Fedora 40 Update: php-tcpdf-6.8.0-1.fc40
Fedora 41 Update: firefox-134.0-1.fc41
Fedora 41 Update: mupdf-1.24.6-4.fc41
Fedora 41 Update: php-tcpdf-6.8.0-1.fc41
[SECURITY] Fedora 40 Update: php-tcpdf-6.8.0-1.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-d6b0e72e3d
2025-01-08 03:05:51.306082+00:00
--------------------------------------------------------------------------------
Name : php-tcpdf
Product : Fedora 40
Version : 6.8.0
Release : 1.fc40
URL : http://www.tcpdf.org
Summary : PHP class for generating PDF documents and barcodes
Description :
PHP class for generating PDF documents.
* no external libraries are required for the basic functions;
* all standard page formats, custom page formats, custom margins and units
of measure;
* UTF-8 Unicode and Right-To-Left languages;
* TrueTypeUnicode, OpenTypeUnicode, TrueType, OpenType, Type1 and CID-0 fonts;
* font subsetting;
* methods to publish some XHTML + CSS code, Javascript and Forms;
* images, graphic (geometric figures) and transformation methods;
* supports JPEG, PNG and SVG images natively, all images supported by GD
(GD, GD2, GD2PART, GIF, JPEG, PNG, BMP, XBM, XPM) and all images supported
via ImagMagick (http: www.imagemagick.org/www/formats.html)
* 1D and 2D barcodes: CODE 39, ANSI MH10.8M-1983, USD-3, 3 of 9, CODE 93,
USS-93, Standard 2 of 5, Interleaved 2 of 5, CODE 128 A/B/C, 2 and 5 Digits
UPC-Based Extention, EAN 8, EAN 13, UPC-A, UPC-E, MSI, POSTNET, PLANET,
RMS4CC (Royal Mail 4-state Customer Code), CBC (Customer Bar Code),
KIX (Klant index - Customer index), Intelligent Mail Barcode, Onecode,
USPS-B-3200, CODABAR, CODE 11, PHARMACODE, PHARMACODE TWO-TRACKS,
Datamatrix ECC200, QR-Code, PDF417;
* ICC Color Profiles, Grayscale, RGB, CMYK, Spot Colors and Transparencies;
* automatic page header and footer management;
* document encryption up to 256 bit and digital signature certifications;
* transactions to UNDO commands;
* PDF annotations, including links, text and file attachments;
* text rendering modes (fill, stroke and clipping);
* multiple columns mode;
* no-write page regions;
* bookmarks and table of content;
* text hyphenation;
* text stretching and spacing (tracking/kerning);
* automatic page break, line break and text alignments including justification;
* automatic page numbering and page groups;
* move and delete pages;
* page compression (requires php-zlib extension);
* XOBject templates;
* PDF/A-1b (ISO 19005-1:2005) support.
By default, TCPDF uses the GD library which is know as slower than ImageMagick
solution. You can optionally install php-pecl-imagick; TCPDF will use it.
--------------------------------------------------------------------------------
Update Information:
Version 6.8.0 (2024-12-23)
Requires PHP 7.1+ and curl extension.
Escape error message.
Use strict time-constant function to compare TCPDF-tag hashes.
Add K_CURLOPTS config array to set custom cURL options (NOTE: some defaults have
changed).
Add some addTTFfont fixes from tc-lib-pdf-font.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 23 2024 Remi Collet [remi@remirepo.net] - 6.8.0-1
- update to 6.8.0
- raise dependency on PHP 7.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2334288 - CVE-2024-56522 php-tcpdf: unserializeTCPDFtag uses != (aka loose comparison) and does not use a constant-time function to compare TCPDF tag hashes [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2334288
[ 2 ] Bug #2334292 - CVE-2024-56519 php-tcpdf: setSVGStyles does not sanitize the SVG font-family attribute [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2334292
[ 3 ] Bug #2334297 - CVE-2024-56521 php-tcpdf: CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are set unsafely when libcurl is used [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2334297
[ 4 ] Bug #2334342 - CVE-2024-56527 php-tcpdf: Error function lacks an htmlspecialchars call for the error message. [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2334342
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-d6b0e72e3d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: firefox-134.0-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-6fcde64d77
2025-01-08 02:05:34.785750+00:00
--------------------------------------------------------------------------------
Name : firefox
Product : Fedora 41
Version : 134.0
Release : 1.fc41
URL : https://www.mozilla.org/firefox/
Summary : Mozilla Firefox Web browser
Description :
Mozilla Firefox is an open-source web browser, designed for standards
compliance, performance and portability.
--------------------------------------------------------------------------------
Update Information:
Updated to latest upstream (134.0)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 2 2025 Martin Stransky [stransky@redhat.com] - 134.0-1
- Updated to 134.0
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-6fcde64d77' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: mupdf-1.24.6-4.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-7d002ee0e7
2025-01-08 02:05:34.785701+00:00
--------------------------------------------------------------------------------
Name : mupdf
Product : Fedora 41
Version : 1.24.6
Release : 4.fc41
URL : http://mupdf.com/
Summary : A lightweight PDF viewer and toolkit
Description :
MuPDF is a lightweight PDF viewer and toolkit written in portable C.
