[SECURITY] [DLA 3376-1] svgpp security update

To: <debian-lts-announce@lists.debian.org>
Subject: [SECURITY] [DLA 3376-1] svgpp security update
From: Anton Gladky <gladk@debian.org>
Date: Sat, 1 Apr 2023 18:15:18 +0200
Message-id: <[🔎] 20230401161722.EA68B4A02B0@localhost.localdomain>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3376-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                         Anton Gladky
March 31, 2023                                https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : svgpp
Version        : 1.2.3+dfsg1-6+deb10u1
CVE ID         : CVE-2019-6245 CVE-2019-6247 CVE-2021-44960

Multiple security issues were discovered in svgpp: a C++ library for parsing and
rendering Scalable Vector Graphics (SVG) files.

CVE-2021-44960
   The XMLDocument::getRoot function in the renderDocument function handled the
   XMLDocument object improperly. Specifically, it returned a null pointer
   prematurely at the second if statement, resulting in a null pointer
   reference behind the renderDocument function.

CVE-2019-6245 and CVE-2019-6247:
   issues were discovered in Anti-Grain Geometry (AGG) within the function
   agg::cell_aa::not_equal. Since svgpp is a header-only library, the issue is
   only transitive in theory. As a result, only a dependency version hardening
   has been added to the control file.

For Debian 10 buster, these problems have been fixed in version
1.2.3+dfsg1-6+deb10u1.

We recommend that you upgrade your svgpp packages.

For the detailed security status of svgpp please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/svgpp

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEu71F6oGKuG/2fnKF0+Fzg8+n/wYFAmQoWJMACgkQ0+Fzg8+n
/wb9exAAl1LsKmtRibU1i6ffoQQkdzYr++yGd/4HP6IgU6DGn7/1mWMZOI5sRqVr
Xf7/aIO/E90LhflKQlLD9U/CIVRv1I8IoOnx+FzgO04sbAhgStE95BK8G2ecWQFj
f2oSFEnLcpS3V1Axad5WQGTfzphKCUMbN9o3McFvirhYQIPyKTGQrf0OopYK/bYA
SHNLuIP4MpasTcdjCpEXWCO6HqM7hhRYxxKf5oWhJtCuP3WfIL2P5sdrYr4ZevSj
8snonvzqK4DCLIDy/N0XIwDuKfotFl9h42fmqJbHKNdBu1jaLYL8xqkgu6/NyvTf
MiqJRA/JS3AG1yYv58R0/tOmJcIigCbSFE3TPvHSLmVeIAMQdfdVaS1Nq/NO5405
/ouj4lQhFSklh5WkhnJQp9F9tA/dICTMGcoY8OZUhY07Jp3OPHqOCIXC1+q2gwd2
baBTiUNE0rVs726mLZoghKnGNugsWSCOjLJWDq5zAXlWo6XCzEwkwEZR5Ge8wATd
i69ZORt5O5DsPmfFSGpKyplr/VAmgHrUzUxusiNcpBTVJ6Ips4jGRZ8u6VRh6+dE
5Lsqg3CZo9YGnnH/kmOLni7iBb4pbml97MmjG90QH8q2QaAgQ/32S5v756dBSWdc
uXX2Yh29CxXOnhdEsgzcnkIrbNfzXgjBKX1X4ucFA9UlZyxZAxI=
=Ogx9
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3379-1] intel-microcode security update
Next by Date: [SECURITY] [DLA 3380-1] firmware-nonfree LTS new upstream version (security updates and newer firmware for Linux 5.10)
Previous by thread: [SECURITY] [DLA 3379-1] intel-microcode security update
Next by thread: [SECURITY] [DLA 3380-1] firmware-nonfree LTS new upstream version (security updates and newer firmware for Linux 5.10)
Index(es):
- Date
- Thread