-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 22 Jul 2020 12:04:00 +0200 Source: librsvg Architecture: source Version: 2.40.21-0+deb9u1 Distribution: stretch-security Urgency: medium Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org> Changed-By: Emilio Pozuelo Monfort <pochu@debian.org> Changes: librsvg (2.40.21-0+deb9u1) stretch-security; urgency=medium . * New upstream stable release. * CVE-2019-20446: DoS via billion laughs attack. * CVE-2017-11464: DoS via division-by-zero. * Several crashes, leaks and rendering fixes. * Revert some tests that fail due to slightly different text rendering in stretch. Checksums-Sha1: 3762ff3320155c521e42734d00d89efdf342ee39 2783 librsvg_2.40.21-0+deb9u1.dsc 063d1ca696633d43c462e1ca3e8be3145559d954 1655860 librsvg_2.40.21.orig.tar.xz 7f451bb7499bfbc3ae445df97eb4bbce9760c92e 42376 librsvg_2.40.21-0+deb9u1.debian.tar.xz b09b03e227d23b6b89b55d49983288a520a83afc 6022 librsvg_2.40.21-0+deb9u1_source.buildinfo Checksums-Sha256: dbca72cff23e15aa52cc89dd01b73963de49ed73bc90bb9c5b77e43dbebb2e61 2783 librsvg_2.40.21-0+deb9u1.dsc f7628905f1cada84e87e2b14883ed57d8094dca3281d5bcb24ece4279e9a92ba 1655860 librsvg_2.40.21.orig.tar.xz e243444bfaee53567280da02d0a490e1990601aa85a69615b56635ffd25ad283 42376 librsvg_2.40.21-0+deb9u1.debian.tar.xz 7c0b8d6ef3bf4ee82303de0327e1b2a5d47f2718dc1078b5ed1f99b62548f75d 6022 librsvg_2.40.21-0+deb9u1_source.buildinfo Files: 86dc803567ea985e9c0657cb9a0871b4 2783 libs optional librsvg_2.40.21-0+deb9u1.dsc 66df60ef1909d6e24df8244042422a98 1655860 libs optional librsvg_2.40.21.orig.tar.xz 55ffa1c06c4a19a3f9e078afc0410e5f 42376 libs optional librsvg_2.40.21-0+deb9u1.debian.tar.xz b43c5538a2166d994e780c301ed69360 6022 libs optional librsvg_2.40.21-0+deb9u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl8YD+8ACgkQnUbEiOQ2 gwIEBQ//Tnv6cyLWfW4F7FvjPQzKKK7NA3KYSHe0MRE1AfgFCsDCbsh1+bMxHWwt ZrJdlAxe2p3IjPKCvg48CkdVYViea4OAujYjklTVCh3+JJ/YKR1giCfBD4gmcinp 1SLH802a4b8I49eO2KRU7HORW02TYT4V7KwJElfCxW+FoRmC+eA2G0XU+Iz/EiDT j0CQ6eURPHRC6q77XKC/fAval0xrS5tW/Mb/ujxCvUjYmSfzwd7gXls/3Gl0h0bU 3EHr6H40PbtOJzLXPQb2SVTaoLG2c5V3UkbKpKU0qpE+YWbguVVBYpSuyvNWG2pU ABS+YrcnXgQaFmKDxDoE4deCOn+rBSmaxe6NvKlVhxUhk5gw8OVV7s3uXfbnr8jt C3V7ksI8+TMG2AvFkbBa8wP2awpUakm21n+y9ah0XPl/5bEm+xTAYbXAYfrx8NST rCqxF4DzuNTSynKijO6iZpPVWuYPiIW1u+toAvgGpJoltDGdACLlrTv1sERAp3JV MJ8bsBGfyRzKd9hSnbDUQUp4LG7KKr82qN0pa9Hxf2tuDmWG3eybW/wHKI3vE63c N6ggC935Wpp0vpKQU7HMtHC7gVGR+4+GGcIUBoVyooh8/N+B4vfsQv6nR/Egnmzj ffgsO/+IDYFp/HnashkyD6Hak0QseujkLQipUdiBrQR3MjJP2sM= =G296 -----END PGP SIGNATURE-----