| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 0001-Remove-pytest-options-for-plugins-not-packaged-for-D.patch | Remove pytest options for plugins not packaged for Debian. | Michael Fladischer <FladischerMichael@fladi.at> | no | 2018-12-27 | ||
| 0002-Don-t-use-overlapping-groups-for-regular-expressions.patch | =?UTF-8?q?Don=E2=80=99t=20use=20overlapping=20groups=20for=20regu?= =?UTF-8?q?lar=20expressions?= The section between 'rgb(' and the final ')' contains multiple overlapping groups. Since all three infinitely repeating groups accept spaces, a long string of spaces causes catastrophic backtracking when it is not followed by a closing parenthesis. The complexity is cubic, so doubling the length of the malicious string of spaces makes processing take 8 times as long. |
Guillaume Ayoub <guillaume@courtbouillon.org> | no | debian | https://github.com/Kozea/CairoSVG/commit/063185b60588a41d4df661ad70f9f7b699901abc | 2021-01-01 |
| Don-t-allow-fetching-external-files-unless-explicitl.patch | =?UTF-8?q?Don=E2=80=99t=20allow=20fetching=20external=20files=20u?= =?UTF-8?q?nless=20explicitly=20asked=20for?= | Guillaume Ayoub <guillaume@courtbouillon.org> | no | debian | https://github.com/Kozea/CairoSVG/commit/12d31c653c0254fa9d9853f66b04ea46e7397255 | 2023-03-10 |
| Handle-data-URLs-in-safe-mode.patch | Handle data-URLs in safe mode. Fix #383. |
Guillaume Ayoub <guillaume@courtbouillon.org> | yes | debian upstream | https://github.com/Kozea/CairoSVG/commit/2cbe3066e604af67c31d6651aa3acafe4ae0749d | 2023-04-18 |