Bug#966028: buster-pu: package librsvg/2.44.10-2.1+deb10u1
Emilio Pozuelo Monfort
pochu at debian.org
Wed Jul 22 12:19:01 BST 2020
Package: release.debian.org
Severity: normal
Tags: buster
User: release.debian.org at packages.debian.org
Usertags: pu
Hi,
This update fixes CVE-2019-20446, which the Security Team marked as
no-dsa. I considered updating to 2.44.16, which has a sensible set
of changes to the librsvg code. Unfortunately the newer tarball also
updates all of the vendored rust modules (which we do use, see #907629)
and although I have been using that newer version in buster for over
a week, I don't really feel confortable with that change (and I don't
think you'd have approved it either).
So I have gone with the minimal backport to 2.44.10 instead (which I've
also tested) and it's already uploaded. debdiff attached.
Let me know if there are any problems.
Thanks,
Emilio
More information about the pkg-gnome-maintainers
mailing list