[pkg-php-pear] composer_2.0.9-2+deb11u3_source.changes ACCEPTED into oldstable-proposed-updates->oldstable-new
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Tue Jun 18 23:04:08 BST 2024
Thank you for your contribution to Debian.
Mapping oldstable-security to oldstable-proposed-updates.
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 14 Jun 2024 13:46:22 +0200
Source: composer
Architecture: source
Version: 2.0.9-2+deb11u3
Distribution: bullseye-security
Urgency: medium
Maintainer: Debian PHP PEAR Maintainers <pkg-php-pear at lists.alioth.debian.org>
Changed-By: David Prévot <taffit at debian.org>
Closes: 1073125 1073126
Changes:
composer (2.0.9-2+deb11u3) bullseye-security; urgency=medium
.
* Include security fixes from 2.7.7
- Multiple command injections via malicious git/hg branch names
(GHSA-v9qv-c7wm-wgmf) [CVE-2024-35242] (Closes: #1073126)
- Command injection via malicious git branch name
(GHSA-47f6-5gq3-vx9c) [CVE-2024-35241] (Closes: #1073125)
Checksums-Sha1:
17ba234703d3d01ca4ea79e46a6a6238c1bc21b4 2103 composer_2.0.9-2+deb11u3.dsc
97be85e2cf972b932ba1ac9c7c40b2eb3ea40a49 31024 composer_2.0.9-2+deb11u3.debian.tar.xz
0147cb28c9eb59068543732aa067d5557983a2a2 9586 composer_2.0.9-2+deb11u3_amd64.buildinfo
Checksums-Sha256:
25eb7151832b8d66ba431bac76c43bee035d888c705bd87eb3266f547633e865 2103 composer_2.0.9-2+deb11u3.dsc
9b698296975118a00ad7c80ccae6025c4de0b62fdea46a0d7d6e9d67c2ecf416 31024 composer_2.0.9-2+deb11u3.debian.tar.xz
0e6f4c5cd3a571c84220cbd36f4a7560e8bc330d1e1f802fe15544e544ded9d8 9586 composer_2.0.9-2+deb11u3_amd64.buildinfo
Files:
2afd26b459e781b0719942725e97c27b 2103 php optional composer_2.0.9-2+deb11u3.dsc
8decf869c99ca9fb1113a0e41464eca9 31024 php optional composer_2.0.9-2+deb11u3.debian.tar.xz
250778ed040f42dac1dd96466bfcdf8d 9586 php optional composer_2.0.9-2+deb11u3_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQFGBAEBCAAwFiEEeHVNB7wJXHRI941mBYwc+UT2vTwFAmZwH3ISHHRhZmZpdEBk
ZWJpYW4ub3JnAAoJEAWMHPlE9r08VtwH/046SKe+DhI2Lj7Xtdc0niO888mtDzva
VgFo6FfnIfRYIqyMuGNEWXy9w0bFJFBmDU/OCWNlzq09k4gRVtpoXelnxbhko+Fn
Abn6eBNu81OzKG/8AvOoDnlC0MKhbAxjLaCp/cVWe683YjRzR6Wg8Zzy+VkBopgJ
DJpE7PTOQlJiCuExquFeRLeDOp4Nf3TWb35zfWD+pWjskJUJja4c3nmUkYFBZS9e
WQ6Ooyw6JpHv1LnjZHIC3uQNJRl3KdXPXpGGIboVlpVQtbuQSSjoTxizolIDPno0
fLa0ooiYDN6wGBpTryYEKSeaIMNXM7LwIBY1AaxN8ckExeRQKHg6wx4=
=Yw/i
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-php-pear/attachments/20240618/43e82938/attachment.sig>
More information about the pkg-php-pear
mailing list