[pkg-php-pear] Bug#813849: Multiple security issues
Salvatore Bonaccorso
carnil at debian.org
Fri Feb 26 08:07:46 UTC 2016
Hi David,
On Fri, Feb 05, 2016 at 07:08:45PM -0400, David Pr??vot wrote:
> I???ve just noticed that php-dompdf upstream released ???a security-focused
> release that addresses a number of vulnerabilities that can expose your
> system to exploitation.???
> [CVE-2014-5011], [CVE-2014-5012] and [CVE-2014-5013] have been assigned
> to these issues, but I don???t have much input about them.
>
> I believe we should simply remove this leaf package from Jessie (along
> with php-font-lib that is only used by php-dompdf). I???ll follow up with
> an RM request if the security team agrees with that option.
Given there was no concern reaised about that I think you can go ahead
with the request for removal on the next Jessie point release.
Thanks for your work,
Salvatore
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-php-pear/attachments/20160226/9bdf44a7/attachment-0001.sig>
More information about the pkg-php-pear
mailing list