Hi, could someone with more knowledge about PHP look at the following:
https://security-tracker.debian.org/tracker/CVE-2024-22640 https://github.com/zunak/CVE-2024-22640 https://security-tracker.debian.org/tracker/CVE-2024-22641 https://github.com/zunak/CVE-2024-22641 Changing the PoCs to require_once('/usr/share/php/tcpdf/tcpdf.php'); I cannot reproduce the issue in bookworm or jessie, it just seems to work fine already without the fix. Am I doing something stupid here, or is there some reason why we might not be affected by these CVEs? Thanks Adrian
