Hello community, here is the log from the commit of package librsvg for openSUSE:Factory checked in at 2013-09-16 10:05:32 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/librsvg (Old) and /work/SRC/openSUSE:Factory/.librsvg.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "librsvg" Changes: -------- --- /work/SRC/openSUSE:Factory/librsvg/librsvg.changes 2013-08-22 09:23:05.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.librsvg.new/librsvg.changes 2013-09-16 10:05:34.000000000 +0200 @@ -1,0 +2,8 @@ +Sat Sep 14 15:51:00 UTC 2013 - dimstar@opensuse.org + +- Update to version 2.39.0: + + Don't load resources from the net (bgo#691708, CVE-2013-1881). +- The restrictiveness is being correctly addressed by GTK+ 3.9.11; + we prefer to have the more secure librsvg variant in 13.1. + +------------------------------------------------------------------- Old: ---- librsvg-2.37.0.tar.xz New: ---- librsvg-2.39.0.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ librsvg.spec ++++++ --- /var/tmp/diff_new_pack.CmEwAP/_old 2013-09-16 10:05:34.000000000 +0200 +++ /var/tmp/diff_new_pack.CmEwAP/_new 2013-09-16 10:05:34.000000000 +0200 @@ -17,13 +17,13 @@ Name: librsvg -Version: 2.37.0 +Version: 2.39.0 Release: 0 Summary: A Library for Rendering SVG Data License: LGPL-2.0+ and GPL-2.0+ Group: System/Libraries Url: http://librsvg.sourceforge.net/ -Source: http://download.gnome.org/sources/librsvg/2.37/%{name}-%{version}.tar.xz +Source: http://download.gnome.org/sources/librsvg/2.39/%{name}-%{version}.tar.xz Source99: baselibs.conf BuildRequires: gobject-introspection-devel BuildRequires: vala ++++++ librsvg-2.37.0.tar.xz -> librsvg-2.39.0.tar.xz ++++++ ++++ 27122 lines of diff (skipped) -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org