From https://bugzilla.redhat.com/show_bug.cgi?id=1331725: A denial of service flaw was found in the way the librsvg2 library parsed SVG files. A specially crafted SVG file with circular definitions could cause an application using librsvg2 to crash. This flaw is in the _rsvg_css_normalize_font_size() function. Reference (including reproducer): http://seclists.org/oss-sec/2016/q2/161 From https://bugzilla.redhat.com/show_bug.cgi?id=1331724: A denial of service flaw was found in the way the librsvg2 library parsed SVG files. A specially crafted SVG file with circular definitions could cause an application using librsvg2 to crash. This flaw is in the rsvg_cairo_pop_discrete_layer(), rsvg_cairo_pop_render_stack(), and rsvg_cairo_generate_mask() functions. Reference (including reproducer): http://seclists.org/oss-sec/2016/q2/161 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
*** Bug 582410 has been marked as a duplicate of this bug. ***
All should be solved in .15 version: http://seclists.org/oss-sec/2016/q2/175
Stable for HPPA PPC64.
amd64 stable
x86 stable
arm stable
Stable on alpha.
ppc stable
sparc stable
ia64 stable. Maintainer(s), please cleanup. Security, please vote.
Please clean version 2.40.11 so we can close this. GLSA Vote: No
Please clean vulnerable version from tree.
Cleanup PR: https://github.com/gentoo/gentoo/pull/3395
(In reply to Thomas Deutschmann from comment #13) > Cleanup PR: https://github.com/gentoo/gentoo/pull/3395 Could have just poked me on IRC about it or something. PRs for removals are rather useless, especially for people who don't fully embrace GH workflow. I'd have to add a remote just for some git rm's, instead of just telling what to remove, of course that'd keep authorship, but... Anyhow, removed now. Note that your PR failed to remove a now stale patch, so I ignored the PR, feel free to close that separately as obsolete or whatever is appropriate there.
Cleanup via 3a8123f9e813cdc722aed971c6a8fdfea313e13c @ Maintainer(s): Thank you!