This bug was fixed in the package librsvg - 2.52.5+dfsg-3ubuntu0.2
---------------
librsvg (2.52.5+dfsg-3ubuntu0.2) jammy-security; urgency=medium
* SECURITY UPDATE: Arbitrary file read when xinclude href has special
characters
- debian/patches/CVE-2023-38633.patch: validate URLs in
include/librsvg/rsvg.h, src/error.rs, src/lib.rs,
src/url_resolver.rs, tests/*.
- CVE-2023-38633
* Don't fail the build on tests error for i386 (LP: #1976259)
-- Marc Deslauriers <[email protected]> Fri, 28 Jul 2023
08:55:53 -0400
** Changed in: librsvg (Ubuntu)
Status: Triaged => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-38633
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to librsvg in Ubuntu.
https://bugs.launchpad.net/bugs/1976259
Title:
librsvg ftbfs in the jammy release pocket
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/librsvg/+bug/1976259/+subscriptions
--
desktop-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
