embedded copy of libpotrace is vulnerable to CVE-2013-7437
Bug #1438366 reported by
Tyler Hicks
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Inkscape |
Fix Released
|
Medium
|
jazzynico | ||
Bug Description
It looks to me like Inkscape's embedded copy of libpotrace is vulnerable to CVE-2013-7437. Upstream potrace has released version 1.12 to address the vulnerability.
See the following links for some information on the vulnerability:
https:/
http://
Revision history for this message
| Tyler Hicks (tyhicks) wrote | #1 |
| information type: | Private Security → Public Security |
| tags: | added: code-design |
| Changed in inkscape: | |
| status: | New → Triaged |
| importance: | Undecided → Medium |
| milestone: | none → 0.92 |
| Changed in inkscape: | |
| assignee: | nobody → jazzynico (jazzynico) |
| status: | Triaged → In Progress |
Revision history for this message
| jazzynico (jazzynico) wrote | #2 |
| Changed in inkscape: | |
| status: | In Progress → Fix Committed |
| tags: | added: backport-proposed |
Revision history for this message
| jazzynico (jazzynico) wrote | #3 |
Revision history for this message
| jazzynico (jazzynico) wrote | #4 |
| Changed in inkscape: | |
| milestone: | 0.92 → 0.91.1 |
| tags: | removed: backport-proposed |
| Changed in inkscape: | |
| milestone: | 0.91.1 → 0.92 |
| status: | Fix Committed → Fix Released |
To post a comment you must log in.
I'm changing the report to 'Public Security' since the vulnerability and Inkscape's use of an embedded copy of libpotrace is public and common knowledge.