[Secure-testing-team] Bug#814030: Security flaw fixed in version 6.2.0
David Prévot
taffit at debian.org
Sun Feb 7 18:28:04 UTC 2016
Package: php-tcpdf
Version: 6.0.093+dfsg-1
Severity: serious
Tags: security upstream
According to their changelog [1], upstream fixed a security issue over a
year ago:
6.2.0 (2014-12-10)
- Bug #1005 "Security Report, LFI posting internal files externally abusing default parameter" was fixed.
1: https://sourceforge.net/p/tcpdf/code/ci/master/tree/CHANGELOG.TXT
The upstream bug report [2] is not public, so I don’t have much
information about the issue, the fix, nor it’s actual severity.
2: https://sourceforge.net/p/tcpdf/bugs/1005/
Regards
David
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20160207/ca36cf0d/attachment.sig>
More information about the Secure-testing-team
mailing list