Package: librsvg / 2.40.5-1+deb8u2

Metadata

Package Version Patches format
librsvg 2.40.5-1+deb8u2 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
10_rsvg gz.patch | (download)

rsvg-gobject.c | 6 6 + 0 - 0 !
1 file changed, 6 insertions(+)

 revert abi breakage
 Provide the rsvg_handle_new_gz function.
 Do not provide the C prototype to force
 applications using it to use rsvg_handle_new instead.
20_rsvg_compat.patch | (download)

rsvg-convert.c | 27 23 + 4 - 0 !
1 file changed, 23 insertions(+), 4 deletions(-)

---
CVE 2015 7557.patch | (download)

rsvg-shapes.c | 14 13 + 1 - 0 !
1 file changed, 13 insertions(+), 1 deletion(-)

 bgo#738050 - handle the case where a list of coordinate pairs has an
 odd number of elements

Lists of points come in coordinate pairs, but we didn't have any checking for that.
It was possible to try to fetch the 'last' coordinate in a list, i.e. the y coordinate
of an x,y pair, that was in fact missing, leading to an out-of-bounds array read.

In that case, we now reuse the last-known y coordinate.

Fixes https://bugzilla.gnome.org/show_bug.cgi?id=738050

Signed-off-by: Federico Mena Quintero <federico@gnome.org>

CVE 2016 4348 state Store mask as reference.patch | (download)

rsvg-cairo-draw.c | 6 5 + 1 - 0 !
rsvg-mask.c | 17 0 + 17 - 0 !
rsvg-mask.h | 2 0 + 2 - 0 !
rsvg-styles.c | 12 8 + 4 - 0 !
rsvg-styles.h | 2 1 + 1 - 0 !
5 files changed, 14 insertions(+), 25 deletions(-)

 [patch] state: store mask as reference

Instead of immediately looking up the mask, store the reference and look
it up on use.

state Look up clip path lazily.patch | (download)

rsvg-cairo-draw.c | 56 34 + 22 - 0 !
rsvg-mask.c | 17 0 + 17 - 0 !
rsvg-mask.h | 2 0 + 2 - 0 !
rsvg-styles.c | 10 7 + 3 - 0 !
rsvg-styles.h | 2 1 + 1 - 0 !
5 files changed, 42 insertions(+), 45 deletions(-)

 [patch] state: look up clip path lazily


CVE 2015 7558_CVE 2016 4347 rsvg Add rsvg_acquire_node.patch | (download)

rsvg-base.c | 55 55 + 0 - 0 !
rsvg-cairo-draw.c | 15 11 + 4 - 0 !
rsvg-cairo-render.c | 1 1 + 0 - 0 !
rsvg-filter.c | 9 7 + 2 - 0 !
rsvg-private.h | 5 5 + 0 - 0 !
5 files changed, 79 insertions(+), 6 deletions(-)

 [patch] rsvg: add rsvg_acquire_node()

This function does proper recursion checks when looking up resources
from URLs and thereby helps avoiding infinite loops when cyclic
references span multiple types of elements.