{"id":"MGASA-2014-0004","summary":"Updated librsvg and gtk+3.0 packages fix security vulnerability","details":"librsvg before version 2.39.0 allows remote attackers to read arbitrary files\nvia an XML document containing an external entity declaration in conjunction\nwith an entity reference (CVE-2013-1881).\n\ngtk+3.0 has been patched to cope with the changes in SVG loading due to the\nfix in librsvg.\n","modified":"2026-04-16T06:24:26.401506737Z","published":"2014-01-06T01:08:20Z","upstream":["CVE-2013-1881"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2014-0004.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=11853"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-updates/2013-11/msg00114.html"}],"affected":[{"package":{"name":"librsvg","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/librsvg?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.36.4-2.1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0004.json"}},{"package":{"name":"gtk+3.0","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/gtk+3.0?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"gtk+3.0-3.6.4-1.1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0004.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}