[Git][security-tracker-team/security-tracker][master] Reserve DLA-4427-1 for php-dompdf

Tue Dec 30 08:14:45 GMT 2025


Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f0bc86fd by Abhijith PA at 2025-12-30T13:44:17+05:30
Reserve DLA-4427-1 for php-dompdf

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -326438,7 +326438,6 @@ CVE-2022-2401 (Unrestricted information disclosure of all users in Mattermost ve
 CVE-2022-2400 (External Control of File Name or Path in GitHub repository dompdf/domp ...)
 	{DLA-3495-1}
 	- php-dompdf 2.0.2+dfsg-1 (bug #1015874)
-	[bullseye] - php-dompdf <no-dsa> (Minor issue)
 	NOTE: https://huntr.dev/bounties/a6da5e5e-86be-499a-a3c3-2950f749202a
 	NOTE: https://github.com/dompdf/dompdf/commit/99aeec1efec9213e87098d42eb09439e7ee0bb6a
 CVE-2022-2399 (Use after free in WebGPU in Google Chrome prior to 100.0.4896.88 allow ...)
@@ -384716,7 +384715,6 @@ CVE-2021-41770 (Ping Identity PingFederate before 10.3.1 mishandles pre-parsing
 CVE-2021-3838 (DomPDF before version 2.0.0 is vulnerable to PHAR deserialization due  ...)
 	{DLA-3495-2 DLA-3495-1}
 	- php-dompdf 2.0.2+dfsg-1
-	[bullseye] - php-dompdf <no-dsa> (Minor issue)
 	NOTE: https://github.com/dompdf/dompdf/issues/2564
 	NOTE: https://huntr.dev/bounties/0bdddc12-ff67-4815-ab9f-6011a974f48e
 	NOTE: https://github.com/dompdf/dompdf/commit/99aeec1efec9213e87098d42eb09439e7ee0bb6a (v2.0.0)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[30 Dec 2025] DLA-4427-1 php-dompdf - security update
+	{CVE-2021-3838 CVE-2022-2400}
+	[bullseye] - php-dompdf 0.6.2+dfsg-3.1+deb11u1
 [30 Dec 2025] DLA-4426-1 osslsigncode - security update
 	{CVE-2023-36377}
 	[bullseye] - osslsigncode 2.5-4~deb11u1


=====================================
data/dla-needed.txt
=====================================
@@ -331,9 +331,6 @@ pgbouncer (ah)
   NOTE: 20251227: bullseye/LTS 1.15.0-1+deb11u2 uploaded for LTS (ah)
   NOTE: 20251227: Preseving this entry (despite LTS done) for SPU/OSPU tracking for now. (ah)
 --
-php-dompdf (abhijith)
-  NOTE: 20251206: Added by Front-Desk. Avoid a regression from buster (rouca)
---
 php-laravel-framework
   NOTE: 20250307: Added by Front-Desk (rouca)
   NOTE: 20251027: History of upstream branch fixing v12: git log 9de75259..2d133034^2.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0bc86fd3ef1ddc308b7e23efa8d4dfedf676f86

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f0bc86fd3ef1ddc308b7e23efa8d4dfedf676f86
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20251230/502c63ba/attachment-0001.htm>
