MGASA-2021-0149 - Updated python-cairosvg packages fix security vulnerability

Publication date: 21 Mar 2021
URL: https://advisories.mageia.org/MGASA-2021-0149.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2021-21236

When processing SVG files, the python package CairoSVG uses two regular
expressions which are vulnerable to Regular Expression Denial of Service
(REDoS). If an attacker provides a malicious SVG, it can make cairosvg
get stuck processing the file for a very long time (CVE-2021-21236).

References:
- https://bugs.mageia.org/show_bug.cgi?id=28122
- https://github.com/advisories/GHSA-hq37-853p-g5cf
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21236

SRPMS:
- 7/core/python-cairosvg-2.2.1-1.1.mga7