ELA-248-1 librsvg security update

several vulnerabilities

2020-07-22
Packagelibrsvg
Version2.40.5-1+deb8u3
Related CVEs CVE-2016-6163 CVE-2019-20446

Several issues have been fixed in librsvg, a library for rendering SVG files. This update corrects some denial of service via infinite loop or exponential element processing when parsing specially crafted files, as well as some memory safety issues.

For Debian 8 jessie, these problems have been fixed in version 2.40.5-1+deb8u3.

We recommend that you upgrade your librsvg packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/