mirror of
https://github.com/godotengine/buildroot.git
synced 2026-01-06 18:09:44 +03:00
962ec546d0
Fix CVE-2023-38633: A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element. https://gitlab.gnome.org/GNOME/librsvg/-/blob/2.50.9/NEWS Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr> (cherry picked from commit e7988c7060d7d8b137d18721ef773ef266114690) Signed-off-by: Peter Korsgaard <peter@korsgaard.com>