-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : librsvg Version : 2.36.1-2+deb7u2 CVE ID : CVE-2015-7558 CVE-2016-4347 CVE-2016-4348
(Note CVE-2016-4347 is a duplicate of CVE-2015-7558) Two DoS in librsvg 2.40.2 parsing SVGs with circular definitions were found (they will produce stack exhaustion) by Gustavo Grieco. The version in wheezy (2.36.1-2+deb7u1) is also vulnerable. For Debian 7 "Wheezy", these problems have been fixed in version 2.36.1-2+deb7u2. We recommend that you upgrade your librsvg packages. - -- Brian May <[email protected]> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJXO58qAAoJEBeEV3+BH26svdAP/RZSQW8DoHDKPGtfaGmdPbmL geX2flUOGm/2uTYyz8kq1sjtTtnmY8UT40tbQY8VyWGDQF7tVDzC39pco15miN+f yR8Q+GzilvforjjCAgRpGO/jgr4xgq39GHke7vlAElC0Qt7RObOth8e1mI+bgylk ztNSNLtCVI8OiX7lFXo+shgIx6ajLNf5Xw8smas+l4nwKjvQ3hJaYfvv1L0Pw7GY 6Kc8+SWHHPv52wK3GDOAY/D9zWPh2SjJw12E8CgsLbBIs7gXluXoOH8nBYhnpevI GetBz94ONm0AYxWgWvqGdydskmglEaSLs6UwZFrSauBOZPXXrxRNdpq3HwRwmQ2K qgiJiZ/6mD/vP80Rx11EhnY3hW46N8sv8/W9ggNch73EjSt7FeBa5UXu4hqdPyQy 3PE2T3tARdn+uBM2Su1zokbE7JtixxHq4zdbAfwSEsOHUMEp0VkdB5haQWKBojgq LhQv1m05MWG2nu/2OQa2VJT9XaRpJXQ/3iHtm03kHS+Dw3UiZX1/3lYvqIrVGfkp +iFB5cf5JNKkfpNFePB8Rb9BkRqggmIkEiunucK+UVXpy6UjnHuWDRsyhGt0L2NE 3eHshjfjtfV6S5Y2sY0uI7TN7DLibkVywz+BWYfVT/UEyJwSQQkJZcvPBykcOHkl eAQA+EOptxBF525RyrVd =Osyf -----END PGP SIGNATURE-----
