UbuntuUpdates.org

Package "librsvg"

Name: librsvg

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • command-line utility to convert SVG files

Latest version: 2.52.5+dfsg-3ubuntu0.2
Release: jammy (22.04)
Level: security
Repository: universe

Links



Other versions of "librsvg" in Jammy

Repository Area Version
base main 2.52.5+dfsg-3
base universe 2.52.5+dfsg-3
security main 2.52.5+dfsg-3ubuntu0.2
updates main 2.52.5+dfsg-3ubuntu0.2
updates universe 2.52.5+dfsg-3ubuntu0.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.52.5+dfsg-3ubuntu0.2 2023-08-01 14:06:58 UTC

  librsvg (2.52.5+dfsg-3ubuntu0.2) jammy-security; urgency=medium

  * SECURITY UPDATE: Arbitrary file read when xinclude href has special
    characters
    - debian/patches/CVE-2023-38633.patch: validate URLs in
      include/librsvg/rsvg.h, src/error.rs, src/lib.rs,
      src/url_resolver.rs, tests/*.
    - CVE-2023-38633
  * Don't fail the build on tests error for i386 (LP: #1976259)

 -- Marc Deslauriers <email address hidden> Fri, 28 Jul 2023 08:55:53 -0400

1976259 librsvg ftbfs in the jammy release pocket
CVE-2023-38633 A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local



About   -   Send Feedback to @ubuntu_updates