[SECURITY] [DSA 5642-1] php-dompdf-svg-lib security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 5642-1] php-dompdf-svg-lib security update
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Wed, 20 Mar 2024 19:11:11 +0000
Message-id: <[🔎] Zfs0zwkJtuYlTNKg@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5642-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
March 20, 2024                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : php-dompdf-svg-lib
CVE ID         : CVE-2023-50251 CVE-2023-50252 CVE-2024-25117

Three security issues were discovered in php-svg-lib, a PHP library to
read, parse and export to PDF SVG files, which could result in denial
of service, restriction bypass or the execution of arbitrary code.

For the stable distribution (bookworm), these problems have been fixed in
version 0.5.0-3+deb12u1.

We recommend that you upgrade your php-dompdf-svg-lib packages.

For the detailed security status of php-dompdf-svg-lib please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/php-dompdf-svg-lib

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmX7NGEACgkQEMKTtsN8
TjYo5w/+Pg6R1qOP4p3GoBWg9kiHwZBLx/tkHW2FCGaKd4sDPboHvT73kzX3LEPn
5R+hBOGW07jB9VKn5icPte+UH/pTyl+5CKHG/4r8U8wNru83/mHqOmjsyneVBSMy
1wX8RLVYQ0vtm2AEF6a97bYydQC206YMnmoiaw90CWNib8k88Uvj3+OL+j8TcL7X
1F88/QU/dzHejJ3Qrto9ImOBYryemKIIt/BgRNJ9Dl1yaEgSs8CiYEMDmJ0Wg10m
pbH9MUIqmbGlrnJsfILMe0x9x9aut1QXxzFpyY9cEWgnM3khyZsdg2NAuak+VXoL
2OIFZKtgqZh8/1SvTMTzr3ayDB3zAACtZGa+ZCXA0FXeEekY9IOmEoIICRX70QOi
l9/F4RCPv45yaWSRBuG5nJcGogEfdpVEYURWDqs483PzVaQSE/rXCg4+xfaKG3f2
91h2rp9+tIj4Vrlbu6YDu7hYQARaa1b/SD3aM6iqfxO6c5c0gHgKJmZOjRg6N1Cl
xsSI+RhDJrw9N9YTZyzyunAV04gpdZVpOdqKH/YWI1NqB/VlpCvsOF0Hd7hh2T7R
i0yUR65f1zZIs3UfdJ3MiNMgnJdi05ZnOIvNWxN9ZzgAOSlyjIl6qRtRDikcUewu
bpBPzDuaLYPepVr60QIPHap7XNCohdRP0no5ows2pXgMzl3YCQU=
=OY4q
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 5641-1] fontforge security update
Next by Date: [SECURITY] [DSA 5626-2] pdns-recursor regression update
Previous by thread: [SECURITY] [DSA 5641-1] fontforge security update
Next by thread: [SECURITY] [DSA 5626-2] pdns-recursor regression update
Index(es):
- Date
- Thread