[Git][security-tracker-team/security-tracker][master] Reserve DLA-4427-1 for php-dompdf

Tue, 30 Dec 2025 00:15:01 -0800 


Abhijith PA pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
f0bc86fd by Abhijith PA at 2025-12-30T13:44:17+05:30
Reserve DLA-4427-1 for php-dompdf

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -326438,7 +326438,6 @@ CVE-2022-2401 (Unrestricted information disclosure of 
all users in Mattermost ve
 CVE-2022-2400 (External Control of File Name or Path in GitHub repository 
dompdf/domp ...)
        {DLA-3495-1}
        - php-dompdf 2.0.2+dfsg-1 (bug #1015874)
-       [bullseye] - php-dompdf <no-dsa> (Minor issue)
        NOTE: https://huntr.dev/bounties/a6da5e5e-86be-499a-a3c3-2950f749202a
        NOTE: 
https://github.com/dompdf/dompdf/commit/99aeec1efec9213e87098d42eb09439e7ee0bb6a
 CVE-2022-2399 (Use after free in WebGPU in Google Chrome prior to 
100.0.4896.88 allow ...)
@@ -384716,7 +384715,6 @@ CVE-2021-41770 (Ping Identity PingFederate before 
10.3.1 mishandles pre-parsing
 CVE-2021-3838 (DomPDF before version 2.0.0 is vulnerable to PHAR 
deserialization due  ...)
        {DLA-3495-2 DLA-3495-1}
        - php-dompdf 2.0.2+dfsg-1
-       [bullseye] - php-dompdf <no-dsa> (Minor issue)
        NOTE: https://github.com/dompdf/dompdf/issues/2564
        NOTE: https://huntr.dev/bounties/0bdddc12-ff67-4815-ab9f-6011a974f48e
        NOTE: 
https://github.com/dompdf/dompdf/commit/99aeec1efec9213e87098d42eb09439e7ee0bb6a
 (v2.0.0)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[30 Dec 2025] DLA-4427-1 php-dompdf - security update
+       {CVE-2021-3838 CVE-2022-2400}
+       [bullseye] - php-dompdf 0.6.2+dfsg-3.1+deb11u1
 [30 Dec 2025] DLA-4426-1 osslsigncode - security update
        {CVE-2023-36377}
        [bullseye] - osslsigncode 2.5-4~deb11u1


=====================================
data/dla-needed.txt
=====================================
@@ -331,9 +331,6 @@ pgbouncer (ah)
   NOTE: 20251227: bullseye/LTS 1.15.0-1+deb11u2 uploaded for LTS (ah)
   NOTE: 20251227: Preseving this entry (despite LTS done) for SPU/OSPU 
tracking for now. (ah)
 --
-php-dompdf (abhijith)
-  NOTE: 20251206: Added by Front-Desk. Avoid a regression from buster (rouca)
---
 php-laravel-framework
   NOTE: 20250307: Added by Front-Desk (rouca)
   NOTE: 20251027: History of upstream branch fixing v12: git log 
9de75259..2d133034^2.



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0bc86fd3ef1ddc308b7e23efa8d4dfedf676f86

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0bc86fd3ef1ddc308b7e23efa8d4dfedf676f86
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to