Bug 18880

Summary: librsvg new security issue CVE-2016-6163
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Mageia Bug Squad <bugsquad>
Status: RESOLVED INVALID QA Contact: Sec team <security>
Severity: normal    
Priority: Normal    
Version: 5   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: librsvg-2.40.13-1.mga5.src.rpm CVE:
Status comment:

Description David Walser 2016-07-06 15:48:11 CEST 
A CVE has been assigned for an issue fixed upstream in librsvg:
http://openwall.com/lists/oss-security/2016/07/05/9

Supposedly it can be used to crash Firefox and Chrome and it has been fixed in the newest version (2.40.16, already in Cauldron), but it is not clear which commit contains the fix.
Comment 1 David Walser 2016-07-06 15:50:00 CEST 
Now they've identified a potential fixing commit, but it is much earlier than 2.40.16 (and indeed earlier than 2.40.13, which we already have in Mageia 5):
http://openwall.com/lists/oss-security/2016/07/06/2

So nevermind on this one :o)

Status: NEW => RESOLVED
Resolution: (none) => INVALID