Package: php-tcpdf Version: 6.0.093+dfsg-1 Severity: serious Tags: security upstream
According to their changelog [1], upstream fixed a security issue over a
year ago:
6.2.0 (2014-12-10)
- Bug #1005 "Security Report, LFI posting internal files externally
abusing default parameter" was fixed.
1: https://sourceforge.net/p/tcpdf/code/ci/master/tree/CHANGELOG.TXT
The upstream bug report [2] is not public, so I don’t have much
information about the issue, the fix, nor it’s actual severity.
2: https://sourceforge.net/p/tcpdf/bugs/1005/
Regards
David
signature.asc
Description: PGP signature
