Login
Newsletter
Werbung

Sicherheit: Ausführen beliebiger Kommandos in Inkscape
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in Inkscape
ID: FEDORA-2012-20621
Distribution: Fedora
Plattformen: Fedora 16
Datum: Sa, 5. Januar 2013, 08:35
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5656
Applikationen: Inkscape

Originalnachricht

Name        : inkscape
Product : Fedora 16
Version : 0.48.4
Release : 1.fc16
URL : http://inkscape.sourceforge.net/
Summary : Vector-based drawing program using SVG
Description :
Inkscape is a vector graphics editor, with capabilities similar to
Illustrator, CorelDraw, or Xara X, using the W3C standard Scalable Vector
Graphics (SVG) file format. It is therefore a very useful tool for web
designers and as an interchange format for desktop publishing.

Inkscape supports many advanced SVG features (markers, clones, alpha
blending, etc.) and great care is taken in designing a streamlined
interface. It is very easy to edit nodes, perform complex path operations,
trace bitmaps and much more.

-------------------------------------------------------------------------------
-
Update Information:

Fix XXE flaw, man page ownership.
-------------------------------------------------------------------------------
-
ChangeLog:

* Thu Dec 6 2012 Jon Ciesla <limburgher@gmail.com> - 0.48.3.1-4
- 0.48.4, fix XXE security flaw.
- Correct man page ownership.
* Thu Dec 6 2012 Jon Ciesla <limburgher@gmail.com> - 0.48.3.1-4
- Fix directory ownership, BZ 873817.
- Fix previous changelog version.
* Mon Nov 19 2012 Nils Philippsen <nils@redhat.com> - 0.48.3.1-3
- update sourceforge download URL
* Thu Nov 1 2012 Jon Ciesla <limburgher@gmail.com> - 0.48.3.1-2
- Allow loading large XML, BZ 871012.
* Fri Oct 5 2012 Jon Ciesla <limburgher@gmail.com> - 0.48.3.1-1
- Lastest upstream.
* Thu Oct 4 2012 Jon Ciesla <limburgher@gmail.com> - 0.48.2-13
- Added dep on uniconvertor, BZ 796424.
* Thu Jul 19 2012 Fedora Release Engineering
<rel-eng@lists.fedoraproject.org> - 0.48.2-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Mon Jul 9 2012 Petr Pisar <ppisar@redhat.com> - 0.48.2-11
- Perl 5.16 rebuild
* Mon Jul 2 2012 Marek Kasik <mkasik@redhat.com> - 0.48.2-10
- Rebuild (poppler-0.20.1)
* Wed Jun 27 2012 Petr Pisar <ppisar@redhat.com> - 0.48.2-9
- Perl 5.16 rebuild
* Sat Jun 23 2012 Rex Dieter <rdieter@fedoraproject.org>
- 0.48.2-8
- fix icon/desktop-file scriptlets (#739375)
- drop .desktop vendor (f18+)
- inkscape doesn't build with poppler-0.20.0 (#822413)
* Fri Jun 15 2012 Petr Pisar <ppisar@redhat.com> - 0.48.2-7
- Perl 5.16 rebuild
* Mon Jun 11 2012 Adel Gadllah <adel.gadllah@gmail.com> - 0.48.2-6
- Rebuild for new poppler
* Wed Apr 11 2012 Peter Robinson <pbrobinson@fedoraproject.org> -
0.48.2-5
- Rebuild for ImageMagik
* Thu Mar 8 2012 Daniel Drake <dsd@laptop.org> - 0.48.2-4
- Fix build with GCC 4.7
* Tue Feb 28 2012 Fedora Release Engineering
<rel-eng@lists.fedoraproject.org> - 0.48.2-3
- Rebuilt for c++ ABI breakage
* Fri Jan 13 2012 Fedora Release Engineering
<rel-eng@lists.fedoraproject.org> - 0.48.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Tue Nov 15 2011 German Ruiz <germanrs@fedoraproject.org> - 0.48.2-1
- New upstream version
- Fix glib include compile problem
- Fix compilation against libpng-1.5
* Fri Oct 28 2011 Rex Dieter <rdieter@fedoraproject.org> - 0.48.1-10
- rebuild(poppler)
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #888249 - CVE-2012-5656 inkscape: XXE via SVG rasterization
https://bugzilla.redhat.com/show_bug.cgi?id=888249
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update inkscape' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
Pro-Linux
Gewinnspiel
Neue Nachrichten
Werbung