-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3495-1 debian-...@lists.debian.org https://www.debian.org/lts/security/ Bastien Roucariès July 13, 2023 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : php-dompdf Version : 0.6.2+dfsg-3+deb10u1 CVE ID : CVE-2021-3838 CVE-2022-2400 Debian Bug : #1015874 Multiple vulnerabilies were fixed in php-dompdf a CSS 2.1 compliant HTML to PDF converter, written in PHP. CVE-2021-3838 php-dompdf was vulnerable to deserialization of Untrusted Data using PHAR deserialization (phar://) as url for image. CVE-2022-2400 php-dompdf was vulnerable to External Control of File Name bypassing unallowed access verification. For Debian 10 buster, these problems have been fixed in version 0.6.2+dfsg-3+deb10u1. We recommend that you upgrade your php-dompdf packages. For the detailed security status of php-dompdf please refer to its security tracker page at: https://security-tracker.debian.org/tracker/php-dompdf Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmSwabkACgkQADoaLapB CF8nsRAAsmeQ4TBOyOXOcCYD4juWGEb2PEqzoBtGUKnS6N8lWfWuFF9fUKjRSvVq UQ2kWHSDbT40qTd8eVNm0a1lRaHuubYhHKVtemiMJ71cJkInWQm9JDCCHdYPlN/t tj1ihB5IWi+yrpOuMzP4QN57kNo27U8tRWNb7eRBP3bECtt/CZtHzaq2zwk7tX6P SJWkVcTlIg9AHa33vq5/7FJ5o2pF4SUOL2zPs4Z0zqBKUhmXeg3ByYDvkgZMbgTL zE8RnGIc4pcBuwrhVhBpOv3mvUSfSbko0AqiUS45mgxMUuuSw+cUJwFtRAsH7Bh6 ElZwfkjiWIyrW5w8M1V8vi5ghwUl1AKd5stHjZXEcAYR0HZh1VcXgBB35LPYWzGR oL8FsD8ngQlCuaNPX3EgdbiluwiewLk9buYZYUb9BbnmCn/LxR7W5TkdnM4pUGU9 nuAEtPneim9qakqyeXLH2vOSlivCAj66iWLiDGbQTPwTjmmYgHlj3FNBuGUDQicL vdYJIRCVywAt2V2ebFWmxYUDsdFzuVXKfGYi+HOWUM8s9q5A1tGrQ+mGydWc+ses +u+2c7sNr5iuxF4NE/VdOBxfMy5zLSCRf+9Jccbkq29Y6UuvSCTMUo2L2ZwJIGxG MVmeBZZ1Ihm633lov0PsILBFfSmueXco0rMMW2/HFGoV2s4feuA= =ueR0 -----END PGP SIGNATURE-----