Ubuntu Security Notice 6266-1 - Zac Sims discovered that librsvg incorrectly handled decoding URLs. A remote attacker could possibly use this issue to read arbitrary files by using an include element.
06773e26613c1f6604d2287ee6c54aa9a6a94e09a0c9341148dd41b01d3a1f80