This bug was fixed in the package librsvg - 2.52.5+dfsg-3ubuntu0.2
--------------- librsvg (2.52.5+dfsg-3ubuntu0.2) jammy-security; urgency=medium
* SECURITY UPDATE: Arbitrary file read when xinclude href has special characters - debian/patches/CVE-2023-38633.patch: validate URLs in include/librsvg/rsvg.h, src/error.rs, src/lib.rs, src/url_resolver.rs, tests/*. - CVE-2023-38633 * Don't fail the build on tests error for i386 (LP: #1976259)
-- Marc Deslauriers <email address hidden> Fri, 28 Jul 2023 08:55:53 -0400
This bug was fixed in the package librsvg - 2.52.5+ dfsg-3ubuntu0. 2
--------------- dfsg-3ubuntu0. 2) jammy-security; urgency=medium
librsvg (2.52.5+
* SECURITY UPDATE: Arbitrary file read when xinclude href has special patches/ CVE-2023- 38633.patch: validate URLs in librsvg/ rsvg.h, src/error.rs, src/lib.rs, url_resolver. rs, tests/*.
characters
- debian/
include/
src/
- CVE-2023-38633
* Don't fail the build on tests error for i386 (LP: #1976259)
-- Marc Deslauriers <email address hidden> Fri, 28 Jul 2023 08:55:53 -0400