[SECURITY] [DLA 477-1] librsvg security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Package : librsvg
Version : 2.36.1-2+deb7u2
CVE ID : CVE-2015-7558 CVE-2016-4347 CVE-2016-4348
(Note CVE-2016-4347 is a duplicate of CVE-2015-7558)
Two DoS in librsvg 2.40.2 parsing SVGs with circular definitions were
found (they will produce stack exhaustion) by Gustavo Grieco.
The version in wheezy (2.36.1-2+deb7u1) is also vulnerable.
For Debian 7 "Wheezy", these problems have been fixed in version
2.36.1-2+deb7u2.
We recommend that you upgrade your librsvg packages.
- --
Brian May <bam@debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJXO58qAAoJEBeEV3+BH26svdAP/RZSQW8DoHDKPGtfaGmdPbmL
geX2flUOGm/2uTYyz8kq1sjtTtnmY8UT40tbQY8VyWGDQF7tVDzC39pco15miN+f
yR8Q+GzilvforjjCAgRpGO/jgr4xgq39GHke7vlAElC0Qt7RObOth8e1mI+bgylk
ztNSNLtCVI8OiX7lFXo+shgIx6ajLNf5Xw8smas+l4nwKjvQ3hJaYfvv1L0Pw7GY
6Kc8+SWHHPv52wK3GDOAY/D9zWPh2SjJw12E8CgsLbBIs7gXluXoOH8nBYhnpevI
GetBz94ONm0AYxWgWvqGdydskmglEaSLs6UwZFrSauBOZPXXrxRNdpq3HwRwmQ2K
qgiJiZ/6mD/vP80Rx11EhnY3hW46N8sv8/W9ggNch73EjSt7FeBa5UXu4hqdPyQy
3PE2T3tARdn+uBM2Su1zokbE7JtixxHq4zdbAfwSEsOHUMEp0VkdB5haQWKBojgq
LhQv1m05MWG2nu/2OQa2VJT9XaRpJXQ/3iHtm03kHS+Dw3UiZX1/3lYvqIrVGfkp
+iFB5cf5JNKkfpNFePB8Rb9BkRqggmIkEiunucK+UVXpy6UjnHuWDRsyhGt0L2NE
3eHshjfjtfV6S5Y2sY0uI7TN7DLibkVywz+BWYfVT/UEyJwSQQkJZcvPBykcOHkl
eAQA+EOptxBF525RyrVd
=Osyf
-----END PGP SIGNATURE-----
Reply to: