Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 5642-1] php-dompdf-svg-lib security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5642-1] php-dompdf-svg-lib security update


Chronologisch Thread  
    < Chronologisch >       < Thread >
  • From: Moritz Muehlenhoff <jmm AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 5642-1] php-dompdf-svg-lib security update
  • Date: Wed, 20 Mar 2024 19:11:11 +0000
  • List-archive: https://lists.debian.org/msgid-search/Zfs0zwkJtuYlTNKg AT seger.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From:Date :Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=7qf1jd67gXP6eh0VrUM5hLcQq1G//uSYZbhvvWZ7Jqc=; b=O8 IFTs165Nhlm2pwi5sMn8WDzjjOfVzEqq0W4VHp/rXbpzjvG6c5z0MCTwV0GhJb8RyRLfaGnHG2Aav 1AbzrBESZCuORNrWz3QiZeeAw7Zmn3aCv0UGnSLhiTO2M2rHCTSPMQK77PaPNGUgkpb2OfNWl/DAO OTza0KfU+BbwKQ6YF/DFsYjiMHsNmcPe/xWDxuV+uVLQ5XucnXN46EIzZjbydnDmhPGbIW/oB1PHP D27+dZAbu5FDLGvnkoRw+FSz4aziVdB28hTCjeO9MOipTuZU0cznrPzKoWa+6vM9WRalxJz/JFWpm AfCYy3qdpDkkdDHZpRXDNTU1/LeEj4aw==;
  • Old-return-path: <jmm AT seger.debian.org>
  • Priority: urgent
  • Resent-date: Wed, 20 Mar 2024 19:11:38 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <TPzrn98iUfF.A.hXH.qTz-lB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5642-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
March 20, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : php-dompdf-svg-lib
CVE ID : CVE-2023-50251 CVE-2023-50252 CVE-2024-25117

Three security issues were discovered in php-svg-lib, a PHP library to
read, parse and export to PDF SVG files, which could result in denial
of service, restriction bypass or the execution of arbitrary code.

For the stable distribution (bookworm), these problems have been fixed in
version 0.5.0-3+deb12u1.

We recommend that you upgrade your php-dompdf-svg-lib packages.

For the detailed security status of php-dompdf-svg-lib please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/php-dompdf-svg-lib

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmX7NGEACgkQEMKTtsN8
TjYo5w/+Pg6R1qOP4p3GoBWg9kiHwZBLx/tkHW2FCGaKd4sDPboHvT73kzX3LEPn
5R+hBOGW07jB9VKn5icPte+UH/pTyl+5CKHG/4r8U8wNru83/mHqOmjsyneVBSMy
1wX8RLVYQ0vtm2AEF6a97bYydQC206YMnmoiaw90CWNib8k88Uvj3+OL+j8TcL7X
1F88/QU/dzHejJ3Qrto9ImOBYryemKIIt/BgRNJ9Dl1yaEgSs8CiYEMDmJ0Wg10m
pbH9MUIqmbGlrnJsfILMe0x9x9aut1QXxzFpyY9cEWgnM3khyZsdg2NAuak+VXoL
2OIFZKtgqZh8/1SvTMTzr3ayDB3zAACtZGa+ZCXA0FXeEekY9IOmEoIICRX70QOi
l9/F4RCPv45yaWSRBuG5nJcGogEfdpVEYURWDqs483PzVaQSE/rXCg4+xfaKG3f2
91h2rp9+tIj4Vrlbu6YDu7hYQARaa1b/SD3aM6iqfxO6c5c0gHgKJmZOjRg6N1Cl
xsSI+RhDJrw9N9YTZyzyunAV04gpdZVpOdqKH/YWI1NqB/VlpCvsOF0Hd7hh2T7R
i0yUR65f1zZIs3UfdJ3MiNMgnJdi05ZnOIvNWxN9ZzgAOSlyjIl6qRtRDikcUewu
bpBPzDuaLYPepVr60QIPHap7XNCohdRP0no5ows2pXgMzl3YCQU=
=OY4q
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 5642-1] php-dompdf-svg-lib security update, Moritz Muehlenhoff, 20.03.2024

Archiv bereitgestellt durch MHonArc 2.6.19+.

Seitenanfang