Merge pull request #14038 from ubc-cpsc/bugfix/CVE-2023-50251

Fixes CVE-2023-50251 and CVE-2023-50262 DoS on parsing SVG
This commit is contained in:
snipe 2023-12-19 14:00:13 +00:00 committed by GitHub
commit aca51d992b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

40
composer.lock generated
View file

@ -1810,16 +1810,16 @@
},
{
"name": "dompdf/dompdf",
"version": "v2.0.3",
"version": "v2.0.4",
"source": {
"type": "git",
"url": "https://github.com/dompdf/dompdf.git",
"reference": "e8d2d5e37e8b0b30f0732a011295ab80680d7e85"
"reference": "093f2d9739cec57428e39ddadedfd4f3ae862c0f"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/dompdf/dompdf/zipball/e8d2d5e37e8b0b30f0732a011295ab80680d7e85",
"reference": "e8d2d5e37e8b0b30f0732a011295ab80680d7e85",
"url": "https://api.github.com/repos/dompdf/dompdf/zipball/093f2d9739cec57428e39ddadedfd4f3ae862c0f",
"reference": "093f2d9739cec57428e39ddadedfd4f3ae862c0f",
"shasum": ""
},
"require": {
@ -1866,9 +1866,9 @@
"homepage": "https://github.com/dompdf/dompdf",
"support": {
"issues": "https://github.com/dompdf/dompdf/issues",
"source": "https://github.com/dompdf/dompdf/tree/v2.0.3"
"source": "https://github.com/dompdf/dompdf/tree/v2.0.4"
},
"time": "2023-02-07T12:51:48+00:00"
"time": "2023-12-12T20:19:39+00:00"
},
{
"name": "dragonmantank/cron-expression",
@ -5275,26 +5275,24 @@
},
{
"name": "masterminds/html5",
"version": "2.7.6",
"version": "2.8.1",
"source": {
"type": "git",
"url": "https://github.com/Masterminds/html5-php.git",
"reference": "897eb517a343a2281f11bc5556d6548db7d93947"
"reference": "f47dcf3c70c584de14f21143c55d9939631bc6cf"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/Masterminds/html5-php/zipball/897eb517a343a2281f11bc5556d6548db7d93947",
"reference": "897eb517a343a2281f11bc5556d6548db7d93947",
"url": "https://api.github.com/repos/Masterminds/html5-php/zipball/f47dcf3c70c584de14f21143c55d9939631bc6cf",
"reference": "f47dcf3c70c584de14f21143c55d9939631bc6cf",
"shasum": ""
},
"require": {
"ext-ctype": "*",
"ext-dom": "*",
"ext-libxml": "*",
"php": ">=5.3.0"
},
"require-dev": {
"phpunit/phpunit": "^4.8.35 || ^5.7.21 || ^6 || ^7"
"phpunit/phpunit": "^4.8.35 || ^5.7.21 || ^6 || ^7 || ^8"
},
"type": "library",
"extra": {
@ -5338,9 +5336,9 @@
],
"support": {
"issues": "https://github.com/Masterminds/html5-php/issues",
"source": "https://github.com/Masterminds/html5-php/tree/2.7.6"
"source": "https://github.com/Masterminds/html5-php/tree/2.8.1"
},
"time": "2022-08-18T16:18:26+00:00"
"time": "2023-05-10T11:58:31+00:00"
},
{
"name": "maximebf/debugbar",
@ -6576,16 +6574,16 @@
},
{
"name": "phenx/php-svg-lib",
"version": "0.5.0",
"version": "0.5.1",
"source": {
"type": "git",
"url": "https://github.com/dompdf/php-svg-lib.git",
"reference": "76876c6cf3080bcb6f249d7d59705108166a6685"
"reference": "8a8a1ebcf6aea861ef30197999f096f7bd4b4456"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/dompdf/php-svg-lib/zipball/76876c6cf3080bcb6f249d7d59705108166a6685",
"reference": "76876c6cf3080bcb6f249d7d59705108166a6685",
"url": "https://api.github.com/repos/dompdf/php-svg-lib/zipball/8a8a1ebcf6aea861ef30197999f096f7bd4b4456",
"reference": "8a8a1ebcf6aea861ef30197999f096f7bd4b4456",
"shasum": ""
},
"require": {
@ -6616,9 +6614,9 @@
"homepage": "https://github.com/PhenX/php-svg-lib",
"support": {
"issues": "https://github.com/dompdf/php-svg-lib/issues",
"source": "https://github.com/dompdf/php-svg-lib/tree/0.5.0"
"source": "https://github.com/dompdf/php-svg-lib/tree/0.5.1"
},
"time": "2022-09-06T12:16:56+00:00"
"time": "2023-12-11T20:56:08+00:00"
},
{
"name": "php-http/message-factory",