-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 21 Jul 2017 10:18:29 +0200 Source: librsvg Binary: librsvg2-dev librsvg2-2 librsvg2-common librsvg2-doc librsvg2-bin gir1.2-rsvg-2.0 Architecture: source Version: 2.40.18-1 Distribution: unstable Urgency: medium Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers@lists.alioth.debian.org> Changed-By: Emilio Pozuelo Monfort <pochu@debian.org> Description: gir1.2-rsvg-2.0 - gir files for renderer library for SVG files librsvg2-2 - SAX-based renderer library for SVG files (runtime) librsvg2-bin - command-line and graphical viewers for SVG files librsvg2-common - SAX-based renderer library for SVG files (extra runtime) librsvg2-dev - SAX-based renderer library for SVG files (development) librsvg2-doc - SAX-based renderer library for SVG files (documentation) Closes: 869129 Changes: librsvg (2.40.18-1) unstable; urgency=medium . * New upstream release. + Fixes CVE-2017-11464: division by zero caused when parsing especially crafted SVG files. Closes: #869129. * librsvg2-common.install: install the thumbnailer spec file. It goes in the pixbuf loader package (-common) as it can't be used without it. Checksums-Sha1: f7844df281e8cd5caabacb42f43f269e1f13d76d 2795 librsvg_2.40.18-1.dsc 7b2ef7dd55daae92a0b8fcb0a8b42aeb5246afa9 574384 librsvg_2.40.18.orig.tar.xz e2d05147490465f6c73c17f2e5f2ee278b7e7d8e 14464 librsvg_2.40.18-1.debian.tar.xz ddcf85a5cc0e9d70c921530841781176c02088b9 12948 librsvg_2.40.18-1_source.buildinfo Checksums-Sha256: 7667f59db269b54ddb44e435a6e4b69139f62ea59c0e32dd81a18139eddd9d19 2795 librsvg_2.40.18-1.dsc bfc8c488c89c1e7212c478beb95c41b44701636125a3e6dab41187f1485b564c 574384 librsvg_2.40.18.orig.tar.xz 29b5747a7208268ceed3ccd5432b2379ee5937ba3fce4fbb1d41ffbf7de3f792 14464 librsvg_2.40.18-1.debian.tar.xz 34550622dc87e0701f7e5410f9e3ec59ad86e5b3dfbd939a9b25d89e99e971d1 12948 librsvg_2.40.18-1_source.buildinfo Files: 30818a519ab31aacc09ca231880e4056 2795 libs optional librsvg_2.40.18-1.dsc eaa5c8a8bbe2600ab5194c0d3b1b621b 574384 libs optional librsvg_2.40.18.orig.tar.xz 2e93141fbd087bf30470cbd733b29576 14464 libs optional librsvg_2.40.18-1.debian.tar.xz aef911d53564ac8be0a0b54651aa2d2e 12948 libs optional librsvg_2.40.18-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAllxvMQACgkQnUbEiOQ2 gwKzdxAAzS1Cjsk88rjXoPJ7BPKQAnexFe/n/BgEpEh6z6aZPd9kim/Kt28yjRgN QlYABUG9Uqy3cG8HuYmcl84yVIpgEXgJUTqx30GpoNalCqB8X4Mi+tS6frs7qZj0 CMirDnlRrcOee7R23GGeFz39Ajcr5FdjVSkT2Zbor6EiS4zDfuLcaRwYxm8hHA7Y uQ031Ck9vk0RZ2+4JNsCEnuzJ9xbyxxwK1b+ZjiixYmMeoOEfyjgfSCChHGXvNtI ZUy9XC+bCQkXEJvAl6q85cdsj9/pJDg/6b2gC0naHJa0iUnoa03qPBeeouADkhI0 cS1ZwfAJshPvCfnU/m22r/BRJGWOZKYkrzFum+UQkvIBrcdcSvQ6fj6S+ZKo/omn Kegmm2C5qYBltn1BhLE32cqssyqHHciVPfUNNVmU3ofaziT0VvNdUCqQIb5kJNxx j5Lq5PF2ai6FWSzmiFx1g5BUI5tGNqo4w+VEJxKtnU90BFI8MKDid6Ks/c9HfoUU uc6DzAxyx6sb6ek+CSESS51QCJM8ytba6Pst0Nkd6IJ7nQKHygwR5QJAUuBh5FBT LS1Sk4mEnPDddsI08KIjefaM/N6bEEyCI5Gwoo7FgG74pHKYdaTjE1ea9JeJVjdB l0irnsMjsCHcoKvjQfWGywyG7Am54J5p5wlck3tRKE2Akdi8iS4= =YlDJ -----END PGP SIGNATURE-----
