Bug#724741: marked as done (librsvg: CVE-2013-1881)

Debian Bug Tracking System Mon, 21 Oct 2013 05:22:06 -0700

Your message dated Mon, 21 Oct 2013 12:18:24 +0000
with message-id <[email protected]>
and subject line Bug#724741: fixed in librsvg 2.40.0-1
has caused the Debian Bug report #724741,
regarding librsvg: CVE-2013-1881
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
724741: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=724741
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: librsvg
Severity: important
Tags: security
Justification: user security hole

Please see
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1881
https://bugzilla.gnome.org/show_bug.cgi?id=691708

I don't think this warrants a DSA, if it gets fixed up in a point update
we need to make sure that GTK is fixed as well, see
https://bugzilla.redhat.com/show_bug.cgi?id=924414#c7

Cheers,
        Moritz

--- End Message ---

--- Begin Message ---

Source: librsvg
Source-Version: 2.40.0-1

We believe that the bug you reported is fixed in the latest version of
librsvg, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Biebl <[email protected]> (supplier of updated librsvg package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 21 Oct 2013 13:58:34 +0200
Source: librsvg
Binary: librsvg2-dev librsvg2-2 librsvg2-common librsvg2-doc librsvg2-dbg 
librsvg2-bin gir1.2-rsvg-2.0
Architecture: source all amd64
Version: 2.40.0-1
Distribution: unstable
Urgency: low
Maintainer: Josselin Mouette <[email protected]>
Changed-By: Michael Biebl <[email protected]>
Description: 
 gir1.2-rsvg-2.0 - gir files for renderer library for SVG files
 librsvg2-2 - SAX-based renderer library for SVG files (runtime)
 librsvg2-bin - command-line and graphical viewers for SVG files
 librsvg2-common - SAX-based renderer library for SVG files (extra runtime)
 librsvg2-dbg - SAX-based renderer library for SVG files (debug)
 librsvg2-dev - SAX-based renderer library for SVG files (development)
 librsvg2-doc - SAX-based renderer library for SVG files (documentation)
Closes: 724741
Changes: 
 librsvg (2.40.0-1) unstable; urgency=low
 .
   [ Michael Biebl ]
   * New upstream release.
     - Fixes local resource access vulnerability. Closes: #724741
       CVE-2013-1881
   * Refresh patches.
   * GTK2 support has been removed upstream. Drop Build-Depends on
     libgtk2.0-dev, libgtk2.0-doc and the now obsolete --disable-gtk-theme
     configure switch.
   * Bump Build-Depends on libgtk-3-dev to (>= 3.2.0).
   * Bump Build-Depends on libpango1.0-dev to (>= 1.36.0) to get the
     thread-safe version.
 .
   [ Laurent Bigonville ]
   * debian/control.in:
     - Use canonical URL for VCS-* fields
     - Update Homepage URL
     - Move source package to the "libs" Section
     - Remove duplicate Section, thanks to lintian
Checksums-Sha1: 
 816272e349526463e982137a2969425880e5e9ee 2720 librsvg_2.40.0-1.dsc
 eb915c9d963326e74be2e92fba4c4e9fbb06eefe 505300 librsvg_2.40.0.orig.tar.xz
 5c802beb74f35ea5c43cfb629377c52c52c0921a 15432 librsvg_2.40.0-1.debian.tar.gz
 18e96ff611e877d5ae9352a1ed586c773cac1bf8 183302 librsvg2-doc_2.40.0-1_all.deb
 d4ad4b3f2b6e2951032e1467168e25094b2fd868 260246 librsvg2-dev_2.40.0-1_amd64.deb
 3de87ab6a62e176102d37b65854ccf19a412dd43 243454 librsvg2-2_2.40.0-1_amd64.deb
 4d6bf2407846839fd7ddf5cd8dfaf57fa9ac54ac 167576 
librsvg2-common_2.40.0-1_amd64.deb
 a6cd3e27f09a63355659e01a300f92868d92c324 445452 librsvg2-dbg_2.40.0-1_amd64.deb
 94281d86c24f0c6ab477446b81861064f5d9f07f 177944 librsvg2-bin_2.40.0-1_amd64.deb
 960c918520916bbb5b473c0768331107b54ab249 166160 
gir1.2-rsvg-2.0_2.40.0-1_amd64.deb
Checksums-Sha256: 
 c461b33d3dac5cf7c637c1979e3f1483519dfa2e4fb5d6cd8b412163d896b7d0 2720 
librsvg_2.40.0-1.dsc
 8f7db31df235813dbd035888035cf862d682e7cc5706c4e7ec05750d3f64a2f9 505300 
librsvg_2.40.0.orig.tar.xz
 43920c390c6161180f390a5167037db67ba06795b8fd6bea3408a4575a220890 15432 
librsvg_2.40.0-1.debian.tar.gz
 f8eb65fb6d27b36f4509f36a4d7da9268db3221f8b9617ede8454a59dd30b277 183302 
librsvg2-doc_2.40.0-1_all.deb
 431b74022c0135a1a9067b224090efa699d4266a0b4cedb8639e1e221a2260d8 260246 
librsvg2-dev_2.40.0-1_amd64.deb
 689fb1dd84949309c0ddc9100cecad66d54136c6380c1108fa8b88bc88a3b9f2 243454 
librsvg2-2_2.40.0-1_amd64.deb
 a8f2e12dc953d0cf3f5d4001e79544c015b6e5fa21fe7548f600d7ee75d204fa 167576 
librsvg2-common_2.40.0-1_amd64.deb
 b31aba13ae4491136d92ec0f1f1dcf5e5f201258c498a68e4270a050e41bcb89 445452 
librsvg2-dbg_2.40.0-1_amd64.deb
 bef923f15979474ce3388205b36678cf253e3c303ab695bba9ea6c1fe91537c0 177944 
librsvg2-bin_2.40.0-1_amd64.deb
 f20cd10c31dfbf490fc86425914f0082b1c664719e3af4161bf234f92e746203 166160 
gir1.2-rsvg-2.0_2.40.0-1_amd64.deb
Files: 
 bde66e2522df64d0dc92daec893cec02 2720 libs optional librsvg_2.40.0-1.dsc
 e16a84e9a86a18e5ca6ba95c512db6c6 505300 libs optional 
librsvg_2.40.0.orig.tar.xz
 3fbb03fb861325aee41f7dfbdbefe0fd 15432 libs optional 
librsvg_2.40.0-1.debian.tar.gz
 1e86577a7f938e684d7e20c15ada0cb1 183302 doc optional 
librsvg2-doc_2.40.0-1_all.deb
 1761ef1b00853b2dedb3fa3d96a6a320 260246 libdevel optional 
librsvg2-dev_2.40.0-1_amd64.deb
 5cdcab978f4479d3c1bdd0de30f48329 243454 libs optional 
librsvg2-2_2.40.0-1_amd64.deb
 54c4867d7704f1e0fe13676f4c78e2eb 167576 libs optional 
librsvg2-common_2.40.0-1_amd64.deb
 d8f7a668fb5be6e317c38d0c92c9d9d2 445452 debug extra 
librsvg2-dbg_2.40.0-1_amd64.deb
 8eb471e9b78f42f6095d03bd3e4e9d02 177944 graphics optional 
librsvg2-bin_2.40.0-1_amd64.deb
 62b634a760509725363a38bda0d98554 166160 introspection optional 
gir1.2-rsvg-2.0_2.40.0-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQIcBAEBCAAGBQJSZRdlAAoJEGrh3w1gjyLc1YYQAJbgdWgk3Y3qnHjjoI3YW/Hc
aH5/FHnGvuHl+bmxUySCKH0O36PlESpZsS4g3dKB9sX8O+VsE5gbl/+dc72b/iBU
3AuPFvf8+a6k2QlrmmF2lAn1rrGiqs7hwNTC077uIfpR0y2iFQtZRuGCW7VRQabq
bJ0RYH1cpsGX3L2rj1Rzx+nVjerfanqURuzgvHrNqXBz1vt5BMpYsnZ2Z2xetmLM
k7WYkKTCdANrYyX/zLxedYngMwR/d+/ln10eCTXLVwGNyHwo23Hdy59CS+fs3nuc
EMVO6l4r9viZg4ETghrJa3Q9SYx9VQD8L04189mU2TI7VGCs+UK5pcpgMUSs4XBF
VBYqaFtbkYu4VhNxzzWqTiB7qVibmu+08lGr2bGPaGjziU7GRxt4npgz6j7IuGuw
XMAiOASI1XAA2T7pdgvyQVGZLUZxWzu9fE2QvELaBtfnUsm+GkPq5aPLp95NR7rT
TElgB8jcfEa2l5EgyEwMfAziBFyzotKotmTORfkmisRd0BwD01GwEMXUL3bVG0ri
rTeraoAcztEKRE98vObf4oH3Y3WM46w+CBHclSsUOWfST+lf4NjkdLldxLVSPWnD
XmH9ZP3HPQLMTIt4bnlpBuX0Cp6Oxrsq18UE7XDCSlfONCDHtAj5OVSSYeC+6EIZ
rNCPt0PggBeRX/QpE9ps
=71dr
-----END PGP SIGNATURE-----

--- End Message ---

Bug#724741: marked as done (librsvg: CVE-2013-1881)

Reply via email to