• [SECURITY] [DSA 5642-1] php-dompdf-svg-lib security update

    From Moritz Muehlenhoff@21:1/5 to All on Wed Mar 20 20:20:02 2024
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5642-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff
    March 20, 2024 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : php-dompdf-svg-lib
    CVE ID : CVE-2023-50251 CVE-2023-50252 CVE-2024-25117

    Three security issues were discovered in php-svg-lib, a PHP library to
    read, parse and export to PDF SVG files, which could result in denial
    of service, restriction bypass or the execution of arbitrary code.

    For the stable distribution (bookworm), these problems have been fixed in version 0.5.0-3+deb12u1.

    We recommend that you upgrade your php-dompdf-svg-lib packages.

    For the detailed security status of php-dompdf-svg-lib please refer to
    its security tracker page at: https://security-tracker.debian.org/tracker/php-dompdf-svg-lib

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmX7NGEACgkQEMKTtsN8 TjYo5w/+Pg6R1qOP4p3GoBWg9kiHwZBLx/tkHW2FCGaKd4sDPboHvT73kzX3LEPn 5R+hBOGW07jB9VKn5icPte+UH/pTyl+5CKHG/4r8U8wNru83/mHqOmjsyneVBSMy 1wX8RLVYQ0vtm2AEF6a97bYydQC206YMnmoiaw90CWNib8k88Uvj3+OL+j8TcL7X 1F88/QU/dzHejJ3Qrto9ImOBYryemKIIt/BgRNJ9Dl1yaEgSs8CiYEMDmJ0Wg10m pbH9MUIqmbGlrnJsfILMe0x9x9aut1QXxzFpyY9cEWgnM3khyZsdg2NAuak+VXoL 2OIFZKtgqZh8/1SvTMTzr3ayDB3zAACtZGa+ZCXA0FXeEekY9IOmEoIICRX70QOi l9/F4RCPv45yaWSRBuG5nJcGogEfdpVEYURWDqs483PzVaQSE/rXCg4+xfaKG3f2 91h2rp9+tIj4Vrlbu6YDu7hYQARaa1b/SD3aM6iqfxO6c5c0gHgKJmZOjRg6N1Cl xsSI+RhDJrw9N9YTZyzyunAV04gpdZVpOdqKH/YWI1NqB/VlpCvsOF0Hd7hh2T7R i0yUR65f1zZIs3UfdJ3MiNMgnJdi05ZnOIvNWxN9ZzgAOSlyjIl6qRtRDikcUewu bpBPzDuaLYPepVr60QIPHap7XNCohdRP0no5ows2pXgMzl3YCQU=
    =OY4q
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)