Bug#819243: jessie-pu, wheezy-pu: package librsvg/2.40.5-1 and librsvg/2.36.1-2
Santiago Ruano Rincón
santiagorr at riseup.net
Fri Mar 25 13:49:20 UTC 2016
Package: release.debian.org
Severity: normal
Tags: jessie, wheezy
User: release.debian.org at packages.debian.org
Usertags: pu
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi,
Please consider the following debdiffs to fix librsvg's CVE-2015-7557
for Jessie and Wheezy. This is a no-dsa bug, that could fit a point
release. It applies the following simple patch, that upstream proposed
against 2.40.6.
https://git.gnome.org/browse/librsvg/commit/rsvg-shapes.c?id=40af93e6eb1c94b90c3b9a0b87e0840e126bb8df
The patch was also applied in squeeze-lts.
Thanks,
Santiago
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJW9UHYAAoJEN5v/bjI1ki9aUAQAKBpOevzSdKuCDOpUAmTqZz8
6QN45GPNN8aS7ipPOlvJCAzCMQtI66TDzJs86JsWGH+f4SWaPnNi3StMKAg8oYVV
q3iH5sBMo11znbAyhZdp9JmgKwtp5EYMQfc7H8l7fTcokVzMdhi4Eabc3Mzy/hEl
XYPQ6o3ZkssOuRlQC1csWytrgyc7zGd4Vy5EfeGyVXmOFGYmwPZt2FytPO+xFT4B
03k4a1BF+JtubUgL6L/4c6zcJznTo143QKeYq7A1oPo5S4zFcXysw/0PqcEINZEl
A99lQ+Yy4QDOVIqOwckm5yGKsOUMmY+W6fGoCtBYgSYhIKGEcuAjpx5ceUhBkGA9
MvyOqsu3n7F2dPoEJcwaugU0qEuPu2BcZ3Wv2Wqpe6RxbyuJpMUrZtwvXJKrimMK
OY/ckfED3gjXJDyzLZK7pcH6YOGagwbHRiYgvh+Y96xxYk/lw0HH6QvBINaLBoeU
PWjMrKUS2JBJtxwbwgPUTjoJJY5YpTVtGG5Z5NvqFFeKWJECzFhb5avRorp540oz
0uTVCwBlHA6HbXNYfoa7d+0uhWdzwSxtdpNROEu05KDrkcirDsofxGW6gAbeh94z
BbGbhZiJWXXGq1WKkG3VIoUoZFOmNj2HSe7ixjLfZKDG0iMR/2RflgOSv7AF/O7B
Ux9JBz+B6YIMk8JcyeSD
=RZdT
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: librsvg_2.40.5-1+deb8u1.debdiff
Type: text/x-diff
Size: 2991 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20160325/abe80d0d/attachment.diff>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: librsvg_2.36.1-2+deb7u1.debdiff
Type: text/x-diff
Size: 3011 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20160325/abe80d0d/attachment-0001.diff>
More information about the pkg-gnome-maintainers
mailing list