[pkg-php-pear] Bug#1002728: php-illuminate-validation: Failure to block the upload of executable PHP content
Robin Gustafsson
robin at rgson.se
Tue Dec 28 12:14:34 GMT 2021
Package: php-illuminate-validation
Version: 6.20.14+dfsg-2
Severity: important
Tags: upstream security
X-Debbugs-Cc: Debian Security Team <team at security.debian.org>
A security issue (CVE-2021-43617) has been published regarding the
failure to block uploads containing exectuable PHP content in the form
of .phar files.
The issue has been fixed upstream in versions 6.20.41 and 8.73.0.
[1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43617
[2] https://security-tracker.debian.org/tracker/CVE-2021-43617
More information about the pkg-php-pear
mailing list