| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| Replace-sabberworm-php-css-parser-by-php-horde-css-parser.patch | Replace sabberworm/php-css-parser by php-horde-css-parser Because they embed the sources for sabberworm/php-css-parser into php-horde-css-parser |
William Desportes <williamdes@wdes.fr> | not-needed | vendor | 2023-02-02 | |
| Fix-CVE-2023-50251-CVE-2023-50252.patch | Add basic protection against PHAR deserialization This also includes an option to disable external file references. This applies to images and fonts. External file references are allowed by default, but future version will disallow by default. |
Brian Sweeney <bsweeney@aaas.org> | no | debian | upstream | 2023-12-01 |
| Fix-CVE-2024-25117.patch | Update resource validation logic The previous logic did not validate the font-family when set by attribute. To accommodate style validation across all sources the Style class now accepts the Document during construction so that it has access to the allowExternalReferences property regardless of style source. |
Brian Sweeney <bsweeney@aaas.org> | no | debian | upstream | 2024-01-31 |
| Fix-CVE-2023-50251.patch | Prevent circular reference in use elements | Brian Sweeney <bsweeney@aaas.org> | no | debian | upstream | 2023-11-20 |