Update Info

openSUSE-2023-272


Security update for python-CairoSVG


Type: security
Severity: moderate
Issued: 2023-09-26
Description:
This update for python-CairoSVG fixes the following issues:

- CVE-2023-27586: Don't allow fetching external files unless explicitly asked for.  (boo#1209538)

- Update to version 2.5.2

  * Fix marker path scale

- Update to version 2.5.1 (boo#1180648, CVE-2021-21236):

  * Security fix: When processing SVG files, CairoSVG was using two
    regular expressions which are vulnerable to Regular Expression 
    Denial of Service (REDoS). If an attacker provided a malicious 
    SVG, it could make CairoSVG get stuck processing the file for a 
    very long time.

  * Fix marker positions for unclosed paths
  * Follow hint when only output_width or output_height is set
  * Handle opacity on raster images
  * Don’t crash when use tags reference unknown tags
  * Take care of the next letter when A/a is replaced by l
  * Fix misalignment in node.vertices

- Updates for version 2.5.0.

  * Drop support of Python 3.5, add support of Python 3.9.
  * Add EPS export
  * Add background-color, negate-colors, and invert-images options
  * Improve support for font weights
  * Fix opacity of patterns and gradients
  * Support auto-start-reverse value for orient
  * Draw images contained in defs
  * Add Exif transposition support
  * Handle dominant-baseline
  * Support transform-origin


              

Packages


  • python-CairoSVG-2.5.2-bp154.2.3.1