Processed: Re: Bug#814030: Security flaw fixed in version 6.2.0

Processing control commands: > retitle -1 tcpdf: CVE-2017-6100: LFI posting internal files externally > abusing default parameter Bug #814030 {Done: Raphael Hertzog } [php-tcpdf] Security flaw fixed in version 6.2.0 Changed Bug title to 'tcpdf: CVE-2017-6100: LFI posting internal files external

Bug#814030: Security flaw fixed in version 6.2.0

Control: retitle -1 tcpdf: CVE-2017-6100: LFI posting internal files externally abusing default parameter Hi, On Mon, Jan 09, 2017 at 09:39:30PM +0100, Raphael Hertzog wrote: > On Thu, 05 Jan 2017, Raphael Hertzog wrote: > > CCing upstream author for confirmation. Nicola we are trying to underst

Bug#814030: Security flaw fixed in version 6.2.0

On Mon, Jan 09, 2017 at 09:39:30PM +0100, Raphael Hertzog wrote: > Hi everybody, > > On Thu, 05 Jan 2017, Raphael Hertzog wrote: > > CCing upstream author for confirmation. Nicola we are trying to understand > > what security fix went into tcpdf 6.2.0. The bug is private on > > sourceforge, could

Bug#814030: Security flaw fixed in version 6.2.0

Hi everybody, On Thu, 05 Jan 2017, Raphael Hertzog wrote: > CCing upstream author for confirmation. Nicola we are trying to understand > what security fix went into tcpdf 6.2.0. The bug is private on > sourceforge, could you make it public now? The upstream bug is now public: https://sourceforge.

Bug#814030: Security flaw fixed in version 6.2.0

Hi, CCing upstream author for confirmation. Nicola we are trying to understand what security fix went into tcpdf 6.2.0. The bug is private on sourceforge, could you make it public now? For more details see: https://bugs.debian.org/814030 On Wed, 04 Jan 2017, David Prévot wrote: > >> Can you cont

Bug#814030: Security flaw fixed in version 6.2.0

Hi, I just add maintainer and uploader to the loop. Hopefully, they should know something about the package/code/issue. Le 04/01/2017 à 21:42, Salvatore Bonaccorso a écrit : > On Sun, Mar 27, 2016 at 01:33:01PM +0200, Moritz Mühlenhoff wrote: >> On Sun, Feb 07, 2016 at 02:28:04PM -0400, David Pr

Bug#814030: Security flaw fixed in version 6.2.0

Hi David, On Sun, Mar 27, 2016 at 01:33:01PM +0200, Moritz Mühlenhoff wrote: > On Sun, Feb 07, 2016 at 02:28:04PM -0400, David Prévot wrote: > > Package: php-tcpdf > > Version: 6.0.093+dfsg-1 > > Severity: serious > > Tags: security upstream > > > > According to their changelog [1], upstream fixe

Bug#814030: Security flaw fixed in version 6.2.0

On Sun, Feb 07, 2016 at 02:28:04PM -0400, David Prévot wrote: > Package: php-tcpdf > Version: 6.0.093+dfsg-1 > Severity: serious > Tags: security upstream > > According to their changelog [1], upstream fixed a security issue over a > year ago: > > 6.2.0 (2014-12-10) > - Bug #1005 "Security

Bug#814030: Intent to bring php-tcpdf in the Debian PHP PEAR (and Composer) Maintainers team (Was: Bug#814030: Security flaw fixed in version 6.2.0)

Hi David. I have sent to my mentor (Raphael Hertzog), a commit with the new upstream 6.2.12 updated, of TCPDF. If you plan/want to move package maintenance into Debian PHP PEAR umbrella, why not. What will be the benefit and impact ? 2016-02-23 4:33 GMT+01:00 David Prévot : > Hi, > > On Sun, Fe

Bug#814030: Intent to bring php-tcpdf in the Debian PHP PEAR (and Composer) Maintainers team (Was: Bug#814030: Security flaw fixed in version 6.2.0)

Hi, On Sun, Feb 07, 2016 at 02:28:04PM -0400, David Prévot wrote: > Package: php-tcpdf > Version: 6.0.093+dfsg-1 > Severity: serious > Tags: security upstream > > According to their changelog [1], upstream fixed a security issue over a > year ago: […] In order to bring php-tcpdf back in line wit

Bug#814030: Security flaw fixed in version 6.2.0

Package: php-tcpdf Version: 6.0.093+dfsg-1 Severity: serious Tags: security upstream According to their changelog [1], upstream fixed a security issue over a year ago: 6.2.0 (2014-12-10) - Bug #1005 "Security Report, LFI posting internal files externally abusing default parameter" was fi