[SECURITY] [DLA 3158-1] wkhtmltopdf security update

To: <debian-lts-announce@lists.debian.org>
Subject: [SECURITY] [DLA 3158-1] wkhtmltopdf security update
From: Emilio Pozuelo Monfort <pochu@debian.org>
Date: Mon, 24 Oct 2022 18:29:14 +0200 (CEST)
Message-id: <[🔎] 20221024162914.CB2932A2E72@andromeda>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3158-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/               Emilio Pozuelo Monfort
October 24, 2022                              https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : wkhtmltopdf
Version        : 0.12.5-1+deb10u1
CVE ID         : CVE-2020-21365

It was found that wkhtmltopdf, a command line utility to render HTML
files into PDF, allowed local filesystem access by default. This update
disables local filesystem access, but it can be enabled if necessary
with the --enable-local-file-access or the --allow <path> options.

For Debian 10 buster, this problem has been fixed in version
0.12.5-1+deb10u1.

We recommend that you upgrade your wkhtmltopdf packages.

For the detailed security status of wkhtmltopdf please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/wkhtmltopdf

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmNWvVUACgkQnUbEiOQ2
gwK0zBAAo3AOnIL8OuyZaMjFC89GzxxYC8pYLgg6y3rMW/uZxJO4Yhz96odofxJm
v+GKCuPw5ND1rEgTQ1YKQJWE9FG2FHqFRJEA3sGodhqcJ+9DyMAukLg3igaFr24x
numeDuUPDhDesyQoZspeqSOCLzKWEN1mCFJYUkVJdz1txlNqRLmTcWT5DxYMbnEq
45AkkYEqy4Asy+dTdhzAfXlSlpUY2tOvbMGe7mbPKdEuYKpMwcIODOLpzSfpbWbE
gNnBAgeBdwwXXVC5voOyXtLuJb1wF7j8Kd8YBH35qDdK58UuWV7JhrOQt8ckFCHf
ReZY28cKl+sg4LO/heXPDKj8Le9AhLgF65/el1dMD+gZtUKg6gWIZCj6eIwTuN6t
xcfu91nTcDiTgpiND5scn6MrWzYYeT+Cu3O2FidNpYflqsBMfcb7LwTq/PCUzjyS
UCmJ7KWYbYp+pESdZAPvZ/zbNlQMN3aliihLED57YagJIDOt3ghVSlhykyTVfRR/
5CUOPnxtbvgZd8h/Z6v0WOmzthtvv45J8tsnG1ZN9ShT1Ed38WjTketwKosPKHs3
Tq4vwzdTv05xmzwwtNnDvQhgbVKBOVxDx13o1QvsnHynqk/+HO1s2wSa0zkwEkDq
uB07wBv4bEzXuvm8xxOfykHrP9GVEtbjlBt5Jm7WiZdq/p8vsrE=
=vMvQ
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3157-1] bluez security update
Next by Date: [SECURITY] [DLA 3159-1] libbluray bugfix update
Previous by thread: [SECURITY] [DLA 3157-1] bluez security update
Next by thread: [SECURITY] [DLA 3159-1] libbluray bugfix update
Index(es):
- Date
- Thread