Bug#814030: marked as done (Security flaw fixed in version 6.2.0)

Sun, 28 Feb 2016 11:45:50 -0800 

Your message dated Sun, 28 Feb 2016 20:41:49 +0100
with message-id <20160228194149.ga1...@home.ouaza.com>
and subject line Closing bugs fixed in php-tcpdf
has caused the Debian Bug report #814030,
regarding Security flaw fixed in version 6.2.0
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
814030: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=814030
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: php-tcpdf
Version: 6.0.093+dfsg-1
Severity: serious
Tags: security upstream

According to their changelog [1], upstream fixed a security issue over a
year ago:

6.2.0 (2014-12-10)
        - Bug #1005 "Security Report, LFI posting internal files externally 
abusing default parameter" was fixed.

        1: https://sourceforge.net/p/tcpdf/code/ci/master/tree/CHANGELOG.TXT

The upstream bug report [2] is not public, so I don’t have much
information about the issue, the fix, nor it’s actual severity.

        2: https://sourceforge.net/p/tcpdf/bugs/1005/

Regards

David

Attachment: signature.asc
Description: PGP signature


--- End Message ---
--- Begin Message --- 
Version: 6.2.12+dfsg-1

I just uploaded a new upstream version that should have closed those bugs but
did not close them because we had to repack (and I forgot the pass the
-v6.0.093+dfsg-1 flag when building):


tcpdf (6.2.12+dfsg2-1) unstable; urgency=medium

  * New upstream version 6.2.12 modified with free version of sRGB.icc. 
    This solve lintian error.

 -- Laurent Destailleur (eldy) <e...@users.sourceforge.net>  Sat, 27 Feb 2016 
19:35:45 +0100

tcpdf (6.2.12+dfsg-1) unstable; urgency=medium

  * New upstream version 6.2.12 (Closes: #814030, #785212)
  * Update license files for qrcodes.php file (Closes: #780051)

 -- Laurent Destailleur (eldy) <e...@users.sourceforge.net>  Tue, 23 Feb 2016 
10:35:45 +0100


-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/

--- End Message ---

Reply via email to