The renderer in MuPDF is tailored for high quality anti-aliased
graphics. MuPDF renders text with metrics and spacing accurate to
within fractions of a pixel for the highest fidelity in reproducing
the look of a printed page on screen.
MuPDF has a small footprint. A binary that includes the standard
Roman fonts is only one megabyte. A build with full CJK support
(including an Asian font) is approximately seven megabytes.
MuPDF has support for all non-interactive PDF 1.7 features, and the
toolkit provides a simple API for accessing the internal structures of
the PDF document. Example code for navigating interactive links and
bookmarks, encrypting PDF files, extracting fonts, images, and
searchable text, and rendering pages to image files is provided.
--------------------------------------------------------------------------------
Update Information:
fix CVE-2024-46657 (rhbz#2331627)
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jan 5 2025 Michael J Gruber [mjg@fedoraproject.org] - 1.24.6-4
- fix CVE-2024-46657 (rhbz#2331627)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2331627 - CVE-2024-46657 mupdf: segmentation fault via tools/pdfextract.c [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2331627
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-7d002ee0e7' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: php-tcpdf-6.8.0-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-7d6412477b
2025-01-08 02:05:34.785563+00:00
--------------------------------------------------------------------------------
Name : php-tcpdf
Product : Fedora 41
Version : 6.8.0
Release : 1.fc41
URL : http://www.tcpdf.org
Summary : PHP class for generating PDF documents and barcodes
Description :
PHP class for generating PDF documents.
* no external libraries are required for the basic functions;
* all standard page formats, custom page formats, custom margins and units
of measure;
* UTF-8 Unicode and Right-To-Left languages;
* TrueTypeUnicode, OpenTypeUnicode, TrueType, OpenType, Type1 and CID-0 fonts;
* font subsetting;
* methods to publish some XHTML + CSS code, Javascript and Forms;
* images, graphic (geometric figures) and transformation methods;
* supports JPEG, PNG and SVG images natively, all images supported by GD
(GD, GD2, GD2PART, GIF, JPEG, PNG, BMP, XBM, XPM) and all images supported
via ImagMagick (http: www.imagemagick.org/www/formats.html)
* 1D and 2D barcodes: CODE 39, ANSI MH10.8M-1983, USD-3, 3 of 9, CODE 93,
USS-93, Standard 2 of 5, Interleaved 2 of 5, CODE 128 A/B/C, 2 and 5 Digits
UPC-Based Extention, EAN 8, EAN 13, UPC-A, UPC-E, MSI, POSTNET, PLANET,
RMS4CC (Royal Mail 4-state Customer Code), CBC (Customer Bar Code),
KIX (Klant index - Customer index), Intelligent Mail Barcode, Onecode,
USPS-B-3200, CODABAR, CODE 11, PHARMACODE, PHARMACODE TWO-TRACKS,
Datamatrix ECC200, QR-Code, PDF417;
* ICC Color Profiles, Grayscale, RGB, CMYK, Spot Colors and Transparencies;
* automatic page header and footer management;
* document encryption up to 256 bit and digital signature certifications;
* transactions to UNDO commands;
* PDF annotations, including links, text and file attachments;
* text rendering modes (fill, stroke and clipping);
* multiple columns mode;
* no-write page regions;
* bookmarks and table of content;
* text hyphenation;
* text stretching and spacing (tracking/kerning);
* automatic page break, line break and text alignments including justification;
* automatic page numbering and page groups;
* move and delete pages;
* page compression (requires php-zlib extension);
* XOBject templates;
* PDF/A-1b (ISO 19005-1:2005) support.
By default, TCPDF uses the GD library which is know as slower than ImageMagick
solution. You can optionally install php-pecl-imagick; TCPDF will use it.
--------------------------------------------------------------------------------
Update Information:
Version 6.8.0 (2024-12-23)
Requires PHP 7.1+ and curl extension.
Escape error message.
Use strict time-constant function to compare TCPDF-tag hashes.
Add K_CURLOPTS config array to set custom cURL options (NOTE: some defaults have
changed).
Add some addTTFfont fixes from tc-lib-pdf-font.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 23 2024 Remi Collet [remi@remirepo.net] - 6.8.0-1
- update to 6.8.0
- raise dependency on PHP 7.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2334296 - CVE-2024-56522 php-tcpdf: unserializeTCPDFtag uses != (aka loose comparison) and does not use a constant-time function to compare TCPDF tag hashes [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2334296
[ 2 ] Bug #2334301 - CVE-2024-56519 php-tcpdf: setSVGStyles does not sanitize the SVG font-family attribute [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2334301
[ 3 ] Bug #2334304 - CVE-2024-56521 php-tcpdf: CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are set unsafely when libcurl is used [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2334304
[ 4 ] Bug #2334345 - CVE-2024-56527 php-tcpdf: Error function lacks an htmlspecialchars call for the error message. [fedora-41]
https://bugzilla.redhat.com/show_bug.cgi?id=2334345
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-7d6412477b' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--