[librsvg/librsvg-2.42: 8/8] Bump version to 2.42.8

From: Federico Mena Quintero <federico src gnome org>
To: commits-list gnome org
Cc:
Subject: [librsvg/librsvg-2.42: 8/8] Bump version to 2.42.8
Date: Tue, 25 Feb 2020 23:15:45 +0000 (UTC)

commit 6c1c962f063f36b6c317e08af5af77a861e789ae
Author: Federico Mena Quintero <federico gnome org>
Date:   Tue Feb 25 16:57:00 2020 -0600

    Bump version to 2.42.8

 NEWS         | 10 ++++++++++
 configure.ac |  2 +-
 2 files changed, 11 insertions(+), 1 deletion(-)
---
diff --git a/NEWS b/NEWS
index 6e598068..93bb40c7 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,13 @@
+Version 2.42.8
+- CVE-2019-20446 - Backport the following fixes from 2.46.x:
+
+- #515 - Librsvg now has limits on the number of loaded XML elements,
+  and the number of referenced elements within an SVG document.  This
+  is to mitigate malicious SVGs which try to consume all memory, and
+  those which try to consume an exponential amount of CPU time.
+
+- #308 - Fix stack exhaustion with circular references in <use> elements.
+
 Version 2.42.7
 - #323 - Fix a denial-of-service condition from exponential explosion
   of rendered elements, through nested use of SVG "use" elements in
diff --git a/configure.ac b/configure.ac
index 6a24c4a2..b3ab87db 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,6 +1,6 @@
 m4_define([rsvg_major_version],[2])
 m4_define([rsvg_minor_version],[42])
-m4_define([rsvg_micro_version],[7])
+m4_define([rsvg_micro_version],[8])
 m4_define([rsvg_extra_version],[])
 m4_define([rsvg_version],[rsvg_major_version.rsvg_minor_version.rsvg_micro_version()rsvg_extra_version])
 m4_define([rsvg_lt_version_info],m4_eval(rsvg_major_version + 
rsvg_minor_version):rsvg_micro_version:rsvg_minor_version)

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]