Your message dated Thu, 12 Dec 2024 09:42:56 +0000
with message-id <[email protected]>
and subject line Bug#1088332: fixed in tcpdf 6.7.7+dfsg-1
has caused the Debian Bug report #1088332,
regarding tcpdf: CVE-2024-51058
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1088332: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088332
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: tcpdf
Version: 6.7.5+dfsg-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for tcpdf.
CVE-2024-51058[0]:
| Local File Inclusion (LFI) vulnerability has been discovered in
| TCPDF 6.7.5. This vulnerability enables a user to read arbitrary
| files from the server's file system through <img> src tag,
| potentially exposing sensitive information.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-51058
https://www.cve.org/CVERecord?id=CVE-2024-51058
[1]
https://github.com/tecnickcom/TCPDF/commit/bfa7d2b6d455ebf72ebe3d48fbd487ee5a1f6f3b
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: tcpdf
Source-Version: 6.7.7+dfsg-1
Done: William Desportes <[email protected]>
We believe that the bug you reported is fixed in the latest version of
tcpdf, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
William Desportes <[email protected]> (supplier of updated tcpdf package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 12 Dec 2024 09:25:25 +0100
Source: tcpdf
Architecture: source
Version: 6.7.7+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: phpMyAdmin Team <[email protected]>
Changed-By: William Desportes <[email protected]>
Closes: 1072528 1088332
Changes:
tcpdf (6.7.7+dfsg-1) unstable; urgency=medium
.
* New upstream version 6.7.7+dfsg
- (CVE-2024-22641, CVE-2024-51058)
- (Closes: #1072528, Closes: #1088332)
* Bump Standards-Version to 4.7.0
Checksums-Sha1:
a8496d652f4ff44cdbb1cf56f34e4e0db37345ad 2086 tcpdf_6.7.7+dfsg-1.dsc
b0d7cf1dc0b8862661db3db50e2a964dda0caa14 8001456 tcpdf_6.7.7+dfsg.orig.tar.xz
4d700528d28df980da2d2d9fdc017f745f93e71d 10004 tcpdf_6.7.7+dfsg-1.debian.tar.xz
403e06104e0b33e9d47f7c7b96513a9821f13473 10060
tcpdf_6.7.7+dfsg-1_source.buildinfo
Checksums-Sha256:
7c0facd47014123f47157471ee6ba05719ad427ebe5d5f4d3dc8b5821f6d6ea8 2086
tcpdf_6.7.7+dfsg-1.dsc
dbc17684c4d8ad8f1572b660277b6f245f6de0e1dec7eaf83d2d39099f50f5e6 8001456
tcpdf_6.7.7+dfsg.orig.tar.xz
0ead3a13960146997b7e6720e95b449350303688a715241bd0ad4f935820ff74 10004
tcpdf_6.7.7+dfsg-1.debian.tar.xz
9818a2f2ca6ee7368f2951138ff3784090b35166a2412560ee80f61fdfdf01d5 10060
tcpdf_6.7.7+dfsg-1_source.buildinfo
Files:
f7c9d0131bc93f671adfbac911536a36 2086 php optional tcpdf_6.7.7+dfsg-1.dsc
e4e761593344d6910b46d463bc684d4a 8001456 php optional
tcpdf_6.7.7+dfsg.orig.tar.xz
50314d68bdbbcb9a233f5a46d0b69ebc 10004 php optional
tcpdf_6.7.7+dfsg-1.debian.tar.xz
df0288a62ffa38e51b40997d3c5e0eb5 10060 php optional
tcpdf_6.7.7+dfsg-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEExNkf3872tKPGU/14kKDvG4JRqIkFAmdaqN0ACgkQkKDvG4JR
qIm/7w/+KvycrmP1jSVoqhZfgdFE3HMDdJ/XmSmTZoQf0ZCf9yY3LcNmrSa0v9Ci
fIytxzt7iu92PvkW9znGM2+ktTNGitpB8tr79s/fq4kPLTO+WtlKAAEXD0CkxWUG
/l9DJEvlWcE4PR0tu5ba9IbkjGJCDdbaCX+g0MTVIDVFLQ5JLNhHnsKSO71PEAzX
fFfofyGPo6r8rY7CS5C2rxR0nqV+Vjd1aVqqgLwr51BssRIV2/n8JbyBuYkEZcPV
VPGR9f+gK9O+REnC2Cog8dezxB3bY4E4Mm+bqBwvz198LHEIl2McouQYBOrUFCdQ
/cCjDKML8KNagvwfoVgq2gIgS/q+eSX7HRxdDwo0XeyeLHe5wEoJRM2boKI/WCG6
bB0S2AhbkrYj9d2MqOcHQ3dP8b3gXlri2jZUfM1NfYtqwmANz9Oqf8kWta2ks3fS
g6zXJRazmTJT/juOzB/V4pzBEDCIfdxVnLfEoY+A2LwYmGnvSN0+JlQ1xQP9M6O3
l7f2r3TP9RLVzW0HCwyJ61Jsg8fD3hvMaGbanPit2GnzZmoUquTcx49zUOfs/V+t
gu8CK7yd3Q2JoMn8aRWfWWQH+y0EXKusDu7gPmqamYoEKWBVOtgsYQ9QgmS9OTl1
JGi1QOcdb1uL0sz+OkDIKb6bJDoFS0RQ4wNzpdP3jYagnHXul1o=
=XG1T
-----END PGP SIGNATURE-----
pgpWrNx0VfPvF.pgp
Description: PGP signature
--- End Message ---