http://git.gnome.org/browse/librsvg/commit/?id=34c95743ca692ea0e44778e41a7c0a129363de84: Store node type separately in RsvgNode The node name (formerly RsvgNode:type) cannot be used to infer the sub-type of RsvgNode that we're dealing with, since for unknown elements we put type = node-name. This lead to a (potentially exploitable) crash e.g. when the element name started with "fe" which tricked the old code into considering it as a RsvgFilterPrimitive. CVE-2011-3146 https://bugzilla.gnome.org/show_bug.cgi?id=658014 The updated packages have been patched to fix CVE-2011-3146.
Assignee: bugsquad => qa-bugs
Is there a poc to demonstrated the crash? I've confirmed that librsvg-2.32.1-1.1.mga1.src.rpm works with eog viewing .svg images on i586.
CC: (none) => davidwhodgins
Still need an x86-64 test for this security update. No poc, so just confirm it that svg images can be viewed, in for example eog.
Tested OK x86_64 with rsvg-view & eog Update validated. Advisory: ------------ This update has been issued to patch CVE-2011-3146 ------------ Source RPM: librsvg-2.32.1-1.1.mga1.src.rpm Could somebody from sysadmin please push from core/updates_testing to core/updates. Thankyou!
Keywords: (none) => validated_updateCC: (none) => eeeemail, sysadmin-bugs
Keywords: (none) => SecurityCC: (none) => stormi
Done. But the changelog was a little bit too terse :/ ( on the other hand, the gnome bug was not really clear ).
CC: (none) => misc
Of course, i forgot to close it .
Status: NEW => RESOLVEDResolution: (none) => FIXED
Hello, Tested on Mageia release 1 (Official) for x86_64 with rsvg-view,it's OK for me too.
CC: (none) => geiger.david68210