Register | Log in

librsvg

Choose email to subscribe with

general

source: librsvg (main)
version: 2.48.4+dfsg-1
maintainer: Debian GNOME Maintainers (archive) (DMD)
uploaders: Michael Biebl [DMD] – Tim Lunn [DMD] [DM] – Jeremy Bicha [DMD] – Laurent Bigonville [DMD]
arch: all any
std-ver: 4.5.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 2.40.5-1+deb8u2
o-o-sec: 2.40.5-1+deb8u2
oldstable: 2.40.16-1
stable: 2.44.10-2.1
testing: 2.48.4+dfsg-1
unstable: 2.48.4+dfsg-1

versioned links

2.40.5-1+deb8u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.40.16-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.44.10-2.1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.48.4+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

gir1.2-rsvg-2.0
librsvg2-2 (9 bugs: 0, 9, 0, 0)
librsvg2-bin (8 bugs: 0, 5, 3, 0)
librsvg2-common (3 bugs: 0, 3, 0, 0)
librsvg2-dev
librsvg2-doc

action needed

1 security issue in buster high

There is 1 open security issue in buster.

1 important issue:

CVE-2019-20446: In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially.

Please fix it.

Created: 2020-02-02 Last update: 2020-05-17 06:04

2 security issues in stretch high

There are 2 open security issues in stretch.

1 important issue:

CVE-2019-20446: In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially.

1 issue skipped by the security teams:

CVE-2017-11464: A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in GNOME librsvg 2.40.17 during an attempted parse of a crafted SVG file, because of incorrect protection against division by zero.

Please fix them.

Created: 2017-07-20 Last update: 2020-05-17 06:04

2 ignored security issues in jessie low

There are 2 open security issues in jessie.

2 issues skipped by the security teams:

CVE-2016-6163: The rsvg_pattern_fix_fallback function in rsvg-paint_server.c in librsvg2 2.40.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted svg file.
CVE-2019-20446: In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially.

Please fix them.

Created: 2016-07-06 Last update: 2020-05-17 06:04

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2018-11-03 Last update: 2018-11-03 22:18

news

[2020-05-17] librsvg 2.48.4+dfsg-1 MIGRATED to testing (Debian testing watch)
[2020-05-11] Accepted librsvg 2.48.4+dfsg-1 (source) into unstable (Simon McVittie)
[2020-05-05] Accepted librsvg 2.48.4-1 (source) into unstable (Olivier Tilloy) (signed by: Sebastien Bacher)
[2020-04-26] librsvg 2.48.3-1 MIGRATED to testing (Debian testing watch)
[2020-04-21] Accepted librsvg 2.48.3-1 (source) into unstable (Laurent Bigonville)
[2020-04-13] librsvg 2.48.2-1 MIGRATED to testing (Debian testing watch)
[2020-04-07] Accepted librsvg 2.48.2-1 (source) into unstable (Sebastien Bacher)
[2020-04-06] librsvg 2.48.0-2 MIGRATED to testing (Debian testing watch)
[2020-03-31] Accepted librsvg 2.48.0-2 (source) into unstable (Laurent Bigonville)
[2020-03-13] Accepted librsvg 2.48.0-1 (source) into experimental (Olivier Tilloy) (signed by: Sebastien Bacher)
[2020-03-02] Accepted librsvg 2.47.3-1 (source) into experimental (Olivier Tilloy) (signed by: Sebastien Bacher)
[2019-12-24] librsvg 2.46.4-1 MIGRATED to testing (Debian testing watch)
[2019-11-29] Accepted librsvg 2.46.4-1 (source) into unstable (Olivier Tilloy) (signed by: Sebastien Bacher)
[2019-10-07] Accepted librsvg 2.44.15-1 (source) into unstable (Simon McVittie)
[2019-08-14] librsvg 2.44.14-1 MIGRATED to testing (Debian testing watch)
[2019-08-14] librsvg 2.44.14-1 MIGRATED to testing (Debian testing watch)
[2019-08-12] Accepted librsvg 2.44.14-1 (source) into unstable (Simon McVittie)
[2019-05-01] librsvg 2.44.10-2.1 MIGRATED to testing (Debian testing watch)
[2019-04-28] Accepted librsvg 2.44.10-2.1 (source) into unstable (Boyuan Yang)
[2019-04-16] librsvg 2.44.10-2 MIGRATED to testing (Debian testing watch)
[2019-04-11] Accepted librsvg 2.44.10-2 (source) into unstable (Olivier Tilloy) (signed by: Iain Lane)
[2018-12-17] librsvg 2.44.10-1 MIGRATED to testing (Debian testing watch)
[2018-12-11] Accepted librsvg 2.44.10-1 (source) into unstable (Jeremy Bicha)
[2018-11-21] librsvg 2.44.9-1 MIGRATED to testing (Debian testing watch)
[2018-11-18] librsvg 2.44.8-3 MIGRATED to testing (Debian testing watch)
[2018-11-17] Accepted librsvg 2.44.9-1 (source) into unstable (Jeremy Bicha)
[2018-11-03] Accepted librsvg 2.44.8-3 (source) into unstable (Jeremy Bicha)
[2018-11-03] Accepted librsvg 2.44.8-2 (source) into experimental (Jeremy Bicha)
[2018-11-02] Accepted librsvg 2.44.8-1 (source) into experimental (Simon McVittie)
[2018-09-02] Accepted librsvg 2.44.2-1 (source) into experimental (Simon McVittie)

1
2

bugs [bug history graph]

all: 23 24
RC: 0
I&N: 18 19
M&W: 5
F&P: 0
patch: 0

links

homepage
buildd: logs, checks, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker
l10n (-, 100)
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 2.48.4+dfsg-1
33 bugs (1 patch)

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing