Debian 10260 Published by

A librsvg security update has been released for Debian GNU/Linux 8 Extended LTS to address several issues in librsvg, a library for rendering SVG files.



ELA-248-1 librsvg security update

Package librsvg
Version 2.40.5-1+deb8u3
Related CVE CVE-2016-6163 CVE-2019-20446

Several issues have been fixed in librsvg, a library for rendering SVG files. This update corrects some denial of service via infinite loop or exponential element processing when parsing specially crafted files, as well as some memory safety issues.

For Debian 8 jessie, these problems have been fixed in version 2.40.5-1+deb8u3.

We recommend that you upgrade your librsvg packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/

  ELA-248-1 librsvg security update