Home / mailings [SECURITY] [DSA 5642-1] php-dompdf-svg-lib security update
Posted on 20 March 2024
Debian Security Advisory- -------------------------------------------------------------------------
Debian Security Advisory DSA-5642-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
March 20, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : php-dompdf-svg-lib
CVE ID : CVE-2023-50251 CVE-2023-50252 CVE-2024-25117
Three security issues were discovered in php-svg-lib, a PHP library to
read, parse and export to PDF SVG files, which could result in denial
of service, restriction bypass or the execution of arbitrary code.
For the stable distribution (bookworm), these problems have been fixed in
version 0.5.0-3+deb12u1.
We recommend that you upgrade your php-dompdf-svg-lib packages.
For the detailed security status of php-dompdf-svg-lib please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/php-dompdf-svg-lib
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org