Summary: | <gnome-base/librsvg-2.34.1: Node Type Handling Vulnerability (CVE-2011-3146) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | gnome |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secunia.com/advisories/45877/ | ||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2011-09-09 14:46:27 UTC
+*librsvg-2.34.1-r1 (09 Sep 2011) +*librsvg-2.34.1 (09 Sep 2011) + + 09 Sep 2011; Pacho Ramos <pacho@gentoo.org> -librsvg-2.34.0-r1.ebuild, + +librsvg-2.34.1.ebuild, +librsvg-2.34.1-r1.ebuild: + Version bump, remove old. + -> 2.34.1 is the candidate to stabilize as it doesn't need gtk3 yet Thanks, Pacho. Arches, please test and mark stable: =gnome-base/librsvg-2.34.1 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sh sparc x86" Archtested on x86: Everything fine amd64 ok Stable for HPPA. amd64/arm/x86 stable, thanks JD and Agostino alpha/ia64/sh/sparc stable ppc/ppc64 stable, last arch done Thanks, everyone. GLSA Vote: no (assuming this really isn't exploitable for anything other than a DoS). Vote: NO. Closing noglsa. CVE-2011-3146 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3146): librsvg before 2.34.1 uses the node name to identify the type of node, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference) and possibly execute arbitrary code via a SVG file with a node with the element name starting with "fe," which is misidentified as a RsvgFilterPrimitive. |