Merge pull request #14323 from ubc-cpsc/bugfix/CVE-2024-25117

Fixes CVE-2024-25117 php-svg-lib lacks path validation on font through SVG inline styles
2024-02-23 08:05:03 +00:00 · 2024-02-23 08:05:03 +00:00 · d3a0a337b9
commit d3a0a337b9
parent e12d2b2a42 3951ee746d
1 changed files with 6 additions and 6 deletions
--- a/composer.lock
+++ b/composer.lock
@ -6701,16 +6701,16 @@
        },
        {
            "name": "phenx/php-svg-lib",
-            "version": "0.5.1",
+            "version": "0.5.2",
            "source": {
                "type": "git",
                "url": "https://github.com/dompdf/php-svg-lib.git",
-                "reference": "8a8a1ebcf6aea861ef30197999f096f7bd4b4456"
+                "reference": "732faa9fb4309221e2bd9b2fda5de44f947133aa"
            },
            "dist": {
                "type": "zip",
-                "url": "https://api.github.com/repos/dompdf/php-svg-lib/zipball/8a8a1ebcf6aea861ef30197999f096f7bd4b4456",
-                "reference": "8a8a1ebcf6aea861ef30197999f096f7bd4b4456",
+                "url": "https://api.github.com/repos/dompdf/php-svg-lib/zipball/732faa9fb4309221e2bd9b2fda5de44f947133aa",
+                "reference": "732faa9fb4309221e2bd9b2fda5de44f947133aa",
                "shasum": ""
            },
            "require": {
@ -6741,9 +6741,9 @@
            "homepage": "https://github.com/PhenX/php-svg-lib",
            "support": {
                "issues": "https://github.com/dompdf/php-svg-lib/issues",
-                "source": "https://github.com/dompdf/php-svg-lib/tree/0.5.1"
+                "source": "https://github.com/dompdf/php-svg-lib/tree/0.5.2"
            },
-            "time": "2023-12-11T20:56:08+00:00"
+            "time": "2024-02-07T12:49:40+00:00"
        },
        {
            "name": "php-http/message-factory",