Bug#869129: librsvg: CVE-2017-11464
Salvatore Bonaccorso
carnil at debian.org
Thu Jul 20 18:47:09 UTC 2017
On Thu, Jul 20, 2017 at 08:37:30PM +0200, Salvatore Bonaccorso wrote:
> Please adjust the affected versions in the BTS as needed.
AFAICT, the problematic code has been introduced while "This replaces
the blurring machinery with a real gaussian blur for small radiuses,
and fixes box blurs for large radiuses." with upstream commit and
included in 2.40.9. So jessie is not affected.
Please double-check.
Regards,
Salvatore
p.s.: adjusted severity, grave is not warranted here IMHO, and was an
error on my side while filling the bug. OTOH I have no access to
the upstream bug which might contain more relevant information.
More information about the pkg-gnome-maintainers
mailing list