CVE-2013-1881
Published: 9 October 2013
GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
Notes
Author | Note |
---|---|
mdeslaur | fixing this also requires a change to gtk+ in raring and earlier |
Priority
Status
Package | Release | Status |
---|---|---|
librsvg Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
precise |
Released
(2.36.1-0ubuntu1.1)
|
|
quantal |
Released
(2.36.3-0ubuntu1.1)
|
|
raring |
Ignored
(end of life)
|
|
saucy |
Released
(2.36.4-2ubuntu0.1)
|
|
upstream |
Released
(2.40.0-1)
|
|
Patches: upstream: https://git.gnome.org/browse/librsvg/commit/?id=d83e426fff3f6d0fa6042d0930fb70357db24125 upstream: https://git.gnome.org/browse/librsvg/commit/?id=f01aded72c38f0e18bc7ff67dee800e380251c8e upstream: https://git.gnome.org/browse/gtk+/commit/?id=86ecf54139874e5e2eee8bfd55b93e28f969bf72 upstream: https://git.gnome.org/browse/gtk+/commit/?id=7b4f82ccc6c180b809cd3b7b6582394ce741a14e upstream: https://git.gnome.org/browse/gtk+/commit/?id=3d602f5b0a67a7b515dc5add504e02e486aad70c |