[librsvg/librsvg-2.40: 10/10] Update NEWS

From: Federico Mena Quintero <federico src gnome org>
To: commits-list gnome org
Cc:
Subject: [librsvg/librsvg-2.40: 10/10] Update NEWS
Date: Wed, 26 Feb 2020 17:43:45 +0000 (UTC)

commit 13fbcd136977f3e765e22181404aafa59f8d8fb3
Author: Federico Mena Quintero <federico gnome org>
Date:   Wed Feb 26 11:42:18 2020 -0600

    Update NEWS

 NEWS | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
---
diff --git a/NEWS b/NEWS
index 582c45fa..93fb2e11 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,18 @@
+Version 2.40.21
+- CVE-2019-20446 - Backport the following fixes from 2.46.x:
+
+- #515 - Librsvg now has limits on the number of loaded XML elements,
+  and the number of referenced elements within an SVG document.  This
+  is to mitigate malicious SVGs which try to consume all memory, and
+  those which try to consume an exponential amount of CPU time.
+
+- #308 - Fix stack exhaustion with circular references in <use> elements.
+
+- #323 - Fix a denial-of-service condition from exponential explosion
+  of rendered elements, through nested use of SVG "use" elements in
+  malicious SVGs.  This is similar to the XML "billion laughs attack"
+  but for SVG instancing.
+
 Version 2.40.20
 - Except for emergencies, this will be the LAST RELEASE of the
   librsvg-2.40.x series.  We are moving to 2.41, which is vastly

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]