-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 29 May 2025 13:17:39 -0300
Source: tcpdf
Binary: php-tcpdf
Architecture: all
Version: 6.6.2+dfsg1-1+deb12u1
Distribution: bookworm-security
Urgency: medium
Maintainer: all / amd64 / i386 Build Daemon (x86-conova-01) <buildd_amd64-x86-conova-01@buildd.debian.org>
Changed-By: Santiago Ruano RincÃ³n <santiagorr@riseup.net>
Description:
 php-tcpdf  - PHP class for generating PDF files on-the-fly
Changes:
 tcpdf (6.6.2+dfsg1-1+deb12u1) bookworm-security; urgency=medium
 .
   * Exclude quilt managed directory .pc/ from phpab in debian/rules
   * Explicitly specify RELEASE: bookworm in d/gitlab-ci.yml
   * Fix CVE-2024-22640: ReDoS (Regular Expression Denial of Service) if
     parsing an untrusted HTML page with a crafted color
   * Fix CVE-2024-22641: ReDoS (Regular Expression Denial of Service) if
     parsing an untrusted SVG file
   * Fix CVE-2024-32489: tcpdf mishandles calls that use HTML syntax
   * Fix CVE-2024-51058: Local File Inclusion (LFI) vulnerability through <img>
     src tag
   * Fix CVE-2024-56519: setSVGStyles does not sanitize the SVG font-family
     attribute
   * Fix CVE-2024-56520: tcpdf, through its use of tc-lib-pdf-font, mishandles
     fonts like FontBBox for Type 1 and incorrectly parses TrueType fonts
   * Fix CVE-2024-56522: unserializeTCPDFtag doesn't make use of constant-time
     function to compare TCPDF tag hashes
   * Fix CVE-2024-56527: the Error function lacks an htmlspecialchars call for
     the error message
   * Update git branch in the VCS-Git d/control field
Checksums-Sha1:
 6a59619483773d1c0682c657c3788be4e7c79b76 7831064 php-tcpdf_6.6.2+dfsg1-1+deb12u1_all.deb
 c829bbed906462b2fc7952ac12c20b17d6f6e56f 6719 tcpdf_6.6.2+dfsg1-1+deb12u1_all-buildd.buildinfo
Checksums-Sha256:
 815072fb33d36f5ee539ac7ce91d3878a83dbfb99b1e235045d1dbd59a55453e 7831064 php-tcpdf_6.6.2+dfsg1-1+deb12u1_all.deb
 32344bfbc977f3148de18ea0e02c70da1c1cc4d28b2bcef8c904dc33312de62b 6719 tcpdf_6.6.2+dfsg1-1+deb12u1_all-buildd.buildinfo
Files:
 14f9004bdd52f8ff3660b5f86fec7b6c 7831064 php optional php-tcpdf_6.6.2+dfsg1-1+deb12u1_all.deb
 953e755cb5a3b8f556e31584e9b7293e 6719 php optional tcpdf_6.6.2+dfsg1-1+deb12u1_all-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEaPzFtKPtF0JrKPV5iZlfn74WV6kFAmg4nGwACgkQiZlfn74W
V6kXmw//QnwAAAjQSohe12gSc+Zn9NfTykAIBvChkIZt5SGg6+W4CG7Xco43cSGW
obeDYc7ccgQsgQuEofEGAv5XVT7Rq62NispaieSsbuLFIRXBke1+CUeqIG2EK8mW
zNorFDwZMTTmCQaxiY5K8276r4OfaoTMtzMsDwLj/THdE47gaHUAYvXivdwrcP+C
DJ9cwEFtEZXcWYiehsWm/dcmMdsEkmbRKueDpXoNEF5cvGYBH0bkiH4Zg1GkInWl
L0/nYTrl9jLAnYaeLjRQjj3iFmiLJsArRIVXxV9uLNJsehGlJ6I9J/cz9MyOE/FY
JX+Q75UdskUIHVVUGayIpTDCrDE+/0RbO4zg5+c7ZViUZcV1/D5l6/ISmdSbiHRv
KzALy1sQPszf9lNJO6nbXN74oSet+ZD+6Vf5lODzisJ0eCJXH6JQF2n7N9+WihAD
rSP755x6/thYglMFGZVZvmJ690/fGxj6ZSyr5W35zeuYB+EcgOLZeVLV37ih/yME
XmBK7ojOYFs1ESMvPIcr9KHCFvC0omxTdD/5/981AWxKfmi5MUQgrSOGzfLVmqsa
QSXmftcYJv4M4LP2VyJYqHYGK/rwwXF7BXLrIHgu3/0sl5JDdAlghh5rrNXWnbko
Ji4gciD25qsY1nsd7+A5t18Rqa49NVCTV7WrVWpSpl5X5oEe83o=
=4rpi
-----END PGP SIGNATURE-----