[pkg-php-pear] Bug#1136643: bookworm-pu: package composer/2.5.5-1+deb12u5
David Prévot
taffit at debian.org
Thu May 14 10:52:50 BST 2026
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: composer at packages.debian.org
Control: affects -1 + src:composer
User: release.debian.org at packages.debian.org
Usertags: pu
[ This request is similar to #1136642 for trixie-pu ]
Hi,
As agreed with the security team, I’d like to address a GitHub token
leak [CVE-2026-45793] via p-u. The change is just a regex match on code
that may not be used outside of GitHub infrastructure, and the testsuite
is updated to check for it.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
Cheers,
taffit
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-php-pear/attachments/20260514/755aa961/attachment.sig>
More information about the pkg-php-pear
mailing list