[pkg-php-pear] Bug#813849: Multiple security issues

David Prévot taffit at debian.org
Fri Feb 5 23:08:45 UTC 2016

Package: php-dompdf
Version: 0.6.1+dfsg-2
Severity: serious
Tags: security upstream


I’ve just noticed that php-dompdf upstream released “a security-focused
release that addresses a number of vulnerabilities that can expose your
system to exploitation.”
[CVE-2014-5011], [CVE-2014-5012] and [CVE-2014-5013] have been assigned
to these issues, but I don’t have much input about them.

I believe we should simply remove this leaf package from Jessie (along
with php-font-lib that is only used by php-dompdf). I’ll follow up with
an RM request if the security team agrees with that option.

This bug will soon force the auto-removal of this package from testing,
and unless someone steps up to adopt it (#748604), we may also remove it
from unstable.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-php-pear/attachments/20160205/4e78f477/attachment.sig>

More information about the pkg-php-pear mailing list