[pkg-php-pear] composer_2.5.5-1+deb12u2_source.changes ACCEPTED into proposed-updates
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Wed Jun 19 19:17:09 BST 2024
Thank you for your contribution to Debian.
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 14 Jun 2024 08:01:19 +0200
Source: composer
Architecture: source
Version: 2.5.5-1+deb12u2
Distribution: bookworm-security
Urgency: medium
Maintainer: Debian PHP PEAR Maintainers <pkg-php-pear at lists.alioth.debian.org>
Changed-By: David Prévot <taffit at debian.org>
Closes: 1073125 1073126
Changes:
composer (2.5.5-1+deb12u2) bookworm-security; urgency=medium
.
* Include security fixes from 2.7.7:
- Multiple command injections via malicious git/hg branch names
(GHSA-v9qv-c7wm-wgmf) [CVE-2024-35242] (Closes: #1073126)
- Command injection via malicious git branch name
(GHSA-47f6-5gq3-vx9c) [CVE-2024-35241] (Closes: #1073125)
Checksums-Sha1:
304cf6eca620fbf34ce802cc09a3f27490feeadd 2391 composer_2.5.5-1+deb12u2.dsc
54503e38a0659af490a8a791d30580c5521e03bc 20152 composer_2.5.5-1+deb12u2.debian.tar.xz
86356bbc66f52aefdf4f1552a0c8c59e063ee307 9467 composer_2.5.5-1+deb12u2_amd64.buildinfo
Checksums-Sha256:
b11887416eea5f358eaf2ec8875eb83d984dd4d65f747af621c89d4d7bc4377c 2391 composer_2.5.5-1+deb12u2.dsc
2cb597ed19127e1c1ed35de749f282f68a2ab228ddd9155f5a0ecb95f06ce96b 20152 composer_2.5.5-1+deb12u2.debian.tar.xz
7be89f57557f8fb4828c2f668b04e83e4fd1904343d0b6bbe698ca7d91fab3d0 9467 composer_2.5.5-1+deb12u2_amd64.buildinfo
Files:
add278e1bb46637b6c70a7b310b45f0e 2391 php optional composer_2.5.5-1+deb12u2.dsc
dddb4e340e9235718071b7641d948407 20152 php optional composer_2.5.5-1+deb12u2.debian.tar.xz
525368e7ff656c7ca691192b6857843e 9467 php optional composer_2.5.5-1+deb12u2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQFGBAEBCAAwFiEEeHVNB7wJXHRI941mBYwc+UT2vTwFAmZwH3ISHHRhZmZpdEBk
ZWJpYW4ub3JnAAoJEAWMHPlE9r08SGUH/2JC5oOPBBhN7OTtXeiiT4jTix02EvoC
cTijWdwH+30vKLMkZoSAMX7TLEuvlwuSoZCP7OKxFwLe89zwmvlA1aeXv013Azzj
eRHf6MmMb641DzpuDYcjBM1zD11V/xMgPkzVVubgQgxSHlcFKToBr9EDeay/B/rC
dBnvQ6gy+pC0RtppQT9UD+BLiVph7w7RzyvpEXqq69zQZeN40WZAtcEmRwh3logy
4sCVkM7AY2J3RqZ8JhNRjwbauPaE7vOG4xmdfckcDv0tOvzjLOQev3VAtYGMLCwS
fj1AQu8CH+yIcMpIEAgpQqzvaqwedh6Wv9SZAs6OzP5mOC5rUd7aECI=
=0bkr
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-php-pear/attachments/20240619/70872e9c/attachment.sig>
More information about the pkg-php-pear
mailing list