Mageia 2021-0149: python-cairosvg security update
Summary
When processing SVG files, the python package CairoSVG uses two regular
expressions which are vulnerable to Regular Expression Denial of Service
(REDoS). If an attacker provides a malicious SVG, it can make cairosvg
get stuck processing the file for a very long time (CVE-2021-21236).
References
- https://bugs.mageia.org/show_bug.cgi?id=28122
- https://github.com/advisories/GHSA-hq37-853p-g5cf
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21236
Resolution
MGASA-2021-0149 - Updated python-cairosvg packages fix security vulnerability
SRPMS
- 7/core/python-cairosvg-2.2.1-1.1.mga7