Wheezy update of librsvg?
Brian May
bam at debian.org
Wed May 11 23:50:46 UTC 2016
Hello,
I have patched librsvg to fix the security issues in librsvg in Debian
wheezy. As attached.
I note that security-tracker for CVE-2015-7558 says the patch
a51919f7e1ca9c535390a746fbf6e28c8402dc61 is "Too intrusive to backport",
which is the same patch that fixes CVE-2016-4347. As in in fixes the
problems with the given exploit.
(note I haven't found an exploit for CVE-2015-7558 yet so haven't been
able to positively prove that the patch does fix this just yet; I have a
suspicion that CVE-2015-7558 and CVE-2016-4347 might be the same issue
however)
commit a51919f7e1ca9c535390a746fbf6e28c8402dc61
Author: Benjamin Otte <otte at redhat.com>
Date: Wed Oct 7 08:45:37 2015 +0200
rsvg: Add rsvg_acquire_node()
This function does proper recursion checks when looking up resources
from URLs and thereby helps avoiding infinite loops when cyclic
references span multiple types of elements.
I had no problems backporting it. I did have to apply another patch
first:
commit 6cfaab12c70cd4a34c4730837f1ecdf792593c90
Author: Benjamin Otte <otte at redhat.com>
Date: Wed Oct 7 07:57:39 2015 +0200
state: Look up clip path lazily
As these patches applied cleanly (with a bit of fuzz) to librsvg in
Wheezy, I imagine they will apply equally as cleanly to librsvg in
Jessie. Hence the reason for CCing the security team.
Wheezy packages for testing are available here:
https://people.debian.org/~bam/debian/pool/main/libr/librsvg/
The patch is attached.
Any comments??
Thanks
--
Brian May <bam at debian.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: librsvg.patch
Type: text/x-diff
Size: 17336 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20160512/03c7ec46/attachment-0001.patch>
More information about the pkg-gnome-maintainers
mailing list