[ubuntu/impish-proposed] php-pear 1:1.10.12+submodules+notgz+20210212-1ubuntu1 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Wed Jul 28 15:08:10 UTC 2021
php-pear (1:1.10.12+submodules+notgz+20210212-1ubuntu1) impish; urgency=medium
* SECURITY REGRESSIONS:
- debian/patches/CVE-2020-36193-2.patch: fix out-of-path check for
virtual relative symlink in submodules/Archive_Tar/Archive/Tar.php.
- debian/patches/CVE-2020-36193-3.patch: PHP compat fix in
submodules/Archive_Tar/Archive/Tar.php.
* SECURITY UPDATE: incorrect symlink extraction
- debian/patches/CVE-2021-32610.patch: properly fix symbolic link path
traversal in submodules/Archive_Tar/Archive/Tar.php.
- CVE-2021-32610
Date: Wed, 28 Jul 2021 10:39:27 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/php-pear/1:1.10.12+submodules+notgz+20210212-1ubuntu1
-------------- next part --------------
Format: 1.8
Date: Wed, 28 Jul 2021 10:39:27 -0400
Source: php-pear
Built-For-Profiles: noudeb
Architecture: source
Version: 1:1.10.12+submodules+notgz+20210212-1ubuntu1
Distribution: impish
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
php-pear (1:1.10.12+submodules+notgz+20210212-1ubuntu1) impish; urgency=medium
.
* SECURITY REGRESSIONS:
- debian/patches/CVE-2020-36193-2.patch: fix out-of-path check for
virtual relative symlink in submodules/Archive_Tar/Archive/Tar.php.
- debian/patches/CVE-2020-36193-3.patch: PHP compat fix in
submodules/Archive_Tar/Archive/Tar.php.
* SECURITY UPDATE: incorrect symlink extraction
- debian/patches/CVE-2021-32610.patch: properly fix symbolic link path
traversal in submodules/Archive_Tar/Archive/Tar.php.
- CVE-2021-32610
Checksums-Sha1:
855ebe05e1a1c59cd1a7780ec317013ed274fbe5 2267 php-pear_1.10.12+submodules+notgz+20210212-1ubuntu1.dsc
8f7c9b83d9a49a7f69d590f707fe6274642d8933 8140 php-pear_1.10.12+submodules+notgz+20210212-1ubuntu1.debian.tar.xz
eb5d34f16643e8e6fbb29ee2d8790bcba5b4087d 6935 php-pear_1.10.12+submodules+notgz+20210212-1ubuntu1_source.buildinfo
Checksums-Sha256:
ae0edc7bb3442bc9497f8ae5dd8dc9ae06e03429bc31f2541bf1a2a8f130b232 2267 php-pear_1.10.12+submodules+notgz+20210212-1ubuntu1.dsc
ea809a18fc7f8882d83795c4cdacffbe409031cfc8397f3516b169eddcfc9ba2 8140 php-pear_1.10.12+submodules+notgz+20210212-1ubuntu1.debian.tar.xz
751fbdfbfb4a7cb1b4363eb2deaba29ddfa8859bb2e9fdfc3841f3fba294b2c3 6935 php-pear_1.10.12+submodules+notgz+20210212-1ubuntu1_source.buildinfo
Files:
c2f43101dce36a7e6851888ca607d628 2267 php optional php-pear_1.10.12+submodules+notgz+20210212-1ubuntu1.dsc
68892545593007182ddf28bb0719c887 8140 php optional php-pear_1.10.12+submodules+notgz+20210212-1ubuntu1.debian.tar.xz
0fcdf69a0b7ce9d09930f6ecdd9cb093 6935 php optional php-pear_1.10.12+submodules+notgz+20210212-1ubuntu1_source.buildinfo
Original-Maintainer: Debian PHP Maintainers <team+pkg-php at tracker.debian.org>
More information about the impish-changes
mailing list