Bug#853134: CVE-2017-5617: svgSalamander

2017-02-03 Thread Sebastiaan Couwenberg
On 02/02/2017 07:09 PM, Sebastiaan Couwenberg wrote: > On 02/02/2017 07:44 AM, Sebastiaan Couwenberg wrote: >> On 02/01/2017 10:08 AM, Bas Couwenberg wrote: >>> On 2017-02-01 09:35, Bas Couwenberg wrote: Including the JOSM developers (josm-...@openstreetmap.org) is also a good idea, they

Bug#853134: CVE-2017-5617: svgSalamander

2017-02-02 Thread Sebastiaan Couwenberg
On 02/02/2017 07:44 AM, Sebastiaan Couwenberg wrote: > Control: tags -1 pending > > On 02/01/2017 10:08 AM, Bas Couwenberg wrote: >> On 2017-02-01 09:35, Bas Couwenberg wrote: >>> Including the JOSM developers (josm-...@openstreetmap.org) is also a >>> good idea, they (and Vincent Privat in

Bug#853134: CVE-2017-5617: svgSalamander

2017-02-01 Thread Sebastiaan Couwenberg
Control: tags -1 pending On 02/01/2017 10:08 AM, Bas Couwenberg wrote: > On 2017-02-01 09:35, Bas Couwenberg wrote: >> Including the JOSM developers (josm-...@openstreetmap.org) is also a >> good idea, they (and Vincent Privat in particular) have contributed >> patches to svgSalamander recently.

Bug#853134: CVE-2017-5617: svgSalamander

2017-02-01 Thread Bas Couwenberg
On 2017-02-01 09:35, Bas Couwenberg wrote: Including the JOSM developers (josm-...@openstreetmap.org) is also a good idea, they (and Vincent Privat in particular) have contributed patches to svgSalamander recently. I'll report the issue in the JOSM Trac since it also affects the embedded copy

Bug#853134: CVE-2017-5617: svgSalamander

2017-02-01 Thread Bas Couwenberg
Hi Felix, On 2017-02-01 09:13, Felix Natter wrote: there is a security vulnerability in svgSalamander: https://github.com/blackears/svgSalamander/issues/11 I've been following that issue since it popped up on by DMD TODO list. The problem occurs when including raster/svg images via . The

Bug#853134: CVE-2017-5617: svgSalamander

2017-02-01 Thread Felix Natter
hello d-gis/Bas, there is a security vulnerability in svgSalamander: https://github.com/blackears/svgSalamander/issues/11 The problem occurs when including raster/svg images via . The reporter says "How to fix - any schemes apart from data in the xlink:href attribute should be disallowed" -->