The individual CVE pages say Inkscape 0.19, do they mean 0.91?
On Thu, May 19, 2022 at 12:24 PM Thomas Leroy tleroy@suse.de wrote:
Hi there,
As you may know, 3 CVEs [0] [1] [2] have been assigned to Inkscape, but there are a very few information available. The 3 CVE pages redirect to the same CISA page [3], mentioning Inkscape version 1.0 or later as fixed. Could you please confirm this information? Moreover, in the case of backporting patches is preferred instead of upgrading, could you please point me to the fixing commits? That would be very awesome.:)
Best regards,
Thomas
[0]https://nvd.nist.gov/vuln/detail/CVE-2021-42700 [1]https://nvd.nist.gov/vuln/detail/CVE-2021-42702 [2]https://nvd.nist.gov/vuln/detail/CVE-2021-42704 [3]https://www.cisa.gov/uscert/ics/advisories/icsa-22-132-03
-- Thomas Leroy Security engineer SUSE Software Solutions _______________________________________________ Inkscape Devel mailing list -- inkscape-devel@lists.inkscape.org To unsubscribe send an email to inkscape-devel-leave@lists.inkscape.org