From $URL : An XML eXternal Entity (XXE) flaw was found in the way Inkscape, a vector-based drawing program using SVG as its native file format performed rasterization of certain SVG images. A remote attacker could provide a specially-crafted SVG image that, when opened in inkscape would lead to arbitrary local file disclosure or denial of service. References: [1] https://bugs.launchpad.net/inkscape/+bug/1025185 [2] http://www.openwall.com/lists/oss-security/2012/12/17/6 [3] https://bugzilla.novell.com/show_bug.cgi?id=794958 Reproducer: [4] https://bugs.launchpad.net/inkscape/+bug/1025185/comments/1
Feel free to stabilize 0.48.4 which should contain a fix for the issue.
Arches, please test and mark stable: =media-gfx/inkscape-0.48.4 Target keywords : "amd64 hppa ppc ppc64 x86"
amd64 stable
ppc stable
ppc64 stable
Stable for HPPA.
x86 stable
Vulnerable version removed, please vote
GLSA vote: no.
GLSA Vote: no, too. Closing noglsa.