Category Archives: Advisories

php-tcpdf-6.7.7-1.fc40

Read Time:46 Second

FEDORA-2024-afeeca72ce

Packages in this update:

php-tcpdf-6.7.7-1.fc40

Update description:

Version 6.7.7 (2024-10-26)

Update regular expression to avoid ReDoS (CVE-2024-22641)
[PHP 8.4] Fix: Curl CURLOPT_BINARYTRANSFER deprecated #675
SVG detection fix for inline data images #646
Fix count svg #647
Since the version 6.7.4, the “0” is considered like empty string and not displayed
Fixed handling of transparency in PDF/A mode in addExtGState method
Encrypt /DA string when document is encrypted
Improve quality of generated seed, avoid potential security pitfall
Try to use random_bytes() first if it’s available
Do not include the server parameters in the generated seed, as they might contain sensitive data
Fix bug on _getannotsrefs when there are empty signature appearances but not other annot on a page
Fix SVG coordinate parser that caused drawing artifacts
Remove usage of xml_set_object() function

Read More

php-tcpdf-6.7.7-1.fc39

Read Time:1 Minute, 12 Second

FEDORA-2024-0b2854c95b

Packages in this update:

php-tcpdf-6.7.7-1.fc39

Update description:

Version 6.7.7 (2024-10-26)

Update regular expression to avoid ReDoS (CVE-2024-22641)
[PHP 8.4] Fix: Curl CURLOPT_BINARYTRANSFER deprecated #675
SVG detection fix for inline data images #646
Fix count svg #647
Since the version 6.7.4, the “0” is considered like empty string and not displayed
Fixed handling of transparency in PDF/A mode in addExtGState method
Encrypt /DA string when document is encrypted
Improve quality of generated seed, avoid potential security pitfall
Try to use random_bytes() first if it’s available
Do not include the server parameters in the generated seed, as they might contain sensitive data
Fix bug on _getannotsrefs when there are empty signature appearances but not other annot on a page
Fix SVG coordinate parser that caused drawing artifacts
Remove usage of xml_set_object() function

Version 6.7.6 (2024-10-06)

Forbid access to parent folder in HTML images.

Version 6.7.5 (2024-04-20)

Update GitHub actions
fix: CSV-2024-22640 (#712)

Version 6.7.4 (2024-03-24)

Upgrade tcpdf tag encryption algorithm.
Fix regression issue #699.
Fix security issue.
[BREAKING CHANGE] The tcpdf HTML tag syntax has changed, see example_049.php.
New K_ALLOWED_TCPDF_TAGS configuration constant to set the allowed methods for the tcdpf HTML tag.
Raised minimum PHP version to PHP 5.5.0.

Read More

chromium-130.0.6723.69-1.fc39

Read Time:14 Second

FEDORA-2024-6a0e07c9c7

Packages in this update:

chromium-130.0.6723.69-1.fc39

Update description:

update to 130.0.6723.69

* High CVE-2024-10229: Inappropriate implementation in Extensions
* High CVE-2024-10230: Type Confusion in V8
* High CVE-2024-10231: Type Confusion in V8

Read More

chromium-130.0.6723.69-1.el8

Read Time:14 Second

FEDORA-EPEL-2024-983c32d3fa

Packages in this update:

chromium-130.0.6723.69-1.el8

Update description:

update to 130.0.6723.69

* High CVE-2024-10229: Inappropriate implementation in Extensions
* High CVE-2024-10230: Type Confusion in V8
* High CVE-2024-10231: Type Confusion in V8

Read More

chromium-130.0.6723.69-1.fc41

Read Time:14 Second

FEDORA-2024-1178c53bb1

Packages in this update:

chromium-130.0.6723.69-1.fc41

Update description:

update to 130.0.6723.69

* High CVE-2024-10229: Inappropriate implementation in Extensions
* High CVE-2024-10230: Type Confusion in V8
* High CVE-2024-10231: Type Confusion in V8

Read More

chromium-130.0.6723.69-1.el9

Read Time:14 Second

FEDORA-EPEL-2024-db9e2d0206

Packages in this update:

chromium-130.0.6723.69-1.el9

Update description:

update to 130.0.6723.69

* High CVE-2024-10229: Inappropriate implementation in Extensions
* High CVE-2024-10230: Type Confusion in V8
* High CVE-2024-10231: Type Confusion in V8

Read More

chromium-130.0.6723.69-1.fc40

Read Time:14 Second

FEDORA-2024-f1117faa03

Packages in this update:

chromium-130.0.6723.69-1.fc40

Update description:

update to 130.0.6723.69

* High CVE-2024-10229: Inappropriate implementation in Extensions
* High CVE-2024-10230: Type Confusion in V8
* High CVE-2024-10231: Type Confusion in V8

Read More