Debian Patches
Status for tcpdf/6.6.2+dfsg1-1+deb12u1
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 0001-Update-the-composer-example-to-use-the-Debian-includ.patch | Update the composer example to use the Debian include_path way | William Desportes <williamdes@wdes.fr> | not-needed | vendor | 2021-08-19 | |
| 0001-fix-CSV-2024-22640-712.patch | [PATCH] fix: CSV-2024-22640 (#712) Add possessive quantifiers to the regex to prevent catastrophic backtracking. |
Josh <josh.gaby@gmail.com> | yes | upstream | upstream, https://github.com/tecnickcom/TCPDF/commit/05f3a28f4a7905019469e040cf77e53d6aa7f679 | 2024-04-21 |
| 0001-Update-regexp-to-fix-CVE-2024-22641.patch | [PATCH] Update regexp to fix CVE-2024-22641 | nicolaasuni <info@tecnick.com> | no | debian | backport, https://github.com/tecnickcom/TCPDF/commit/17fe9597fb31d3d08c0f02a03338928ab8bcf0b5 | 2024-10-26 |
| CVE-2024-32489.patch | Fix for CVE-2024-32489: mishandled calls that use HTML This patch is extracted from upstream commit 82fc97b "Squash multiple fixes", by nicolaasuni <info@tecnick.com>, taking only changes relevant to CVE-2024-32489. =================================================================== |
Santiago Ruano Rincón <santiagorr@riseup.net> | no | backport, https://github.com/tecnickcom/TCPDF/commit/82fc97bf1c74c8dbe62b1d3cc6d10fa4b87e0262 | ||
| CVE-2024-51058.patch | [PATCH] Forbid access to parent folder in HTML images | nicolaasuni <info@tecnick.com> | no | debian | backport, https://github.com/tecnickcom/TCPDF/commit/bfa7d2b6d455ebf72ebe3d48fbd487ee5a1f6f3b | 2024-10-06 |
| CVE-2024-56519.patch | [PATCH] Sanitize font-family attribute. | nicolaasuni <info@tecnick.com> | no | debian | 2024-12-23 | |
| CVE-2024-56520.patch | [PATCH] Add some addTTFfont fixes from tc-lib-pdf-font | nicolaasuni <info@tecnick.com> | no | debian | backport, https://github.com/tecnickcom/TCPDF/commit/a0a02efe487cc39bd5223359e916dbeafb5cd6fe | 2024-12-23 |
| CVE-2024-56522.patch | [PATCH] Use strict time-constant function to compare TCPDF-tag hashes. | nicolaasuni <info@tecnick.com> | no | debian | backport, https://github.com/tecnickcom/TCPDF/commit/d54b97cec33f4f1a5ad81119a82085cad93cec89 | 2024-12-23 |
| CVE-2024-56527.patch | [PATCH] Escape error message | nicolaasuni <info@tecnick.com> | no | debian | backport, https://github.com/tecnickcom/TCPDF/commit/11778aaa2d9e30a9ae1c1ee97ff349344f0ad6e1 | 2024-12-23 |
All known versions for source package 'tcpdf'
- 6.9.1+dfsg-1 (sid, trixie, forky)
- 6.9.1+dfsg-1~bpo12+1 (bookworm-backports)
- 6.6.2+dfsg1-1+deb12u1 (bookworm, bookworm-security)