[pkg-php-pear] composer_2.0.9-2+deb11u3_source.changes ACCEPTED into oldstable-proposed-updates->oldstable-new

Debian FTP Masters ftpmaster at ftp-master.debian.org
Tue Jun 18 23:04:08 BST 2024


Thank you for your contribution to Debian.

Mapping oldstable-security to oldstable-proposed-updates.

Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 14 Jun 2024 13:46:22 +0200
Source: composer
Architecture: source
Version: 2.0.9-2+deb11u3
Distribution: bullseye-security
Urgency: medium
Maintainer: Debian PHP PEAR Maintainers <pkg-php-pear at lists.alioth.debian.org>
Changed-By: David Prévot <taffit at debian.org>
Closes: 1073125 1073126
Changes:
 composer (2.0.9-2+deb11u3) bullseye-security; urgency=medium
 .
   * Include security fixes from 2.7.7
     - Multiple command injections via malicious git/hg branch names
       (GHSA-v9qv-c7wm-wgmf) [CVE-2024-35242] (Closes: #1073126)
     - Command injection via malicious git branch name
       (GHSA-47f6-5gq3-vx9c) [CVE-2024-35241] (Closes: #1073125)
Checksums-Sha1:
 17ba234703d3d01ca4ea79e46a6a6238c1bc21b4 2103 composer_2.0.9-2+deb11u3.dsc
 97be85e2cf972b932ba1ac9c7c40b2eb3ea40a49 31024 composer_2.0.9-2+deb11u3.debian.tar.xz
 0147cb28c9eb59068543732aa067d5557983a2a2 9586 composer_2.0.9-2+deb11u3_amd64.buildinfo
Checksums-Sha256:
 25eb7151832b8d66ba431bac76c43bee035d888c705bd87eb3266f547633e865 2103 composer_2.0.9-2+deb11u3.dsc
 9b698296975118a00ad7c80ccae6025c4de0b62fdea46a0d7d6e9d67c2ecf416 31024 composer_2.0.9-2+deb11u3.debian.tar.xz
 0e6f4c5cd3a571c84220cbd36f4a7560e8bc330d1e1f802fe15544e544ded9d8 9586 composer_2.0.9-2+deb11u3_amd64.buildinfo
Files:
 2afd26b459e781b0719942725e97c27b 2103 php optional composer_2.0.9-2+deb11u3.dsc
 8decf869c99ca9fb1113a0e41464eca9 31024 php optional composer_2.0.9-2+deb11u3.debian.tar.xz
 250778ed040f42dac1dd96466bfcdf8d 9586 php optional composer_2.0.9-2+deb11u3_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQFGBAEBCAAwFiEEeHVNB7wJXHRI941mBYwc+UT2vTwFAmZwH3ISHHRhZmZpdEBk
ZWJpYW4ub3JnAAoJEAWMHPlE9r08VtwH/046SKe+DhI2Lj7Xtdc0niO888mtDzva
VgFo6FfnIfRYIqyMuGNEWXy9w0bFJFBmDU/OCWNlzq09k4gRVtpoXelnxbhko+Fn
Abn6eBNu81OzKG/8AvOoDnlC0MKhbAxjLaCp/cVWe683YjRzR6Wg8Zzy+VkBopgJ
DJpE7PTOQlJiCuExquFeRLeDOp4Nf3TWb35zfWD+pWjskJUJja4c3nmUkYFBZS9e
WQ6Ooyw6JpHv1LnjZHIC3uQNJRl3KdXPXpGGIboVlpVQtbuQSSjoTxizolIDPno0
fLa0ooiYDN6wGBpTryYEKSeaIMNXM7LwIBY1AaxN8ckExeRQKHg6wx4=
=Yw/i
-----END PGP SIGNATURE-----

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-php-pear/attachments/20240618/43e82938/attachment.sig>


More information about the pkg-php-pear mailing list