[ubuntu/hirsute-proposed] php-pear 1:1.10.9+submodules+notgz-1ubuntu1 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Mon Nov 30 15:08:12 UTC 2020
php-pear (1:1.10.9+submodules+notgz-1ubuntu1) hirsute; urgency=medium
* SECURITY UPDATE: unserialization attack in Archive_Tar
- debian/patches/CVE-2020-2894x.patch: catch additional malicious or
crafted filenames in submodules/Archive_Tar/Archive/Tar.php.
- CVE-2020-28948
- CVE-2020-28949
Date: Mon, 30 Nov 2020 09:55:16 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/php-pear/1:1.10.9+submodules+notgz-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 30 Nov 2020 09:55:16 -0500
Source: php-pear
Architecture: source
Version: 1:1.10.9+submodules+notgz-1ubuntu1
Distribution: hirsute
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
php-pear (1:1.10.9+submodules+notgz-1ubuntu1) hirsute; urgency=medium
.
* SECURITY UPDATE: unserialization attack in Archive_Tar
- debian/patches/CVE-2020-2894x.patch: catch additional malicious or
crafted filenames in submodules/Archive_Tar/Archive/Tar.php.
- CVE-2020-28948
- CVE-2020-28949
Checksums-Sha1:
60544cddb0adb0e806fa0128712bbe546526d15d 2188 php-pear_1.10.9+submodules+notgz-1ubuntu1.dsc
fa798aa6e414361391561b35ea815ddb1dae9e5e 8456 php-pear_1.10.9+submodules+notgz-1ubuntu1.debian.tar.xz
4b0b526dbfbe1163ce18b498dbba9c0d47380f29 6766 php-pear_1.10.9+submodules+notgz-1ubuntu1_source.buildinfo
Checksums-Sha256:
5a4b14ef016c059a9f929667fd289132c649fe42c2ba024efa09e75f12341ee4 2188 php-pear_1.10.9+submodules+notgz-1ubuntu1.dsc
29b5eae5f8d3017da5d619d7919c3d9997d843680bfc36a0591dd0e1dbccd7c4 8456 php-pear_1.10.9+submodules+notgz-1ubuntu1.debian.tar.xz
5dd639ef6b46992790dcc2e870e3e3b00684c1fd76d49ab6d77071328d78e91d 6766 php-pear_1.10.9+submodules+notgz-1ubuntu1_source.buildinfo
Files:
845423b7ca70e97c38916e853886f2cb 2188 php optional php-pear_1.10.9+submodules+notgz-1ubuntu1.dsc
2a45152683b1ba644b4cdd00a2eb87d1 8456 php optional php-pear_1.10.9+submodules+notgz-1ubuntu1.debian.tar.xz
dec7679fbb12936d0c0266be4e4b7f01 6766 php optional php-pear_1.10.9+submodules+notgz-1ubuntu1_source.buildinfo
Original-Maintainer: Debian PHP Maintainers <team+pkg-php at tracker.debian.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl/FCogACgkQZWnYVadE
vpMW9Q//WS0QwdxRbB4gEaOhLSdItu/+z/n2oRH5crYKf+Vl/IgelEioTWA6o/Ph
VxEQSfdeK2jVeofpIkd9ZfWfTBiVrlYT+xvbnIaEpmQ6Lyqmerk01adOHKcJqhUV
Xzc4qLaP/BoJhBEwdpnXgjBAhEe0V/SvJQ6wLaazaEsrtclkSYe5HCxd9QV1ZwL5
KSA+0q+lrjwuGM/rxrDBO4fiPysEulzYtFQuFkBC3gxv8euYPBs+wpCDqaKm0zcR
GBWZ4BXNGetxI9/jXHiUUQEkIxnXX+KJb/TAb6Wevm4XhzURSzEJCtnbVHFfZk5r
e80j44Pn6w+0nn2fr88TQNlsiEamLRUaMYGyP/ttGzfeF0eDWirNmP71TGCGxiwD
x0oK4QY7a2uLJNkzei+6DJlkJ/vAnSby9twlKOSwz5HmZfM7caqIvd5uXckTYYx4
JP3BEuVS63xNzikUUJ5nHyDiQ+sbNUhkEo0RDjmOR4fX5uN9i5Smh6ZmeIZjkN9B
qlcqVDITnQjB31jm9W3vRZoCI28L0bB2zwjtNQO/H9iJEgq8ws6IsaqU1hO8QSHf
fSSJkaUHoAD0bhjg3mAH2mOMWf+JXIoQdm/6gFJ5l0nE0k0A6Xk2Gsazr1wIuG84
uPyxk2WmhlsC+z8BjehEE3/+OtoiSJyIUSMQ8oHayNJ4y7NfRZA=
=X4Fl
-----END PGP SIGNATURE-----
More information about the Hirsute-changes
mailing list