Bug#813849: Multiple security issues
Hey guys, I'm planning to ITA php-dompdf and just had a look on the relevant diff for that package. Will put it on review for stable release managers asap. Until then, please wait with efforts to RM the package, I'm using it for packages in the Icinga environment, especially icingaweb2. Cheers Markus Frosch -- mar...@lazyfrosch.de / lazyfro...@debian.org http://www.lazyfrosch.de
Bug#813849: Multiple security issues
Hi David, On Fri, Feb 05, 2016 at 07:08:45PM -0400, David Pr??vot wrote: > I???ve just noticed that php-dompdf upstream released ???a security-focused > release that addresses a number of vulnerabilities that can expose your > system to exploitation.??? > [CVE-2014-5011], [CVE-2014-5012] and [CVE-2014-5013] have been assigned > to these issues, but I don???t have much input about them. > > I believe we should simply remove this leaf package from Jessie (along > with php-font-lib that is only used by php-dompdf). I???ll follow up with > an RM request if the security team agrees with that option. Given there was no concern reaised about that I think you can go ahead with the request for removal on the next Jessie point release. Thanks for your work, Salvatore signature.asc Description: PGP signature
Bug#813849: Multiple security issues
Package: php-dompdf Version: 0.6.1+dfsg-2 Severity: serious Tags: security upstream Hi, I’ve just noticed that php-dompdf upstream released “a security-focused release that addresses a number of vulnerabilities that can expose your system to exploitation.” [CVE-2014-5011], [CVE-2014-5012] and [CVE-2014-5013] have been assigned to these issues, but I don’t have much input about them. I believe we should simply remove this leaf package from Jessie (along with php-font-lib that is only used by php-dompdf). I’ll follow up with an RM request if the security team agrees with that option. This bug will soon force the auto-removal of this package from testing, and unless someone steps up to adopt it (#748604), we may also remove it from unstable. Regards David signature.asc Description: PGP signature