[pkg-php-pear] Bug#980899: Bug#980899: php-illuminate-database: CVE-2021-21263 Query Binding Exploitation
David Prévot
taffit at debian.org
Sun Feb 14 20:16:35 GMT 2021
Control: reassign -1 src:php-illuminate-database
I filled the bug against the binary package, that has been superseded by
src:php-laravel-framework and thus missed the expected audience, sorry
about that.
Le Tue, Feb 02, 2021 at 11:20:06AM -0400, David Prévot a écrit :
> Le 23/01/2021 à 18:49, David Prévot a écrit :
> > Package: php-illuminate-database
> > Version: 5.7.27-1
> […]
> > A quick look at the php-illuminate-database code, as shipped in stable,
> > makes me think that it is probably vulnerable to CVE-2021-21263 as fixed
> > in 6.20.11
>
> Also, since the CVE-2021-21263 fix was incomplete, upstream released another
> security update as 6.20.14.
>
> https://github.com/laravel/framework/security/advisories/GHSA-x7p5-p2c9-phvg
>
> Regards
>
> David
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-php-pear/attachments/20210214/a0e44969/attachment.sig>
More information about the pkg-php-pear
mailing list