Re: tcpdf {old,}stable security update (was: PHP ReDoS question)

Bonjour William, hello security team, El 16/05/25 a las 17:37, Santiago Ruano Rincón escribió: > El 16/05/25 a las 21:08, William Desportes escribió: > > Hello, > > > > Thank you for reaching out to me. > > Do you have access to the salsa repository? [...] This is a quick update about fixing th

Re: tcpdf {old,}stable security update (was: PHP ReDoS question)

El 16/05/25 a las 21:08, William Desportes escribió: > Hello, > > Thank you for reaching out to me. > Do you have access to the salsa repository? Not yet. Could you please give me push access? > I would like to have the collaboration pushed there. That would be ideal, indeed! > Sure it is best

Re: tcpdf {old,}stable security update (was: PHP ReDoS question)

Hello, Thank you for reaching out to me. Do you have access to the salsa repository? I would like to have the collaboration pushed there. Sure it is best to extract the commit For another CVE maybe the one you are searching for:

tcpdf {old,}stable security update (was: PHP ReDoS question)

Hello William, hello all, This is just a quick heads-up about my on-going work to prepare a security update for tcpdf, and to avoid any double-work. Among the currently open CVEs [tcpdf], the most complex backport seems to be CVE-2024-32489, since among the two referenced commits, the only one th

Re: PHP ReDoS question

Le vendredi 20 décembre 2024, 08:03:49 UTC Adrian Bunk a écrit : > Hi, > > could someone with more knowledge about PHP look at the following: > > https://security-tracker.debian.org/tracker/CVE-2024-22640 > https://github.com/zunak/CVE-2024-22640 > https://security-tracker.debian.org/tracker/CVE-

PHP ReDoS question

Hi, could someone with more knowledge about PHP look at the following: https://security-tracker.debian.org/tracker/CVE-2024-22640 https://github.com/zunak/CVE-2024-22640 https://security-tracker.debian.org/tracker/CVE-2024-22641 https://github.com/zunak/CVE-2024-22641 Changing the PoCs to requ