[pkg-php-pear] Bug#1065067: bookworm-pu: package php-doctrine-lexer/2.1.0-2+deb12u1
David Prévot
taffit at debian.org
Thu Feb 29 11:08:53 GMT 2024
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: php-doctrine-lexer at packages.debian.org, team at security.debian.org
Control: affects -1 + src:php-doctrine-lexer
User: release.debian.org at packages.debian.org
Usertags: pu
[8/9 for bookworm]
This is a follow up from composer/DSA-5632-1.
In order to fix a Debian-specific issue related to CVE-2024-24821, we
agreed with the security team to push related dependencies via the next
point release.
The only change (besides changelog entry) in the binary package is the
following (thanks to diffoscope).
│ │ ├── ./usr/share/php/Doctrine/Common/Lexer/autoload.php
│ │ │ @@ -1,11 +1,11 @@
│ │ │ <?php
│ │ │
│ │ │ // Require
│ │ │ -require_once 'Doctrine/Deprecations/autoload.php';
│ │ │ +require_once __DIR__ . '/../../Deprecations/autoload.php';
│ │ │
│ │ │ // Suggest
The goal is to ensure related dependencies are loaded from the system
path.
The attached debdiff is a bit bigger, since it aims at keeping the
testsuite at buildtime effective.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
TIA for considering.
Cheers,
taffit
-------------- next part --------------
A non-text attachment was scrubbed...
Name: php-doctrine-lexer_2.1.0-2+deb12u1.patch
Type: text/x-diff
Size: 3687 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-php-pear/attachments/20240229/313ceeae/attachment-0001.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-php-pear/attachments/20240229/313ceeae/attachment-0001.sig>
More information about the pkg-php-pear
mailing list