Trend Micro’s Zero Day Initiative hands out over $1m in awards for Pwn2Own competitors, who found more than 70 zero-day flaws
Daily Archives: October 28, 2024
AI-Powered BEC Scams Zero in on Manufacturers
Vipre research reveals that 10% of emails targeting the manufacturing sector are BEC attempts
php-tcpdf-6.7.7-1.fc41
FEDORA-2024-b00678c08a
Packages in this update:
php-tcpdf-6.7.7-1.fc41
Update description:
Version 6.7.7 (2024-10-26)
Update regular expression to avoid ReDoS (CVE-2024-22641)
[PHP 8.4] Fix: Curl CURLOPT_BINARYTRANSFER deprecated #675
SVG detection fix for inline data images #646
Fix count svg #647
Since the version 6.7.4, the “0” is considered like empty string and not displayed
Fixed handling of transparency in PDF/A mode in addExtGState method
Encrypt /DA string when document is encrypted
Improve quality of generated seed, avoid potential security pitfall
Try to use random_bytes() first if it’s available
Do not include the server parameters in the generated seed, as they might contain sensitive data
Fix bug on _getannotsrefs when there are empty signature appearances but not other annot on a page
Fix SVG coordinate parser that caused drawing artifacts
Remove usage of xml_set_object() function
php-tcpdf-6.7.7-1.fc40
FEDORA-2024-afeeca72ce
Packages in this update:
php-tcpdf-6.7.7-1.fc40
Update description:
Version 6.7.7 (2024-10-26)
Update regular expression to avoid ReDoS (CVE-2024-22641)
[PHP 8.4] Fix: Curl CURLOPT_BINARYTRANSFER deprecated #675
SVG detection fix for inline data images #646
Fix count svg #647
Since the version 6.7.4, the “0” is considered like empty string and not displayed
Fixed handling of transparency in PDF/A mode in addExtGState method
Encrypt /DA string when document is encrypted
Improve quality of generated seed, avoid potential security pitfall
Try to use random_bytes() first if it’s available
Do not include the server parameters in the generated seed, as they might contain sensitive data
Fix bug on _getannotsrefs when there are empty signature appearances but not other annot on a page
Fix SVG coordinate parser that caused drawing artifacts
Remove usage of xml_set_object() function
php-tcpdf-6.7.7-1.fc39
FEDORA-2024-0b2854c95b
Packages in this update:
php-tcpdf-6.7.7-1.fc39
Update description:
Version 6.7.7 (2024-10-26)
Update regular expression to avoid ReDoS (CVE-2024-22641)
[PHP 8.4] Fix: Curl CURLOPT_BINARYTRANSFER deprecated #675
SVG detection fix for inline data images #646
Fix count svg #647
Since the version 6.7.4, the “0” is considered like empty string and not displayed
Fixed handling of transparency in PDF/A mode in addExtGState method
Encrypt /DA string when document is encrypted
Improve quality of generated seed, avoid potential security pitfall
Try to use random_bytes() first if it’s available
Do not include the server parameters in the generated seed, as they might contain sensitive data
Fix bug on _getannotsrefs when there are empty signature appearances but not other annot on a page
Fix SVG coordinate parser that caused drawing artifacts
Remove usage of xml_set_object() function
Version 6.7.6 (2024-10-06)
Forbid access to parent folder in HTML images.
Version 6.7.5 (2024-04-20)
Update GitHub actions
fix: CSV-2024-22640 (#712)
Version 6.7.4 (2024-03-24)
Upgrade tcpdf tag encryption algorithm.
Fix regression issue #699.
Fix security issue.
[BREAKING CHANGE] The tcpdf HTML tag syntax has changed, see example_049.php.
New K_ALLOWED_TCPDF_TAGS configuration constant to set the allowed methods for the tcdpf HTML tag.
Raised minimum PHP version to PHP 5.5.0.
DSA-5799-1 chromium – security update
Security issues were discovered in Chromium which could result
in the execution of arbitrary code, denial of service, or information
disclosure.