Package "inkscape"

Name: inkscape


vector-based drawing program

Latest version:
Release: precise (12.04)
Level: updates
Repository: main
Homepage: http://www.inkscape.org/


Download "inkscape"

Other versions of "inkscape" in Precise

Repository Area Version
base main
security main


Version: 2013-01-30 17:07:04 UTC

  inkscape ( precise-security; urgency=low

  * SECURITY UPDATE: arbitrary file disclosure via XML external entity
    - debian/patches/CVE-2012-5656.patch: disable loading external entities
      in src/preferences-skeleton.h, src/ui/dialog/ocaldialogs.cpp,
    - CVE-2012-5656
  * SECURITY UPDATE: possible file loading from /tmp
    - debian/patches/CVE-2012-6076.patch: make sure filename is absolute
      in src/extension/implementation/script.cpp.
    - CVE-2012-6076
 -- Marc Deslauriers <email address hidden> Tue, 29 Jan 2013 13:39:18 -0500

CVE-2012-5656 The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML exter
CVE-2012-6076 inkscape reads .eps files from /tmp instead of the current directory

About   -   Send Feedback to @ubuntu_updates