openSUSE: Security Advisory for python-CairoSVG, (openSUSE-SU-2021:1134-1)

The remote host is missing an update for the 'python-CairoSVG, ' package(s) announced via the openSUSE-SU-2021:1134-1 advisory.

This update for python-CairoSVG, python-Pillow fixes the following issues: Update to version 2.5.1. * Security fix: When processing SVG files, CairoSVG was using two regular expressions which are vulnerable to Regular Expression Denial of Service (REDoS). If an attacker provided a malicious SVG, it could make CairoSVG get stuck processing the file for a very long time. * Fix marker positions for unclosed paths * Follow hint when only output_width or output_height is set * Handle opacity on raster images * Dont crash when use tags reference unknown tags * Take care of the next letter when A/a is replaced by l * Fix misalignment in node.vertices Updates for version 2.5.0. * Drop support of Python 3.5, add support of Python 3.9. * Add EPS export * Add background-color, negate-colors, and invert-images options * Improve support for font weights * Fix opacity of patterns and gradients * Support auto-start-reverse value for orient * Draw images contained in defs * Add Exif transposition support * Handle dominant-baseline * Support transform-origin python-Pillow update to version 8.3.1: * Catch OSError when checking if fp is sys.stdout #5585 [radarhere] * Handle removing orientation from alternate types of EXIF data #5584 [radarhere] * Make Image.__array__ take optional dtype argument #5572 [t-vi, radarhere] * Use snprintf instead of sprintf. CVE-2021-34552 #5567 [radarhere] * Limit TIFF strip size when saving with LibTIFF #5514 [kmilos] * Allow ICNS save on all operating systems #4526 [baletu, radarhere, newpanjing, hugovk] * De-zigzag JPEG&#x27 s DQT when loading deprecate convert_dict_qtables #4989 [gofr, radarhere] * Replaced xml.etree.ElementTree #5565 [radarhere] * Moved CVE image to pillow-depends #5561 [radarhere] * Added tag data for IFD groups #5554 [radarhere] * Improved ImagePalette #5552 [radarhere] * Add DDS saving #5402 [radarhere] * Improved getxmp() #5455 [radarhere] * Convert to float for comparison with float in IFDRational __eq__ #5412 [radarhere] * Allow getexif() to access TIFF tag_v2 data #5416 [radarhere] * Read FITS image mode and size #5405 [radarhere] * Merge parallel horizontal edges in ImagingDrawPolygon #5347 [radarhere, hrdrq] * Use transparency behind first GIF frame and when disposing to background #5557 [radarhere, zewt] * Avoid unstable nature of qsort in Quant.c #5367 [radarhe ... Description truncated. Please see the references for more information.

'python-CairoSVG, ' package(s) on openSUSE Leap 15.2.

Checks if a vulnerable package version is present on the target host.

Please install the updated package(s).