[ubuntu/hirsute-proposed] php-pear 1:1.10.9+submodules+notgz-1.1ubuntu1 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Thu Feb 4 17:26:12 UTC 2021
php-pear (1:1.10.9+submodules+notgz-1.1ubuntu1) hirsute; urgency=medium
* SECURITY UPDATE: directory traversal attack in Archive_Tar
- debian/patches/CVE-2020-36193-1.patch: disallow symlinks to
out-of-path filenames in submodules/Archive_Tar/Archive/Tar.php.
- debian/patches/CVE-2020-36193-2.patch: fix out-of-path check for
virtual relative symlink in submodules/Archive_Tar/Archive/Tar.php.
- debian/patches/CVE-2020-36193-3.patch: PHP compat fix in
submodules/Archive_Tar/Archive/Tar.php..
- CVE-2020-36193
Date: Thu, 04 Feb 2021 10:30:44 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/php-pear/1:1.10.9+submodules+notgz-1.1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 04 Feb 2021 10:30:44 -0500
Source: php-pear
Architecture: source
Version: 1:1.10.9+submodules+notgz-1.1ubuntu1
Distribution: hirsute
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
php-pear (1:1.10.9+submodules+notgz-1.1ubuntu1) hirsute; urgency=medium
.
* SECURITY UPDATE: directory traversal attack in Archive_Tar
- debian/patches/CVE-2020-36193-1.patch: disallow symlinks to
out-of-path filenames in submodules/Archive_Tar/Archive/Tar.php.
- debian/patches/CVE-2020-36193-2.patch: fix out-of-path check for
virtual relative symlink in submodules/Archive_Tar/Archive/Tar.php.
- debian/patches/CVE-2020-36193-3.patch: PHP compat fix in
submodules/Archive_Tar/Archive/Tar.php..
- CVE-2020-36193
Checksums-Sha1:
f0dfec0a3847bbbbfed99a37ce9aab026ac71505 2196 php-pear_1.10.9+submodules+notgz-1.1ubuntu1.dsc
b87b8206fa51f02298cecd0bee9383a862b0674b 9476 php-pear_1.10.9+submodules+notgz-1.1ubuntu1.debian.tar.xz
05511be29c8ccabc30e2e0d5293b302b7032cd67 6811 php-pear_1.10.9+submodules+notgz-1.1ubuntu1_source.buildinfo
Checksums-Sha256:
68367fc32e3d8134cf39a3d90a4b17ae44dbe89948f73e8387589d273edc4722 2196 php-pear_1.10.9+submodules+notgz-1.1ubuntu1.dsc
d4ae7151958c24baa016759b3debf3b50de17f5da8e3e740603c0ad54fec9dcb 9476 php-pear_1.10.9+submodules+notgz-1.1ubuntu1.debian.tar.xz
43f3575a900470bf3a7572569c2bead62c92c42837b08dc0716910a4e7a1cff2 6811 php-pear_1.10.9+submodules+notgz-1.1ubuntu1_source.buildinfo
Files:
df8707d9ca01d3edfe16cee489a5bb18 2196 php optional php-pear_1.10.9+submodules+notgz-1.1ubuntu1.dsc
272b27587fb9f202341b10ad6a670b56 9476 php optional php-pear_1.10.9+submodules+notgz-1.1ubuntu1.debian.tar.xz
c639bd60e33dfc75ab45cc8b6151a71d 6811 php optional php-pear_1.10.9+submodules+notgz-1.1ubuntu1_source.buildinfo
Original-Maintainer: Debian PHP Maintainers <team+pkg-php at tracker.debian.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmAcLbEACgkQZWnYVadE
vpOcHA//Vr+1/0Ho+P0wKQtJJoMvegTpkVapZ6rHpK6hUcoAUWK2PiKe8olMqQiQ
QksCcsZTGkYuUYkpwCvGHGwqdOU6isnb6V61mWnC4l8k2+Y/v43OLToRfEMSObAG
IDrfPOjkjyHJoPdadxP0Ws0uJgDvGoRy4pWCJpLN1xJ3fq4+MhhccuZ6nHvSrmYY
ymdYfhMWaKsaMT+V78NNuNMKZ41ja8O1mU0VzzCsH0kaUIHbruYyXNxCxqIjeoyo
AojT9aLtyjSVRqysN53rliUMqrK6WtHppnl9k5Tp8giP4viHh7mV7wlEhytW3VuE
YhwINH2A3Oj3qB0DmIJzVMqn/yjsVFnsGgtrRCfz9KzQEYlC5V8W1tICXnnl0B6Q
j27Hv0jiJf0x4Gl3hAon84dljEpqquQSUw57pRijUe/cAzU5Kxqj/3kd6TodjC8M
a6aVuO5BiNfFaStVYlisbMDwBEWS7uf6enC5DlBQJ34dQwsTJRxGHoElvBF8YH27
aXfN8fsY13oflzDYJ+mUGE3Besko9lvCHIbZVnixKbVzFV7uglQpFqzTIt+1no3d
crNLkaEdzfYVlRmfxsFAE1gM6E8G11hgQcxAx5/Nfqf8DvyeJEAyHR/xFCtu9bXc
uYTQIDHH+jHIAJt9N7nOY69zEUgDTGOdwI8/SFMevt82VWPl4jA=
=C6qm
-----END PGP SIGNATURE-----
More information about the Hirsute-changes
mailing list