[pkg-php-pear] Bug#1015874: php-dompdf: CVE-2022-2400

Moritz Mühlenhoff jmm at inutil.org
Fri Jul 22 21:55:28 BST 2022

Source: php-dompdf
X-Debbugs-CC: team at security.debian.org
Severity: grave
Tags: security


The following vulnerability was published for php-dompdf.

| External Control of File Name or Path in GitHub repository
| dompdf/dompdf prior to 2.0.0.


The isolated patch is
but if php- dompdfis to be included in Bookworm, it should really
be updated to 2.0.0, otherwise the current version will be over
seven years old when Bookworm gets released.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2022-2400

Please adjust the affected versions in the BTS as needed.

More information about the pkg-php-pear mailing list