Home Explore Help
Sign In
PUBLIC_REPOS
/
buildroot
mirror of git://git.buildroot.net/buildroot
2
1
Fork 0
Files
Browse Source

package/librsvg: security bump to version 2.50.9

Fix CVE-2023-38633: A directory traversal problem in the URL decoder of
librsvg before 2.56.3 could be used by local or remote attackers to
disclose files (on the local filesystem outside of the expected area),
as demonstrated by href=".?../../../../../../../../../../etc/passwd" in
an xi:include element.

https://gitlab.gnome.org/GNOME/librsvg/-/blob/2.50.9/NEWS

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit e7988c7060d7d8b137d18721ef773ef266114690)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Fabrice Fontaine 1 year ago
parent
057beeb6af
commit
eb907f7764
2 changed files with 3 additions and 3 deletions
Split View Show Diff Stats
  1. 2 2
      package/librsvg/librsvg.hash
  2. 1 1
      package/librsvg/librsvg.mk

+ 2 - 2
package/librsvg/librsvg.hash
View File 

@@ -1,5 +1,5 @@
 
-# From https://download.gnome.org/sources/librsvg/2.50/librsvg-2.50.7.sha256sum
 
-sha256  fffb61b08cd5282aaae147a02b305166a7426fad22a8b9427708f0f2fc426ebc  librsvg-2.50.7.tar.xz
 
+# From https://download.gnome.org/sources/librsvg/2.50/librsvg-2.50.9.sha256sum
 
+sha256  518905fffa879b6c7f3db1aae961cf31333e0eadc7b4cdd4f531707868c54b53  librsvg-2.50.9.tar.xz
 
 
 # Locally computed
 
 sha256  dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551  COPYING.LIB

+ 1 - 1
package/librsvg/librsvg.mk
View File 

@@ -5,7 +5,7 @@
 
 ################################################################################
 
 
 LIBRSVG_VERSION_MAJOR = 2.50
 
-LIBRSVG_VERSION = $(LIBRSVG_VERSION_MAJOR).7
 
+LIBRSVG_VERSION = $(LIBRSVG_VERSION_MAJOR).9
 
 LIBRSVG_SITE = https://download.gnome.org/sources/librsvg/$(LIBRSVG_VERSION_MAJOR)
 
 LIBRSVG_SOURCE = librsvg-$(LIBRSVG_VERSION).tar.xz
 
 LIBRSVG_INSTALL_STAGING = YES