Package: php-tcpdf Version: 6.0.093+dfsg-1 Severity: serious Tags: security upstream
According to their changelog [1], upstream fixed a security issue over a year ago: 6.2.0 (2014-12-10) - Bug #1005 "Security Report, LFI posting internal files externally abusing default parameter" was fixed. 1: https://sourceforge.net/p/tcpdf/code/ci/master/tree/CHANGELOG.TXT The upstream bug report [2] is not public, so I don’t have much information about the issue, the fix, nor it’s actual severity. 2: https://sourceforge.net/p/tcpdf/bugs/1005/ Regards David
signature.asc
Description: PGP signature