Merge with Debian's 2.54.7
Bug #2031086 reported by
Nathan Teodosio
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
librsvg (Ubuntu) |
Won't Fix
|
Wishlist
|
Nathan Teodosio |
Bug Description
CVE-2023-
Builds succeed[1] dropping delta on debian/rules; Debian's changes suffice.
Also keeping Debian's hunk refreshes on patches.
[1] https:/
To post a comment you must log in.
While the merge looks great from a sponsoring perspective I'm curious about what is the reasoning behind doing this merge? From what I can tell the new version has multiple tests disabled and does not include any changes which would benefit users or developers. (Our version of librsvg already has the security fix included.) In my opinion holding off until Debian bug 1038447 is fixed would make sense.
diff -Nru librsvg- 2.54.5+ dfsg/NEWS librsvg- 2.54.7+ dfsg/NEWS 2.54.5+ dfsg/NEWS 2022-08-26 21:06:23.000000000 +0200 2.54.7+ dfsg/NEWS 2023-07-23 01:48:21.000000000 +0200
--- librsvg-
+++ librsvg-
@@ -1,3 +1,15 @@
+Version 2.54.7
+==============
+
+- Fix compilation on rustc < 1.58.
+
+Version 2.54.6
+==============
+
+This is a security release for bug #996.
+
+- #996 - Fix arbitrary file read when href has special characters.
+
...