[librsvg/librsvg-2.42: 8/8] Bump version to 2.42.8
- From: Federico Mena Quintero <federico src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [librsvg/librsvg-2.42: 8/8] Bump version to 2.42.8
- Date: Tue, 25 Feb 2020 23:15:45 +0000 (UTC)
commit 6c1c962f063f36b6c317e08af5af77a861e789ae
Author: Federico Mena Quintero <federico gnome org>
Date: Tue Feb 25 16:57:00 2020 -0600
Bump version to 2.42.8
NEWS | 10 ++++++++++
configure.ac | 2 +-
2 files changed, 11 insertions(+), 1 deletion(-)
---
diff --git a/NEWS b/NEWS
index 6e598068..93bb40c7 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,13 @@
+Version 2.42.8
+- CVE-2019-20446 - Backport the following fixes from 2.46.x:
+
+- #515 - Librsvg now has limits on the number of loaded XML elements,
+ and the number of referenced elements within an SVG document. This
+ is to mitigate malicious SVGs which try to consume all memory, and
+ those which try to consume an exponential amount of CPU time.
+
+- #308 - Fix stack exhaustion with circular references in <use> elements.
+
Version 2.42.7
- #323 - Fix a denial-of-service condition from exponential explosion
of rendered elements, through nested use of SVG "use" elements in
diff --git a/configure.ac b/configure.ac
index 6a24c4a2..b3ab87db 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,6 +1,6 @@
m4_define([rsvg_major_version],[2])
m4_define([rsvg_minor_version],[42])
-m4_define([rsvg_micro_version],[7])
+m4_define([rsvg_micro_version],[8])
m4_define([rsvg_extra_version],[])
m4_define([rsvg_version],[rsvg_major_version.rsvg_minor_version.rsvg_micro_version()rsvg_extra_version])
m4_define([rsvg_lt_version_info],m4_eval(rsvg_major_version +
rsvg_minor_version):rsvg_micro_version:rsvg_minor_version)
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]