The individual CVE pages say Inkscape 0.19, do they mean 0.91?
On Thu, May 19, 2022 at 12:24 PM Thomas Leroy <tleroy@suse.de> wrote:
Hi there,
As you may know, 3 CVEs [0] [1] [2] have been assigned to Inkscape, but there
are a very few information available.
The 3 CVE pages redirect to the same CISA page [3], mentioning Inkscape version
1.0 or later as fixed. Could you please confirm this information?
Moreover, in the case of backporting patches is preferred instead of upgrading,
could you please point me to the fixing commits? That would be very awesome.:)
Best regards,
Thomas
[0]https://nvd.nist.gov/vuln/detail/CVE-2021-42700
[1]https://nvd.nist.gov/vuln/detail/CVE-2021-42702
[2]https://nvd.nist.gov/vuln/detail/CVE-2021-42704
[3]https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03
--
Thomas Leroy
Security engineer
SUSE Software Solutions
_______________________________________________
Inkscape Devel mailing list -- inkscape-devel@lists.inkscape.org
To unsubscribe send an email to inkscape-devel-leave@lists.inkscape.org
-- Thomas Leroy Security engineer SUSE Software Solutions