Package: php-dompdf Version: 0.6.1+dfsg-2 Severity: serious Tags: security upstream
Hi, I’ve just noticed that php-dompdf upstream released “a security-focused release that addresses a number of vulnerabilities that can expose your system to exploitation.” [CVE-2014-5011], [CVE-2014-5012] and [CVE-2014-5013] have been assigned to these issues, but I don’t have much input about them. I believe we should simply remove this leaf package from Jessie (along with php-font-lib that is only used by php-dompdf). I’ll follow up with an RM request if the security team agrees with that option. This bug will soon force the auto-removal of this package from testing, and unless someone steps up to adopt it (#748604), we may also remove it from unstable. Regards David
signature.asc
Description: PGP signature
_______________________________________________ Secure-testing-team mailing list Secure-testing-team@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team