SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2021-1310

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2021-1310

Security update for librsvg

Type: security

Severity: moderate

Issued: 2021-04-23

Description:

This update for librsvg fixes the following issues:

- librsvg was updated to 2.42.9:
  * Update dependent crates that had security vulnerabilities:
    smallvec to 0.6.14 - RUSTSEC-2018-0003 - CVE-2018-20991 (bsc#1148293)
-the bundled version of the cssparser crate now builds correctly on Rust 1.43 (bsc#1181571).

References

CVE: CVE-2018-20991
Bugzilla: 1181571 Catchall bug for build issues in setting up openSUSE Leap 15.3 for armv7hl
Bugzilla: 1148293 VUL-1: CVE-2018-20991: rust-smallvec: The Iterator implementation mishandles destructors, leading to a double free.

Packages

librsvg-2.42.9-3.6.1