Package: php-dompdf-svg-lib

Package: php-dompdf-svg-lib / 0.5.0-3+deb12u1

Package	Version	Patches format
php-dompdf-svg-lib	0.5.0-3+deb12u1	3.0 (quilt)

Patch	File delta	Description
Replace sabberworm php css parser by php horde css parser.patch \| (download)	composer.json \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	replace sabberworm/php-css-parser by php-horde-css-parser Because they embed the sources for sabberworm/php-css-parser into php-horde-css-parser
Fix CVE 2023 50251 CVE 2023 50252.patch \| (download)	src/Svg/Document.php \| 2 2 + 0 - 0 ! src/Svg/Style.php \| 10 10 + 0 - 0 ! src/Svg/Tag/Image.php \| 4 4 + 0 - 0 ! 3 files changed, 16 insertions(+)	add basic protection against phar deserialization This also includes an option to disable external file references. This applies to images and fonts. External file references are allowed by default, but future version will disallow by default.
Fix CVE 2024 25117.patch \| (download)	src/Svg/Document.php \| 2 1 + 1 - 0 ! src/Svg/Style.php \| 27 17 + 10 - 0 ! src/Svg/Tag/AbstractTag.php \| 2 1 + 1 - 0 ! src/Svg/Tag/Image.php \| 6 5 + 1 - 0 ! 4 files changed, 24 insertions(+), 13 deletions(-)	update resource validation logic The previous logic did not validate the font-family when set by attribute. To accommodate style validation across all sources the Style class now accepts the Document during construction so that it has access to the allowExternalReferences property regardless of style source.
Fix CVE 2023 50251.patch \| (download)	src/Svg/Tag/UseTag.php \| 20 20 + 0 - 0 ! 1 file changed, 20 insertions(+)	prevent circular reference in use elements

Patch	File delta	Description
Replace sabberworm php css parser by php horde css parser.patch \| (download)	composer.json \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	replace sabberworm/php-css-parser by php-horde-css-parser Because they embed the sources for sabberworm/php-css-parser into php-horde-css-parser
Fix CVE 2023 50251 CVE 2023 50252.patch \| (download)	src/Svg/Document.php \| 2 2 + 0 - 0 ! src/Svg/Style.php \| 10 10 + 0 - 0 ! src/Svg/Tag/Image.php \| 4 4 + 0 - 0 ! 3 files changed, 16 insertions(+)	add basic protection against phar deserialization This also includes an option to disable external file references. This applies to images and fonts. External file references are allowed by default, but future version will disallow by default.
Fix CVE 2024 25117.patch \| (download)	src/Svg/Document.php \| 2 1 + 1 - 0 ! src/Svg/Style.php \| 27 17 + 10 - 0 ! src/Svg/Tag/AbstractTag.php \| 2 1 + 1 - 0 ! src/Svg/Tag/Image.php \| 6 5 + 1 - 0 ! 4 files changed, 24 insertions(+), 13 deletions(-)	update resource validation logic The previous logic did not validate the font-family when set by attribute. To accommodate style validation across all sources the Style class now accepts the Document during construction so that it has access to the allowExternalReferences property regardless of style source.
Fix CVE 2023 50251.patch \| (download)	src/Svg/Tag/UseTag.php \| 20 20 + 0 - 0 ! 1 file changed, 20 insertions(+)	prevent circular reference in use elements