Bug#724741: librsvg: CVE-2013-1881
Raphael Geissert
geissert at debian.org
Thu Nov 28 13:29:16 UTC 2013
Control: tag -1 patch
Hi,
Attached CVE-2013-1881* patches apply to librsvg in squeeze, with only
a partial origin policy (it ignores the location in the local fs).
Upstream's librsvg patches apply clean to the version in wheezy,
except that the gtk+3.0 patch needs some tweaks;
use_data_uris_for_symbolic_icons.patch does the same for the version
in wheezy.
Could you please prepare packages for O/SPU and coordinate with the
release team?
TIA.
Cheers,
--
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: CVE-2013-1881.policy.patch
Type: text/x-patch
Size: 2891 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20131128/2c1d2181/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: CVE-2013-1881.xmlentities.patch
Type: text/x-patch
Size: 1184 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20131128/2c1d2181/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: use_data_uris_for_symbolic_icons.patch
Type: text/x-patch
Size: 1559 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20131128/2c1d2181/attachment-0002.bin>
More information about the pkg-gnome-maintainers
mailing list