While the merge looks great from a sponsoring perspective I'm curious
about what is the reasoning behind doing this merge? From what I can
tell the new version has multiple tests disabled and does not include
any changes which would benefit users or developers. (Our version of
librsvg already has the security fix included.) In my opinion holding
off until Debian bug 1038447 is fixed would make sense.
diff -Nru librsvg-2.54.5+dfsg/NEWS librsvg-2.54.7+dfsg/NEWS
--- librsvg-2.54.5+dfsg/NEWS 2022-08-26 21:06:23.000000000 +0200
+++ librsvg-2.54.7+dfsg/NEWS 2023-07-23 01:48:21.000000000 +0200
@@ -1,3 +1,15 @@
+Version 2.54.7
+==============
+
+- Fix compilation on rustc < 1.58.
+
+Version 2.54.6
+==============
+
+This is a security release for bug #996.
+
+- #996 - Fix arbitrary file read when href has special characters.
+
...
** Changed in: librsvg (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to librsvg in Ubuntu.
https://bugs.launchpad.net/bugs/2031086
Title:
Merge with Debian's 2.54.7
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/librsvg/+bug/2031086/+subscriptions
--
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
