Ubuntu
librsvg package

Regression in USN-4436-1

Xenial (16.04)
Bug #1889206

Bug #1889206 reported by Marc Deslauriers on 2020-07-28

272

This bug affects 4 people

	Status	Importance	Assigned to
librsvg	Fix Released	Unknown	auto-gitlab.gnome.org-gnome-librsvg-- #612
librsvg (Ubuntu)
Xenial	Fix Released	Undecided	Marc Deslauriers
Bionic	Fix Released	Undecided	Marc Deslauriers

Bug Description

The security fix for librsvg introduced a regression in aisleriot.

Steps to reproduce:

1- install gnome-cards-data
2- run "sol" to start Aislerot
3- Switch card layout to "Anglo"
4- Notice some cards are missing graphics

CVE References

2019-20446

Marc Deslauriers (mdeslaur) on 2020-07-28

Changed in librsvg (Ubuntu Xenial):
assignee:	nobody → Marc Deslauriers (mdeslaur)
Changed in librsvg (Ubuntu Bionic):
assignee:	nobody → Marc Deslauriers (mdeslaur)
Changed in librsvg (Ubuntu Xenial):
status:	New → Confirmed
Changed in librsvg (Ubuntu Bionic):
status:	New → Confirmed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2020-07-28:

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in librsvg (Ubuntu):
status:	New → Confirmed

Revision history for this message

Marc Deslauriers (mdeslaur) wrote on 2020-07-28:

Can also be tested by running "eog /usr/share/aisleriot/cards/anglo.svgz". See attached screenshot.

Revision history for this message

Marc Deslauriers (mdeslaur) wrote on 2020-07-28:

eog displaying issue rendering anglo cardset Edit (180.8 KiB, image/png)

Revision history for this message

Launchpad Janitor (janitor) wrote on 2020-07-29:

This bug was fixed in the package librsvg - 2.40.13-3ubuntu0.2

---------------
librsvg (2.40.13-3ubuntu0.2) xenial-security; urgency=medium

  * SECURITY UPDATE: Regression when parsing Aisleriot cards (LP: #1889206)
    - debian/patches/CVE-2019-20446-*.patch: removed pending a complete
      fix.
    - debian/librsvg2-2.symbols: removed symbol.

-- Marc Deslauriers <email address hidden> Tue, 28 Jul 2020 19:40:39 -0400

Changed in librsvg (Ubuntu Xenial):
status:	Confirmed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2020-07-29:

This bug was fixed in the package librsvg - 2.40.20-2ubuntu0.2

---------------
librsvg (2.40.20-2ubuntu0.2) bionic-security; urgency=medium

-- Marc Deslauriers <email address hidden> Tue, 28 Jul 2020 18:58:19 -0400

Changed in librsvg (Ubuntu Bionic):
status:	Confirmed → Fix Released

Marc Deslauriers (mdeslaur) on 2020-07-29

Changed in librsvg (Ubuntu):
status:	Confirmed → Invalid

Mathew Hodson (mhodson) on 2020-08-01

no longer affects:

librsvg (Ubuntu)

Bug Watch Updater (bug-watch-updater) on 2022-05-20

Changed in librsvg:
status:	Unknown → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

Duplicates of this bug

Bug #1889425

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

eog displaying issue rendering anglo cardset Edit

Add attachment

Remote bug watches

auto-gitlab.gnome.org-gnome-librsvg-- #612
[closed 3. Out of Scope] Edit

Bug watches keep track of this bug in other bug trackers.

Ubuntulibrsvg package

Regression in USN-4436-1

Bug Description

CVE References

Duplicates of this bug

Other bug subscribers

Bug attachments

Remote bug watches

Ubuntu
librsvg package