librsvg: 2.40.9 -> 2.40.16 (security)

Fixes CVE-2015-7558 & CVE-2016-6163.

cc #18856

pkgs/development/libraries/librsvg/default.nix

@@ -6,11 +6,11 @@
 # no introspection by default, it's too big
 
 stdenv.mkDerivation rec {
-  name = "librsvg-2.40.9";
+  name = "librsvg-2.40.16";
 
   src = fetchurl {
     url    = "mirror://gnome/sources/librsvg/2.40/${name}.tar.xz";
-    sha256 = "0fplymmqqr28y24vcnb01szn62pfbqhk8p1ngns54x9m6mflr5hk";
+    sha256 = "0bpz6gsq8xi1pb5k9ax6vinph460v14znch3y5yz167s0dmwz2yl";
   };
 
   NIX_LDFLAGS = if stdenv.isDarwin then "-lintl" else null;