18880 – librsvg new security issue CVE-2016-6163

Bug 18880 - librsvg new security issue CVE-2016-6163

Summary: librsvg new security issue CVE-2016-6163

Status:	RESOLVED INVALID

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	5
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	Mageia Bug Squad
QA Contact:	Sec team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2016-07-06 15:48 CEST by David Walser
Modified:	2016-07-06 15:50 CEST (History)
CC List:	0 users

See Also:
Source RPM:	librsvg-2.40.13-1.mga5.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2016-07-06 15:48:11 CEST

A CVE has been assigned for an issue fixed upstream in librsvg:
http://openwall.com/lists/oss-security/2016/07/05/9

Supposedly it can be used to crash Firefox and Chrome and it has been fixed in the newest version (2.40.16, already in Cauldron), but it is not clear which commit contains the fix.

Comment 1 David Walser 2016-07-06 15:50:00 CEST

Now they've identified a potential fixing commit, but it is much earlier than 2.40.16 (and indeed earlier than 2.40.13, which we already have in Mageia 5):
http://openwall.com/lists/oss-security/2016/07/06/2

So nevermind on this one :o)

Status: NEW => RESOLVED
Resolution: (none) => INVALID

Note You need to log in before you can comment on or make changes to this bug.