1. Forum
  2. Usenet
  3. LINUX.DEBIAN.CHANGES

  • Accepted tcpdf 6.6.2+dfsg1-1+deb12u1 (source) into proposed-updates

    From Debian FTP Masters@21:1/5 to All on Tue Jun 3 20:10:01 2025
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    Format: 1.8
    Date: Thu, 29 May 2025 13:17:39 -0300
    Source: tcpdf
    Architecture: source
    Version: 6.6.2+dfsg1-1+deb12u1
    Distribution: bookworm-security
    Urgency: medium
    Maintainer: phpMyAdmin Team <team+phpmyadmin@tracker.debian.org>
    Changed-By: Santiago Ruano Rincón <santiagorr@riseup.net>
    Changes:
    tcpdf (6.6.2+dfsg1-1+deb12u1) bookworm-security; urgency=medium
    .
    * Exclude quilt managed directory .pc/ from phpab in debian/rules
    * Explicitly specify RELEASE: bookworm in d/gitlab-ci.yml
    * Fix CVE-2024-22640: ReDoS (Regular Expression Denial of Service) if
    parsing an untrusted HTML page with a crafted color
    * Fix CVE-2024-22641: ReDoS (Regular Expression Denial of Service) if
    parsing an untrusted SVG file
    * Fix CVE-2024-32489: tcpdf mishandles calls that use HTML syntax
    * Fix CVE-2024-51058: Local File Inclusion (LFI) vulnerability through <img>
    src tag
    * Fix CVE-2024-56519: setSVGStyles does not sanitize the SVG font-family
    attribute
    * Fix CVE-2024-56520: tcpdf, through its use of tc-lib-pdf-font, mishandles
    fonts like FontBBox for Type 1 and incorrectly parses TrueType fonts
    * Fix CVE-2024-56522: unserializeTCPDFtag doesn't make use of constant-time
    function to compare TCPDF tag hashes
    * Fix CVE-2024-56527: the Error function lacks an htmlspecialchars call for
    the error message
    * Update git branch in the VCS-Git d/control field
    Checksums-Sha1:
    7db5274a9f373f41c2cc69e25cd280a36e45240e 1552 tcpdf_6.6.2+dfsg1-1+deb12u1.dsc
    346437fe31df2d5534c553f457f30113dce53280 8001440 tcpdf_6.6.2+dfsg1.orig.tar.xz
    c1353b84081ae9f13387cfcc9944eec472c5b772 16108 tcpdf_6.6.2+dfsg1-1+deb12u1.debian.tar.xz
    7b592b4e6519dea3b81706640a97990afc13fc9d 6552 tcpdf_6.6.2+dfsg1-1+deb12u1_amd64.buildinfo
    Checksums-Sha256:
    7aeb4e523175325f9c45ac0b371df1a8fcd72695412375c310b0daf5acdcadae 1552 tcpdf_6.6.2+dfsg1-1+deb12u1.dsc
    d66d1e799a97ca0a012faef45bd64d5d5c4878b46d98105a8be38efaa0f78d4f 8001440 tcpdf_6.6.2+dfsg1.orig.tar.xz
    02fedd8f54ffcd2c4e65cd469cfddc6c354042c46c4d87aef56787e9498248e4 16108 tcpdf_6.6.2+dfsg1-1+deb12u1.debian.tar.xz
    46807be8684b80717ee2d765584ad7f3e1da82bd2ad85d1334f2e322a7cbe43e 6552 tcpdf_6.6.2+dfsg1-1+deb12u1_amd64.buildinfo
    Files:
    f9169646024fef66af5b80766550ceb2 1552 php optional tcpdf_6.6.2+dfsg1-1+deb12u1.dsc
    1268c20a20017f0e21849000459a8928 8001440 php optional tcpdf_6.6.2+dfsg1.orig.tar.xz
    60e33cd4a6f079a26bb8849007a2a2db 16108 php optional tcpdf_6.6.2+dfsg1-1+deb12u1.debian.tar.xz
    0412fc7967f9a7970f31c9e0f1a00116 6552 php optional tcpdf_6.6.2+dfsg1-1+deb12u1_amd64.buildinfo

    -----BEGIN PGP SIGNATURE-----

    iIwEARYKADQWIQR+lHTq7mkJOyB6t2Un3j1FEEiG7wUCaDiVIRYcc2FudGlhZ29y ckByaXNldXAubmV0AAoJECfePUUQSIbv81gBAJEeUuTNqfSbKQgfRv19jPAtuluH AuMu1vXYiv7sKTg/AP4gFmSK+MsC6c+z4Wz4oEgFp+H9B/WcMTSdWZv7l9eqAg==
    =KWEY
    -----END PGP SIGNATURE-----


    --==============46467742697790446=Content-Type: application/pgp-signature

    -----BEGIN PGP SIGNATURE-----

    iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCaD84tQAKCRCb9qggYcy5 ITiEAP9Ft5i1lho0d6wWzqSHotoTGi/7wqMKeqWFz2KB2bUrBwEA8bpzYUygISh5 iEqX51b0LCntYCyx9JWKckJJMHQBegQ=H7CG
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)