Post Content
Category Archives: Advisories
DSA-5800-1 xorg-server – security update
Jan-Niklas Sohn discovered that a heap-based buffer overflow in the
_XkbSetCompatMap function in the X Keyboard Extension of the X.org X
server may result in privilege escalation if the X server is running
privileged.
syncthing-1.28.0-1.fc41
FEDORA-2024-aa6e72c713
Packages in this update:
syncthing-1.28.0-1.fc41
Update description:
Update to version 1.28.0.
Release notes: https://github.com/syncthing/syncthing/releases/tag/v1.28.0
syncthing-1.28.0-1.el9
FEDORA-EPEL-2024-6caeb5a95f
Packages in this update:
syncthing-1.28.0-1.el9
Update description:
Update to version 1.28.0.
Release notes: https://github.com/syncthing/syncthing/releases/tag/v1.28.0
syncthing-1.28.0-1.fc40
FEDORA-2024-4d24786142
Packages in this update:
syncthing-1.28.0-1.fc40
Update description:
Update to version 1.28.0.
Release notes: https://github.com/syncthing/syncthing/releases/tag/v1.28.0
syncthing-1.28.0-1.fc39
FEDORA-2024-4fc7cdc194
Packages in this update:
syncthing-1.28.0-1.fc39
Update description:
Update to version 1.28.0.
Release notes: https://github.com/syncthing/syncthing/releases/tag/v1.28.0
syncthing-1.28.0-1.el8
FEDORA-EPEL-2024-01e6624836
Packages in this update:
syncthing-1.28.0-1.el8
Update description:
Update to version 1.28.0.
Release notes: https://github.com/syncthing/syncthing/releases/tag/v1.28.0
php-tcpdf-6.7.7-1.fc41
FEDORA-2024-b00678c08a
Packages in this update:
php-tcpdf-6.7.7-1.fc41
Update description:
Version 6.7.7 (2024-10-26)
Update regular expression to avoid ReDoS (CVE-2024-22641)
[PHP 8.4] Fix: Curl CURLOPT_BINARYTRANSFER deprecated #675
SVG detection fix for inline data images #646
Fix count svg #647
Since the version 6.7.4, the “0” is considered like empty string and not displayed
Fixed handling of transparency in PDF/A mode in addExtGState method
Encrypt /DA string when document is encrypted
Improve quality of generated seed, avoid potential security pitfall
Try to use random_bytes() first if it’s available
Do not include the server parameters in the generated seed, as they might contain sensitive data
Fix bug on _getannotsrefs when there are empty signature appearances but not other annot on a page
Fix SVG coordinate parser that caused drawing artifacts
Remove usage of xml_set_object() function
php-tcpdf-6.7.7-1.fc40
FEDORA-2024-afeeca72ce
Packages in this update:
php-tcpdf-6.7.7-1.fc40
Update description:
Version 6.7.7 (2024-10-26)
Update regular expression to avoid ReDoS (CVE-2024-22641)
[PHP 8.4] Fix: Curl CURLOPT_BINARYTRANSFER deprecated #675
SVG detection fix for inline data images #646
Fix count svg #647
Since the version 6.7.4, the “0” is considered like empty string and not displayed
Fixed handling of transparency in PDF/A mode in addExtGState method
Encrypt /DA string when document is encrypted
Improve quality of generated seed, avoid potential security pitfall
Try to use random_bytes() first if it’s available
Do not include the server parameters in the generated seed, as they might contain sensitive data
Fix bug on _getannotsrefs when there are empty signature appearances but not other annot on a page
Fix SVG coordinate parser that caused drawing artifacts
Remove usage of xml_set_object() function
php-tcpdf-6.7.7-1.fc39
FEDORA-2024-0b2854c95b
Packages in this update:
php-tcpdf-6.7.7-1.fc39
Update description:
Version 6.7.7 (2024-10-26)
Update regular expression to avoid ReDoS (CVE-2024-22641)
[PHP 8.4] Fix: Curl CURLOPT_BINARYTRANSFER deprecated #675
SVG detection fix for inline data images #646
Fix count svg #647
Since the version 6.7.4, the “0” is considered like empty string and not displayed
Fixed handling of transparency in PDF/A mode in addExtGState method
Encrypt /DA string when document is encrypted
Improve quality of generated seed, avoid potential security pitfall
Try to use random_bytes() first if it’s available
Do not include the server parameters in the generated seed, as they might contain sensitive data
Fix bug on _getannotsrefs when there are empty signature appearances but not other annot on a page
Fix SVG coordinate parser that caused drawing artifacts
Remove usage of xml_set_object() function
Version 6.7.6 (2024-10-06)
Forbid access to parent folder in HTML images.
Version 6.7.5 (2024-04-20)
Update GitHub actions
fix: CSV-2024-22640 (#712)
Version 6.7.4 (2024-03-24)
Upgrade tcpdf tag encryption algorithm.
Fix regression issue #699.
Fix security issue.
[BREAKING CHANGE] The tcpdf HTML tag syntax has changed, see example_049.php.
New K_ALLOWED_TCPDF_TAGS configuration constant to set the allowed methods for the tcdpf HTML tag.
Raised minimum PHP version to PHP 5.5.0.