openSUSE-SU-2023:0272-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2023:0272-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/openSUSE-SU-2023:0272-1
- Related
- Published
- 2023-09-25T22:02:13Z
- Modified
- 2023-09-25T22:02:13Z
- Summary
- Security update for python-CairoSVG
- Details
-
This update for python-CairoSVG fixes the following issues:
CVE-2023-27586: Don't allow fetching external files unless explicitly asked for. (boo#1209538)
Update to version 2.5.2
- Fix marker path scale
Update to version 2.5.1 (boo#1180648, CVE-2021-21236):
Security fix: When processing SVG files, CairoSVG was using two regular expressions which are vulnerable to Regular Expression Denial of Service (REDoS). If an attacker provided a malicious SVG, it could make CairoSVG get stuck processing the file for a very long time.
Fix marker positions for unclosed paths
- Follow hint when only outputwidth or outputheight is set
- Handle opacity on raster images
- Don’t crash when use tags reference unknown tags
- Take care of the next letter when A/a is replaced by l
- Fix misalignment in node.vertices
Updates for version 2.5.0.
- Drop support of Python 3.5, add support of Python 3.9.
- Add EPS export
- Add background-color, negate-colors, and invert-images options
- Improve support for font weights
- Fix opacity of patterns and gradients
- Support auto-start-reverse value for orient
- Draw images contained in defs
- Add Exif transposition support
- Handle dominant-baseline
- Support transform-origin
- References
Affected packages
SUSE:Package Hub 15 SP4 / python-CairoSVG
Package
- Name
- python-CairoSVG
- Purl
- pkg:rpm/suse/python-CairoSVG&distro=SUSE%20Package%20Hub%2015%20SP4