[pkg-php-pear] php-pear_1.10.6+submodules+notgz-1.1+deb10u2_source.changes ACCEPTED into proposed-updates->stable-new
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Tue Apr 20 19:46:10 BST 2021
Mapping stable-security to proposed-updates.
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 17 Apr 2021 14:08:59 +0200
Source: php-pear
Architecture: source
Version: 1:1.10.6+submodules+notgz-1.1+deb10u2
Distribution: buster-security
Urgency: high
Maintainer: Debian PHP PEAR Maintainers <pkg-php-pear at lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <carnil at debian.org>
Closes: 980428
Changes:
php-pear (1:1.10.6+submodules+notgz-1.1+deb10u2) buster-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* directory traversal due to inadequate checking of symbolic links
(CVE-2020-36193) (Closes: #980428)
- Disallow symlinks to out-of-path filenames
- Add testcase for relative and in-path symlink
- Fix out-of-path check for virtual relative symlink
- PHP compat fix
Checksums-Sha1:
802f7b83ece0656a194ff71b8142f0de4a6f7dd6 2284 php-pear_1.10.6+submodules+notgz-1.1+deb10u2.dsc
511395dad1e6ce18f5b44b0d78f1ac69ce53bff2 8680 php-pear_1.10.6+submodules+notgz-1.1+deb10u2.debian.tar.xz
ace60a2001a310de987c6d09ba4dfff48638c367 6675 php-pear_1.10.6+submodules+notgz-1.1+deb10u2_source.buildinfo
Checksums-Sha256:
dcc92530a0f52b4df8bbb136bc2e46e560489856fa754a8a765e82ea83d5cf41 2284 php-pear_1.10.6+submodules+notgz-1.1+deb10u2.dsc
ad21a14d6ef907bfd710b9535cfb30a95071b3c4d341bf2dc6f21e20af52212a 8680 php-pear_1.10.6+submodules+notgz-1.1+deb10u2.debian.tar.xz
4736544b8aa6e27b1947a0f1b675a817e1fd68e07ecf4633f2f81ded03da5f9b 6675 php-pear_1.10.6+submodules+notgz-1.1+deb10u2_source.buildinfo
Files:
d019eeebce1af0ced3278452c43c86f0 2284 php optional php-pear_1.10.6+submodules+notgz-1.1+deb10u2.dsc
27d8b2902bd8bdcce0a8235a89e25d1a 8680 php optional php-pear_1.10.6+submodules+notgz-1.1+deb10u2.debian.tar.xz
9fe8fe3f70eed1ee92a359dfe11a1d4f 6675 php optional php-pear_1.10.6+submodules+notgz-1.1+deb10u2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmB7K+pfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89E7FoP/RsAMjfLiG6c6WfZB/2XKLkCMuV0DQ0Z
ttQIMraWYX8cVGfs+C6eDcqm+LxZj5rdnCQATMMMfZBwLn6XXsA7gOcADGbqkjC1
dYe3iMGGFhTGB9nmGdAxWlaWr5iOGF9ZHf/j5WgYU6nq4yumKD2XSd2AqtlMox0t
oqHcAkw3fP1vikHti81xW6zPiEuSH2Ewei4L69WNqFexB+hlW7ahH+pQGaJTNYPl
7pGMqhBvxm6YsDrLr1/Km9fVIPDeltcg6mXtjlTmekKdqEq3eK+CAQDiSO+CJ24T
MZatlTpzU3mQtOJ0k2uBlSVZ4A8o8P4xLA2G2eN96nBebVBekY3n+X6LEHuxAglK
2RjCafGXPqx0U6j6PSA1oGSgsuaPTBTtbW2clxIgUDQ/ruKrhmNl0u6RBOwlFMGy
LSYX4RNJlJ3FiYNkk+xLD0b1tDHqlgu/3xMKUN1Saz/ZlXKnaHAx1lO5u1kh+h4I
5xgk8u660dp1FS3JbWZyCpHmDA2ZaYrDKmVDc2+lBNVa/kFkWUvV45OoeS38Y65p
i3AdWz1oJ1V1Krswg0qNd/4h+0Lm49kYBxLZj9iVvTMPWuZRrnM8/BwfNzMqYYF8
0dwhYaouOWe/Z2k/PZ+6PHgVvghtlFrhPneTvcByAJGO4+XA7wNBrYMYsibKkzQz
svoF6bPoHYpY
=sgi3
-----END PGP SIGNATURE-----
Thank you for your contribution to Debian.
More information about the pkg-php-pear
mailing list