Debian Patches

Status for cairosvg/2.5.0-1.1+deb11u2

Patch Description Author Forwarded Bugs Origin Last update
0001-Remove-pytest-options-for-plugins-not-packaged-for-D.patch Remove pytest options for plugins not packaged for Debian. Michael Fladischer <FladischerMichael@fladi.at> no 2018-12-27
0002-Don-t-use-overlapping-groups-for-regular-expressions.patch =?UTF-8?q?Don=E2=80=99t=20use=20overlapping=20groups=20for=20regu?= =?UTF-8?q?lar=20expressions?=

The section between 'rgb(' and the final ')' contains multiple overlapping
groups.

Since all three infinitely repeating groups accept spaces, a long string of
spaces causes catastrophic backtracking when it is not followed by a closing
parenthesis.

The complexity is cubic, so doubling the length of the malicious string of
spaces makes processing take 8 times as long.
Guillaume Ayoub <guillaume@courtbouillon.org> no debian https://github.com/Kozea/CairoSVG/commit/063185b60588a41d4df661ad70f9f7b699901abc 2021-01-01
Don-t-allow-fetching-external-files-unless-explicitl.patch =?UTF-8?q?Don=E2=80=99t=20allow=20fetching=20external=20files=20u?= =?UTF-8?q?nless=20explicitly=20asked=20for?= Guillaume Ayoub <guillaume@courtbouillon.org> no debian https://github.com/Kozea/CairoSVG/commit/12d31c653c0254fa9d9853f66b04ea46e7397255 2023-03-10
Handle-data-URLs-in-safe-mode.patch Handle data-URLs in safe mode.
Fix #383.
Guillaume Ayoub <guillaume@courtbouillon.org> yes debian upstream https://github.com/Kozea/CairoSVG/commit/2cbe3066e604af67c31d6651aa3acafe4ae0749d 2023-04-18

All known versions for source package 'cairosvg'

Links