[pkg-php-pear] Bug#1057036: Lots of embedded copies, including many that are already packaged in Debian
David Prévot
taffit at debian.org
Tue Nov 28 12:52:57 GMT 2023
Source: ldap-account-manager
Version: 8.5-1
Severity: important
Tags: security
X-Debbugs-Cc: Debian PHP PEAR Maintainers <pkg-php-pear at lists.alioth.debian.org>, Debian Security Team <team at security.debian.org>
Hi,
Just noticed via #1057008 and especially [CVE-2023-49316] notes, that
ldap-account-manager includes an insane amount of third party package in
(but not only) lib/3rdParty/composer. Many of those are already packaged
and maintained in Debian.
Please consider using (and, if needed, introducing) the proper
dependencies.
CVE-2023-49316: https://security-tracker.debian.org/tracker/CVE-2023-49316
Regards,
taffit
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-php-pear/attachments/20231128/87d6c69c/attachment.sig>
More information about the pkg-php-pear
mailing list