-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 07 Mar 2024 00:10:13 +0100 Source: php-dompdf-svg-lib Architecture: source Version: 0.5.0-3+deb12u1 Distribution: bookworm-security Urgency: medium Maintainer: Debian PHP PEAR Maintainers <pkg-php-pear@lists.alioth.debian.org> Changed-By: William Desportes <williamdes@wdes.fr> Changes: php-dompdf-svg-lib (0.5.0-3+deb12u1) bookworm-security; urgency=medium . * Add patches for phar:// url validations - CVE-2023-50251 and CVE-2023-50252 (#1058641) - CVE-2024-25117 (#1064781) * Add a patch for infinite recursion vulnerability - CVE-2023-50251 (#1058641) Checksums-Sha1: 8995ca3c0aaaa40e13da1c1bd1b638c65ce7858c 2227 php-dompdf-svg-lib_0.5.0-3+deb12u1.dsc 2d637633c34a40f233aa53521e9b8caf38764a7c 56500 php-dompdf-svg-lib_0.5.0.orig.tar.xz 0d65587b683ee22c016d598b571817f536ee7c09 4804 php-dompdf-svg-lib_0.5.0-3+deb12u1.debian.tar.xz 80c1463c928b788d507f74f4bff30910ac9618b5 7544 php-dompdf-svg-lib_0.5.0-3+deb12u1_source.buildinfo Checksums-Sha256: b54c77a607747569f915cbd1a5bd06e4bd8527381d56db3a6fdea9c6b9c47561 2227 php-dompdf-svg-lib_0.5.0-3+deb12u1.dsc 4203cfb9334a8ad13994a66e0047d1308f917541287f1ccb09ee301aeeb6fc0d 56500 php-dompdf-svg-lib_0.5.0.orig.tar.xz ca59056e2074a0ebdcb65ac6079454f7465561d3eb1825773848a0ac4f066184 4804 php-dompdf-svg-lib_0.5.0-3+deb12u1.debian.tar.xz a017843cc674fcf40e7aabe58b8f3848295ca801cf1aaec230613bd57ddcecf0 7544 php-dompdf-svg-lib_0.5.0-3+deb12u1_source.buildinfo Files: 0d2d190a0428609b7c4f821d3fc72b8f 2227 php optional php-dompdf-svg-lib_0.5.0-3+deb12u1.dsc 434724913bb8ec337f7ff269c857b21b 56500 php optional php-dompdf-svg-lib_0.5.0.orig.tar.xz ebe9d444d9052d6579e897c5b65e8fa3 4804 php optional php-dompdf-svg-lib_0.5.0-3+deb12u1.debian.tar.xz 08c5cc2d75a4a2d44abcf36bd3c10d5e 7544 php optional php-dompdf-svg-lib_0.5.0-3+deb12u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmX0VywACgkQEMKTtsN8 TjbiYxAArKCNA2WdRRNdeJi4KCngugH9wzpw/TmiGe3u5/7DBBdPoSFCcQKdKo12 UzQLOZd5SImWZTXAz7kZeTZ9SX5pXLDX8y6ZGHHfNjXnSDOr6E6mSOkZbvBhi1Xf sVs1NyBcs/Y4vayqfPyJ2LlohRqpvarZGRDhlPBLxLbBK+l1i2dDbmfh2/f/SwIb G5ZKfg7stuGdCeQ5AdrENR73sPDFP6C+JaevYtPJjafqwnPssI0s5n4AJCRTyC/a sqleOlhbWFv+Kwym7GBAPhLQmjQ6j/6GC5CoSBLlb1uIMT8hoQEXbkHjZGXYpRSk 2mH8R8VRGKtTS6LNMGU6n2xlye1zeeMPxKgZOwlOnIrXFYIMTegb9L9h7R6OUWGP Q5LK+CGwjlCfBAV/uS1yLa2O0ZWEWxxsFZsbhj7rWSRleTxjjWK/bzYhMnViClQ5 Ygum7P0RpHOZJJwNd2vHtBbenMY+CRe7qfXDmKFsxt2ILPlvJYS3M8yK1lBRbEV7 l5Sc3uevPpHu5m/4uxjCSoztrZ1P6BBAeeXZI8TmawBqdf92OErtflHeg7yaDUzB dEd57Kp+G+9DyIaUkdUHFaNgE7a5Fe7KqE9JTyFXRJhDqyFcX3iYVfJRVni9wZqc qUkhEFZRfUz8gP6xWACO/EgLuohzBgGo+moJODVB5lgINPWv4CY= =wPPx -----END PGP SIGNATURE-----