[pkg-php-pear] Bug#990288: php-league-flysystem: Security issue in versions <1.1.4

Robin Gustafsson robin at rgson.se
Thu Jun 24 17:31:40 BST 2021

Package: php-league-flysystem
Version: 1.1.3-3
Severity: important
Tags: upstream security

Upstream recently published a security advisory regarding a vulnerability
in Flysystem <1.1.4. [1]

> The whitespace normalisation using in 1.x and 2.x removes any unicode
> whitespace. Under certain specific conditions this could potentially
> allow a malicious user to execute code remotely.

[1]: https://github.com/thephpleague/flysystem/security/advisories/GHSA-9f46-5r25-5wfm

More information about the pkg-php-pear mailing list