[pkg-php-pear] composer_1.8.4-1+deb10u1_source.changes ACCEPTED into proposed-updates->stable-new
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Thu Apr 29 18:03:25 BST 2021
Mapping stable-security to proposed-updates.
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 27 Apr 2021 18:47:26 -0400
Source: composer
Architecture: source
Version: 1.8.4-1+deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Debian PHP PEAR Maintainers <pkg-php-pear at lists.alioth.debian.org>
Changed-By: David Prévot <taffit at debian.org>
Changes:
composer (1.8.4-1+deb10u1) buster-security; urgency=high
.
* Use debian/buster branch
* Security: Fixed command injection vulnerability.
Fix external process calls to avoid user input being able to pass extra
parameters in HgDriver/HgDownloader and hardened other VCS drivers and
downloaders (GHSA-h5h8-pc6h-jvvx) [CVE-2021-29472]
Checksums-Sha1:
9af4139edce953b988c41ccf1b014886b3d481cb 1904 composer_1.8.4-1+deb10u1.dsc
d202319631cd905aa3b701c1e50a5c5254c2c1ca 406561 composer_1.8.4.orig.tar.gz
bba3b811ad4bb5c032583012c9fb894da122730d 10132 composer_1.8.4-1+deb10u1.debian.tar.xz
6f8ec7c5dbd33bc23f83df69bacc43abf27b2c2c 6607 composer_1.8.4-1+deb10u1_amd64.buildinfo
Checksums-Sha256:
929ed9cfff462e73da62a15b61487109b18519acaa169a7f2e5fb0a21c654c8b 1904 composer_1.8.4-1+deb10u1.dsc
288ab33c8f11f0db4b5883d4a115a8ead8ef1a74c924f3accadc61d220ca22de 406561 composer_1.8.4.orig.tar.gz
b1bf0bb2e9b380b571ea0766b8798e79a5ccd6f74e7e45188bc357f552ada79e 10132 composer_1.8.4-1+deb10u1.debian.tar.xz
adfff81649bde008a3cb02eed442d20bfd0b5993424db7510c67289d4ef8a123 6607 composer_1.8.4-1+deb10u1_amd64.buildinfo
Files:
225717c2d0142c5c0d586ef317e03247 1904 php optional composer_1.8.4-1+deb10u1.dsc
0fb0249cc1047048c91fa1c7c6d706a4 406561 php optional composer_1.8.4.orig.tar.gz
6904f36136877b24326af227cf5092b5 10132 php optional composer_1.8.4-1+deb10u1.debian.tar.xz
05b8242600876bb070d0a62eade2f2f7 6607 php optional composer_1.8.4-1+deb10u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQFGBAEBCAAwFiEEeHVNB7wJXHRI941mBYwc+UT2vTwFAmCKj3ESHHRhZmZpdEBk
ZWJpYW4ub3JnAAoJEAWMHPlE9r08+bgIAITuMGfbKA1IVpfJH3m7vydm6mt47ZVM
1k0jv8pQMxjUeHfysfh3TVfAeAe9dKYZt60Yt02djI2HQTQyqo+MaLEHmhQBSvmf
65Y5dYSRWmxMZxHQBQt/xmIh6Sc/HYnw/dyrNOCEGqPZASXXKGJ2OhXMGO+Mi5K0
oyEOpyI/7vR4mAIZZUHnUWuj9I2+e88GxUKZkkQ45UZrflB6e9Ece46Vth7311aH
4nBpq4FDsyWch1ihB1eZWk6Cg1NP1GmK/DJBktM4dCW9VcizfoAZfRDdTUFQ25tv
krINI9orUi3MxL5tXKB6ki/Y2b9o1PEgYjC7gyoVWv7KIiJKDuJ+65U=
=UVy2
-----END PGP SIGNATURE-----
Thank you for your contribution to Debian.
More information about the pkg-php-pear
mailing list