[pkg-php-pear] Bug#1002728: php-illuminate-validation: Failure to block the upload of executable PHP content

Robin Gustafsson robin at rgson.se
Tue Dec 28 12:14:34 GMT 2021

Package: php-illuminate-validation
Version: 6.20.14+dfsg-2
Severity: important
Tags: upstream security
X-Debbugs-Cc: Debian Security Team <team at security.debian.org>

A security issue (CVE-2021-43617) has been published regarding the
failure to block uploads containing exectuable PHP content in the form
of .phar files.

The issue has been fixed upstream in versions 6.20.41 and 8.73.0.

[1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43617
[2] https://security-tracker.debian.org/tracker/CVE-2021-43617

More information about the pkg-php-pear mailing list