Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.4:Update
patchinfo.18072
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.18072
<patchinfo incident="18072"> <issue tracker="cve" id="2023-27586"/> <issue tracker="cve" id="2021-21236"/> <issue tracker="bnc" id="1180648">VUL-0: CVE-2021-21236: python-CairoSVG: regular expression denial of service (REDoS) when processing malicious SVG files</issue> <issue tracker="bnc" id="1209538">VUL-0: CVE-2023-27586: python-CairoSVG: SSRF & DOS vulnerability</issue> <packager>dgarcia</packager> <rating>moderate</rating> <category>security</category> <summary>Security update for python-CairoSVG</summary> <description>This update for python-CairoSVG fixes the following issues: - CVE-2023-27586: Don't allow fetching external files unless explicitly asked for. (boo#1209538) - Update to version 2.5.2 * Fix marker path scale - Update to version 2.5.1 (boo#1180648, CVE-2021-21236): * Security fix: When processing SVG files, CairoSVG was using two regular expressions which are vulnerable to Regular Expression Denial of Service (REDoS). If an attacker provided a malicious SVG, it could make CairoSVG get stuck processing the file for a very long time. * Fix marker positions for unclosed paths * Follow hint when only output_width or output_height is set * Handle opacity on raster images * Don’t crash when use tags reference unknown tags * Take care of the next letter when A/a is replaced by l * Fix misalignment in node.vertices - Updates for version 2.5.0. * Drop support of Python 3.5, add support of Python 3.9. * Add EPS export * Add background-color, negate-colors, and invert-images options * Improve support for font weights * Fix opacity of patterns and gradients * Support auto-start-reverse value for orient * Draw images contained in defs * Add Exif transposition support * Handle dominant-baseline * Support transform-origin </description> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor