[Git][security-tracker-team/security-tracker][master] Reserve DLA-4199-1 for tcpdf

Sat May 31 15:43:09 BST 2025


Santiago R.R. pushed to branch master at Debian Security Tracker / security-tracker


Commits:
35fa3872 by Santiago Ruano Rincón at 2025-05-31T11:42:54-03:00
Reserve DLA-4199-1 for tcpdf

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -106672,7 +106672,6 @@ CVE-2024-23579 (HCL DRYiCE Optibot Reset Station is impacted by insecure encrypt
 CVE-2024-22641 (TCPDF version 6.6.5 and before is vulnerable to ReDoS (Regular Express ...)
 	- tcpdf 6.7.7+dfsg-1 (bug #1072528)
 	[bookworm] - tcpdf <no-dsa> (Minor issue)
-	[bullseye] - tcpdf <no-dsa> (Minor issue)
 	NOTE: https://github.com/tecnickcom/TCPDF/issues/724
 	NOTE: Fixed by: https://github.com/tecnickcom/TCPDF/commit/17fe9597fb31d3d08c0f02a03338928ab8bcf0b5 (6.7.7)
 CVE-2024-21512 (Versions of the package mysql2 before 3.9.8 are vulnerable to Prototyp ...)
@@ -124303,7 +124302,6 @@ CVE-2024-3505 (JFrog Artifactory Self-Hosted versions below 7.77.3, are vulnerab
 CVE-2024-32489 (TCPDF before 6.7.4 mishandles calls that use HTML syntax.)
 	- tcpdf 6.7.4+dfsg-1
 	[bookworm] - tcpdf <no-dsa> (Minor issue)
-	[bullseye] - tcpdf <no-dsa> (Minor issue)
 	NOTE: Fixed by: https://github.com/tecnickcom/TCPDF/commit/51cd1b39de5643836e62661d162c472d63167df7
 	NOTE: Fixed by: https://github.com/tecnickcom/TCPDF/commit/82fc97bf1c74c8dbe62b1d3cc6d10fa4b87e0262 (6.7.4)
 CVE-2024-32488 (In Foxit PDF Reader and Editor before 2024.1, Local Privilege Escalati ...)
@@ -145624,7 +145622,6 @@ CVE-2024-22922 (An issue in Projectworlds Vistor Management Systemin PHP v.1.0 a
 CVE-2024-22640 (TCPDF version <=6.6.5 is vulnerable to ReDoS (Regular Expression Denia ...)
 	- tcpdf 6.7.5+dfsg-1
 	[bookworm] - tcpdf <no-dsa> (Minor issue)
-	[bullseye] - tcpdf <no-dsa> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2276090
 	NOTE: https://github.com/zunak/CVE-2024-22640
 	NOTE: https://github.com/tecnickcom/TCPDF/commit/05f3a28f4a7905019469e040cf77e53d6aa7f679 (6.7.5)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[31 May 2025] DLA-4199-1 tcpdf - security update
+	{CVE-2024-22640 CVE-2024-22641 CVE-2024-32489 CVE-2024-56519 CVE-2024-56520 CVE-2024-56522 CVE-2024-56527}
+	[bullseye] - tcpdf 6.3.5+dfsg1-1+deb11u1
 [31 May 2025] DLA-4198-1 espeak-ng - security update
 	{CVE-2023-49990 CVE-2023-49991 CVE-2023-49992 CVE-2023-49993 CVE-2023-49994}
 	[bullseye] - espeak-ng 1.50+dfsg-7+deb11u2


=====================================
data/dla-needed.txt
=====================================
@@ -361,10 +361,6 @@ symfony (guilhem)
 systemd (charles)
   NOTE: 20250530: Added by Front-Desk (pochu)
 --
-tcpdf (santiago)
-  NOTE: 20241205: Added by Front-Desk (santiago)
-  NOTE: 20241230: https://lists.debian.org/debian-lts/2024/12/msg00057.html (bunk)
---
 trafficserver
   NOTE: 20241120: Added by Front-Desk (Beuc)
   NOTE: 20241120: Upcoming DSA (Beuc/front-desk)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35fa3872d58e4b19b0b652321026eeaa326011af

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/35fa3872d58e4b19b0b652321026eeaa326011af
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250531/04ba5650/attachment-0001.htm>
