Hi David, On Fri, Feb 05, 2016 at 07:08:45PM -0400, David Pr??vot wrote: > I???ve just noticed that php-dompdf upstream released ???a security-focused > release that addresses a number of vulnerabilities that can expose your > system to exploitation.??? > [CVE-2014-5011], [CVE-2014-5012] and [CVE-2014-5013] have been assigned > to these issues, but I don???t have much input about them. > > I believe we should simply remove this leaf package from Jessie (along > with php-font-lib that is only used by php-dompdf). I???ll follow up with > an RM request if the security team agrees with that option.
Given there was no concern reaised about that I think you can go ahead with the request for removal on the next Jessie point release. Thanks for your work, Salvatore
signature.asc
Description: PGP signature