[Bugs] [Bug 13553] New: [CVE 21] librsvg 2.52.6 CVEs found

[bugzilla]

https://bugzilla.rosalinux.ru/show_bug.cgi?id=13553

          Platform: 2021.1
            Bug ID: 13553
           Summary: [CVE 21] librsvg 2.52.6  CVEs found
    Classification: ROSA-based products
           Product: ROSA Fresh
           Version: All
          Hardware: All
               URL: CVE-2023-38633,
                OS: Linux
            Status: CONFIRMED
          Severity: normal
          Priority: Normal
         Component: System (kernel, glibc, systemd, bash, PAM...)
          Assignee: bugs на lists.rosalinux.ru
          Reporter: y.tumanov на rosalinux.ru
        QA Contact: bugs на lists.rosalinux.ru
                CC: e.kosachev на rosalinux.ru, s.matveev на rosalinux.ru,
                    y.tumanov на rosalinux.ru
  Target Milestone: ---
             Flags: secteam_verified?

Please patch CVEs for package librsvg version 2.52.6

INFO (CVEs are): librsvg 2.52.6
 cves found
CVE-2023-38633
Desc: A directory traversal problem in the URL decoder of librsvg before 2.56.3
could be used by local or remote attackers to disclose files (on the local
filesystem outside of the expected area), as demonstrated by
href=".?../../../../../../../../../../etc/passwd" in an xi:include element.
Link: https://nvd.nist.gov/vuln/detail/CVE-2023-38633
Severity: MEDIUM

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
----------- следущая часть -----------
Вложение в формате HTML было извлечено…
URL: <http://lists.rosalinux.ru/pipermail/bugs/attachments/20230823/b514a596/attachment-0001.html>