-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-4817-1
security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso December 19, 2020
https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : php-pear
CVE ID : CVE-2020-28948 CVE-2020-28949
Debian Bug : 976108
Two vulnerabilities were discovered in the PEAR Archive_Tar package for handling tar files in PHP, potentially allowing a remote attacker to
execute arbitrary code or overwrite files.
For the stable distribution (buster), these problems have been fixed in
version 1:1.10.6+submodules+notgz-1.1+deb10u1.
We recommend that you upgrade your php-pear packages.
For the detailed security status of php-pear please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/php-pear
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at:
https://www.debian.org/security/
Mailing list:
debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl/dzudfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TWeg/+KqzmeZZqlpzXqTgBCuHXAqass34G7oCV8SNKmKD+NVawTblm46rgxlLp tlKNSVQjNC7J5KInsCIGlHwuhxQPaPh/e5S5wiUvaaSHJeUtt3+AklotHsgd8mKa /Z38FLaia+7FQcpYlHNgIXYEjXufhH4wmIdAiuUM35BQTGJwAfCjnCgUbOHb7xUA O/Fjx4yWapX4vJWXjZ/IbBLF0omRf5Py9ogcVoQEjIkGyK3Nd5x/jR9Kstkn5O8U aQbd+dnvDk452DnhJtbRey58ewfyk2Hr4zA+Ew0jw1MoYUUmZhbqzcEU/Q2Y0bvA /vEsz7VZidO+YM32K94brHPnwCN3gZ7kT2bNAyK08VExruve8ii6NH5USm5jkqWY u9UOzyMxZ+crsFz2Zf6wGqZU58Muw54Nl/TJuKl2YlUUJkcXPTDiDWoBknzW7hXN zPrpdeZ3RSPiFLPwqmLBNfrO7ay9IZI+sGR8IlT3CJmVp7v724hzkuQbIRqwDTDG mkbb5JGaPFunjv2AvAdfLWjSTT89Ik8V2guxiAvk675dihzjm45RFKnDYblnoeKp zcxwFZ9Yn5Eq5RiKwHqfaOGrrrqcxYTJ5VpWDgCXZ3kmmSrzsH+Jo5MFei3mi/9T 4mfEOsnvLTDe9urMbdM3WljjMlbrqtZbzFi6xh/uq5t+cyFfbOM=
=HoVx
-----END PGP SIGNATURE-----
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)