#18327 closed enhancement (fixed)
librsvg-2.56.3
| Reported by: | Douglas R. Reno | Owned by: | Douglas R. Reno |
|---|---|---|---|
| Priority: | elevated | Milestone: | 12.0 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description
New point version
Change History (6)
comment:1 by , 3 years ago
| Priority: | normal → elevated |
|---|
comment:3 by , 3 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:4 by , 3 years ago
The security vulnerability has been assigned CVE-2023-38633, and a proof-of-concept is in the Github issue that reads /etc/passwd: https://gitlab.gnome.org/GNOME/librsvg/-/issues/996
comment:5 by , 3 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Fixed at a2ada4045db8c85cdcfc71c1802cdee3adb20ffa
SA-11.3-063 issued.
Note:
See TracTickets
for help on using tickets.
Version 2.56.3
This is a security release for bug
#996.#996- Fix arbitrary file read when href has special characters.#998- Fix cascade for symbol elements being referenced from use elements.