-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3158-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort October 24, 2022 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : wkhtmltopdf Version : 0.12.5-1+deb10u1 CVE ID : CVE-2020-21365 It was found that wkhtmltopdf, a command line utility to render HTML files into PDF, allowed local filesystem access by default. This update disables local filesystem access, but it can be enabled if necessary with the --enable-local-file-access or the --allow <path> options. For Debian 10 buster, this problem has been fixed in version 0.12.5-1+deb10u1. We recommend that you upgrade your wkhtmltopdf packages. For the detailed security status of wkhtmltopdf please refer to its security tracker page at: https://security-tracker.debian.org/tracker/wkhtmltopdf Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmNWvVUACgkQnUbEiOQ2 gwK0zBAAo3AOnIL8OuyZaMjFC89GzxxYC8pYLgg6y3rMW/uZxJO4Yhz96odofxJm v+GKCuPw5ND1rEgTQ1YKQJWE9FG2FHqFRJEA3sGodhqcJ+9DyMAukLg3igaFr24x numeDuUPDhDesyQoZspeqSOCLzKWEN1mCFJYUkVJdz1txlNqRLmTcWT5DxYMbnEq 45AkkYEqy4Asy+dTdhzAfXlSlpUY2tOvbMGe7mbPKdEuYKpMwcIODOLpzSfpbWbE gNnBAgeBdwwXXVC5voOyXtLuJb1wF7j8Kd8YBH35qDdK58UuWV7JhrOQt8ckFCHf ReZY28cKl+sg4LO/heXPDKj8Le9AhLgF65/el1dMD+gZtUKg6gWIZCj6eIwTuN6t xcfu91nTcDiTgpiND5scn6MrWzYYeT+Cu3O2FidNpYflqsBMfcb7LwTq/PCUzjyS UCmJ7KWYbYp+pESdZAPvZ/zbNlQMN3aliihLED57YagJIDOt3ghVSlhykyTVfRR/ 5CUOPnxtbvgZd8h/Z6v0WOmzthtvv45J8tsnG1ZN9ShT1Ed38WjTketwKosPKHs3 Tq4vwzdTv05xmzwwtNnDvQhgbVKBOVxDx13o1QvsnHynqk/+HO1s2wSa0zkwEkDq uB07wBv4bEzXuvm8xxOfykHrP9GVEtbjlBt5Jm7WiZdq/p8vsrE= =vMvQ -----END PGP SIGNATURE-----
