.1-2+deb7u2
CVE ID         : CVE-2015-7558 CVE-2016-4347 CVE-2016-4348

(Note CVE-2016-4347 is a duplicate of CVE-2015-7558)

Two DoS in librsvg 2.40.2 parsing SVGs with circular definitions were
found (they will produce stack exhaustion) by Gustavo Grieco.

The version in wheezy (2.36.1-2+deb7u1) is also vulnerable.

For Debian 7 "Wheezy", these problems have been fixed in version
2.36.1-2+deb7u2.

We recommend that you upgrade your librsvg packages.
- -- 
Brian May <bam@debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXO58qAAoJEBeEV3+BH26svdAP/RZSQW8DoHDKPGtfaGmdPbmL
geX2flUOGm/2uTYyz8kq1sjtTtnmY8UT40tbQY8VyWGDQF7tVDzC39pco15miN+f
yR8Q+GzilvforjjCAgRpGO/jgr4xgq39GHke7vlAElC0Qt7RObOth8e1mI+bgylk
ztNSNLtCVI8OiX7lFXo+shgIx6ajLNf5Xw8smas+l4nwKjvQ3hJaYfvv1L0Pw7GY
6Kc8+SWHHPv52wK3GDOAY/D9zWPh2SjJw12E8CgsLbBIs7gXluXoOH8nBYhnpevI
GetBz94ONm0AYxWgWvqGdydskmglEaSLs6UwZFrSauBOZPXXrxRNdpq3HwRwmQ2K
qgiJiZ/6mD/vP80Rx11EhnY3hW46N8sv8/W9ggNch73EjSt7FeBa5UXu4hqdPyQy
3PE2T3tARdn+uBM2Su1zokbE7JtixxHq4zdbAfwSEsOHUMEp0VkdB5haQWKBojgq
LhQv1m05MWG2nu/2OQa2VJT9XaRpJXQ/3iHtm03kHS+Dw3UiZX1/3lYvqIrVGfkp
+iFB5cf5JNKkfpNFePB8Rb9BkRqggmIkEiunucK+UVXpy6UjnHuWDRsyhGt0L2NE
3eHshjfjtfV6S5Y2sY0uI7TN7DLibkVywz+BWYfVT/UEyJwSQQkJZcvPBykcOHkl
eAQA+EOptxBF525RyrVd
=Osyf
-----END PGP SIGNATURE-----


Reply to: