[Git][security-tracker-team/security-tracker][master] tcpdf DSA
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Sun Jun 1 13:33:02 BST 2025
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7d01f580 by Moritz Mühlenhoff at 2025-06-01T14:27:59+02:00
tcpdf DSA
- - - - -
3 changed files:
- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -106721,7 +106721,6 @@ CVE-2024-23579 (HCL DRYiCE Optibot Reset Station is impacted by insecure encrypt
CVE-2024-22641 (TCPDF version 6.6.5 and before is vulnerable to ReDoS (Regular Express ...)
{DLA-4199-1}
- tcpdf 6.7.7+dfsg-1 (bug #1072528)
- [bookworm] - tcpdf <no-dsa> (Minor issue)
NOTE: https://github.com/tecnickcom/TCPDF/issues/724
NOTE: Fixed by: https://github.com/tecnickcom/TCPDF/commit/17fe9597fb31d3d08c0f02a03338928ab8bcf0b5 (6.7.7)
CVE-2024-21512 (Versions of the package mysql2 before 3.9.8 are vulnerable to Prototyp ...)
@@ -124352,7 +124351,6 @@ CVE-2024-3505 (JFrog Artifactory Self-Hosted versions below 7.77.3, are vulnerab
CVE-2024-32489 (TCPDF before 6.7.4 mishandles calls that use HTML syntax.)
{DLA-4199-1}
- tcpdf 6.7.4+dfsg-1
- [bookworm] - tcpdf <no-dsa> (Minor issue)
NOTE: Fixed by: https://github.com/tecnickcom/TCPDF/commit/51cd1b39de5643836e62661d162c472d63167df7
NOTE: Fixed by: https://github.com/tecnickcom/TCPDF/commit/82fc97bf1c74c8dbe62b1d3cc6d10fa4b87e0262 (6.7.4)
CVE-2024-32488 (In Foxit PDF Reader and Editor before 2024.1, Local Privilege Escalati ...)
@@ -145673,7 +145671,6 @@ CVE-2024-22922 (An issue in Projectworlds Vistor Management Systemin PHP v.1.0 a
CVE-2024-22640 (TCPDF version <=6.6.5 is vulnerable to ReDoS (Regular Expression Denia ...)
{DLA-4199-1}
- tcpdf 6.7.5+dfsg-1
- [bookworm] - tcpdf <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2276090
NOTE: https://github.com/zunak/CVE-2024-22640
NOTE: https://github.com/tecnickcom/TCPDF/commit/05f3a28f4a7905019469e040cf77e53d6aa7f679 (6.7.5)
=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[01 Jun 2025] DSA-5933-1 tcpdf - security update
+ {CVE-2024-22640 CVE-2024-22641 CVE-2024-32489 CVE-2024-51058 CVE-2024-56519 CVE-2024-56520 CVE-2024-56522 CVE-2024-56527}
+ [bookworm] - tcpdf 6.6.2+dfsg1-1+deb12u1
[30 May 2025] DSA-5932-1 thunderbird - security update
{CVE-2025-4918 CVE-2025-4919 CVE-2025-5263 CVE-2025-5264 CVE-2025-5266 CVE-2025-5267 CVE-2025-5268 CVE-2025-5269 CVE-2025-5283}
[bookworm] - thunderbird 1:128.11.0esr-1~deb12u1
=====================================
data/dsa-needed.txt
=====================================
@@ -68,9 +68,6 @@ sogo
--
sympa
--
-tcpdf (jmm)
- Santiago is taking a look and reporting back on progress
---
tomcat10
--
webkit2gtk (berto)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d01f580d84a77f4fde4eeecf8731f63127182e5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7d01f580d84a77f4fde4eeecf8731f63127182e5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250601/cb61600c/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list