-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Thu, 24 Mar 2016 22:07:34 +0100 Source: php-dompdf Binary: php-dompdf Architecture: source all Version: 0.6.1+dfsg-2+deb8u1 Distribution: jessie Urgency: medium Maintainer: Debian PHP PEAR Maintainers <pkg-php-pear@lists.alioth.debian.org> Changed-By: Markus Frosch <lazyfrosch@debian.org> Description: php-dompdf - HTML to PDF converter Closes: 813849 Changes: php-dompdf (0.6.1+dfsg-2+deb8u1) jessie; urgency=medium . * [22610bd] Add 0.6.2 hotfix patch which bundles CVE hotfixes from the upstream release. (Closes: #813849) . This is a security-focused release that addresses a number of vulnerabilities that can expose your system to exploitation. In tandem with this release we have also posted a document to the wiki with advice for securing dompdf [1]. Please read the new document and take appropriate measures to protect your systems. . This update addresses the following announced vulnerabilities: . * CVE-2014-5011 - Information Disclosure * CVE-2014-5012 - Denial Of Service Vector * CVE-2014-5013 - Remote Code Execution (complement of CVE-2014-2383) Checksums-Sha1: 7c7c752f4d93d67e4e04e276f64816c63de520ab 1808 php-dompdf_0.6.1+dfsg-2+deb8u1.dsc ba09be261e509b17ddd1ffd3737be85dafa02638 21616 php-dompdf_0.6.1+dfsg-2+deb8u1.debian.tar.xz 35a4105c914adefdb1cf26cc5e809950be32a247 937090 php-dompdf_0.6.1+dfsg-2+deb8u1_all.deb Checksums-Sha256: 5bc3486f6f043775603e97e764b38f12a8efd7ab64350e32df6ca4b12254157c 1808 php-dompdf_0.6.1+dfsg-2+deb8u1.dsc d2783402fd3c811ef3c31ce82bbe9417f58de173c8021a404a1169caa4764f1d 21616 php-dompdf_0.6.1+dfsg-2+deb8u1.debian.tar.xz fd14cdc4e0132dfcae854e1a2e7685e9551c823b24f0af24a6624e3f04df8c11 937090 php-dompdf_0.6.1+dfsg-2+deb8u1_all.deb Files: 8fc644796189eee0e3a74ef2f82390ca 1808 php optional php-dompdf_0.6.1+dfsg-2+deb8u1.dsc 8684b4d3becf616e76e79bdc4ccd96b9 21616 php optional php-dompdf_0.6.1+dfsg-2+deb8u1.debian.tar.xz c46dff1126b0fb73a985dc5c698544d6 937090 php optional php-dompdf_0.6.1+dfsg-2+deb8u1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJW9FkbAAoJEPJhXZqrmHtuoAYH/2MescthhQ5quv0HncmRR1Pu 603Bz7JOl4Ah/IVG2HvE0TQLG9oVjEqqsKB29+uIuYvG8pnc6ys2PihaqXa6JNiE 8RcW+xkE4tvsI1JNnnWOsX2w6gGVz1NCgbP0LPBiq4n0LP3wZ+yEwZALjRtDQ4Dh 7dzUx/HgYiIxKh4tAsOY+Xl6Cb2thtk1LkaUfnTPvIplRCMXOSuVrGPeFdijoqPp CLDX1wQiIZO+ilNumYYoX4e63SaAjumhtJETFYAWp2L4ZBs9KAW+EN+AGBXYg7fq WdULC6gX2dQX+S9LYN+nqnr6HCGvnfO9jwLOcLyom5f05tTuZAgi/jAZfTV7Ztg= =QFnL -----END PGP SIGNATURE-----