diff options
-rw-r--r-- | NEWS | 10 | ||||
-rw-r--r-- | configure.ac | 2 |
2 files changed, 11 insertions, 1 deletions
@@ -1,3 +1,13 @@ +Version 2.42.8 +- CVE-2019-20446 - Backport the following fixes from 2.46.x: + +- #515 - Librsvg now has limits on the number of loaded XML elements, + and the number of referenced elements within an SVG document. This + is to mitigate malicious SVGs which try to consume all memory, and + those which try to consume an exponential amount of CPU time. + +- #308 - Fix stack exhaustion with circular references in <use> elements. + Version 2.42.7 - #323 - Fix a denial-of-service condition from exponential explosion of rendered elements, through nested use of SVG "use" elements in diff --git a/configure.ac b/configure.ac index 6a24c4a2..b3ab87db 100644 --- a/configure.ac +++ b/configure.ac @@ -1,6 +1,6 @@ m4_define([rsvg_major_version],[2]) m4_define([rsvg_minor_version],[42]) -m4_define([rsvg_micro_version],[7]) +m4_define([rsvg_micro_version],[8]) m4_define([rsvg_extra_version],[]) m4_define([rsvg_version],[rsvg_major_version.rsvg_minor_version.rsvg_micro_version()rsvg_extra_version]) m4_define([rsvg_lt_version_info],m4_eval(rsvg_major_version + rsvg_minor_version):rsvg_micro_version:rsvg_minor_version) |