FEDORA-2024-7d6412477b — security update for php-tcpdf

stable

php-tcpdf-6.8.0-1.fc41

FEDORA-2024-7d6412477b created by remi 3 months ago for Fedora 41

Version 6.8.0 (2024-12-23)

Requires PHP 7.1+ and curl extension.
Escape error message.
Use strict time-constant function to compare TCPDF-tag hashes.
Add K_CURLOPTS config array to set custom cURL options (NOTE: some defaults have changed).
Add some addTTFfont fixes from tc-lib-pdf-font.

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2024-7d6412477b

This update has been submitted for testing by remi.

3 months ago

This update's test gating status has been changed to 'ignored'.

3 months ago

remi edited this update.

3 months ago

This update has been pushed to testing.

3 months ago

This update has been submitted for stable by bodhi.

2 months ago

This update has been pushed to stable.

2 months ago

Please login to add feedback.

Metadata

Type

security

Severity

low

Karma

Signed

Content Type

RPM

Test Gating

ignored

Autopush Settings

Unstable by Karma

-3

Stable by Karma

Stable by Time

7 days

Dates

submitted

3 months ago

in testing

3 months ago

in stable

2 months ago

modified

3 months ago

approved

2 months ago

Builds

php-tcpdf-6.8.0-1.fc41

BZ#2334296 CVE-2024-56522 php-tcpdf: unserializeTCPDFtag uses != (aka loose comparison) and does not use a constant-time function to compare TCPDF tag hashes [fedora-41]

BZ#2334301 CVE-2024-56519 php-tcpdf: setSVGStyles does not sanitize the SVG font-family attribute [fedora-41]

BZ#2334304 CVE-2024-56521 php-tcpdf: CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are set unsafely when libcurl is used [fedora-41]

BZ#2334345 CVE-2024-56527 php-tcpdf: Error function lacks an htmlspecialchars call for the error message. [fedora-41]

php-tcpdf-6.8.0-1.fc41

Automated Test Results

ignored