• [SECURITY] [DSA 4817-1] php-pear security update

    From Salvatore Bonaccorso@21:1/5 to All on Sat Dec 19 11:10:02 2020
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-4817-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso December 19, 2020 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : php-pear
    CVE ID : CVE-2020-28948 CVE-2020-28949
    Debian Bug : 976108

    Two vulnerabilities were discovered in the PEAR Archive_Tar package for handling tar files in PHP, potentially allowing a remote attacker to
    execute arbitrary code or overwrite files.

    For the stable distribution (buster), these problems have been fixed in
    version 1:1.10.6+submodules+notgz-1.1+deb10u1.

    We recommend that you upgrade your php-pear packages.

    For the detailed security status of php-pear please refer to its
    security tracker page at:
    https://security-tracker.debian.org/tracker/php-pear

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl/dzudfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TWeg/+KqzmeZZqlpzXqTgBCuHXAqass34G7oCV8SNKmKD+NVawTblm46rgxlLp tlKNSVQjNC7J5KInsCIGlHwuhxQPaPh/e5S5wiUvaaSHJeUtt3+AklotHsgd8mKa /Z38FLaia+7FQcpYlHNgIXYEjXufhH4wmIdAiuUM35BQTGJwAfCjnCgUbOHb7xUA O/Fjx4yWapX4vJWXjZ/IbBLF0omRf5Py9ogcVoQEjIkGyK3Nd5x/jR9Kstkn5O8U aQbd+dnvDk452DnhJtbRey58ewfyk2Hr4zA+Ew0jw1MoYUUmZhbqzcEU/Q2Y0bvA /vEsz7VZidO+YM32K94brHPnwCN3gZ7kT2bNAyK08VExruve8ii6NH5USm5jkqWY u9UOzyMxZ+crsFz2Zf6wGqZU58Muw54Nl/TJuKl2YlUUJkcXPTDiDWoBknzW7hXN zPrpdeZ3RSPiFLPwqmLBNfrO7ay9IZI+sGR8IlT3CJmVp7v724hzkuQbIRqwDTDG mkbb5JGaPFunjv2AvAdfLWjSTT89Ik8V2guxiAvk675dihzjm45RFKnDYblnoeKp zcxwFZ9Yn5Eq5RiKwHqfaOGrrrqcxYTJ5VpWDgCXZ3kmmSrzsH+Jo5MFei3mi/9T 4mfEOsnvLTDe9urMbdM3WljjMlbrqtZbzFi6xh/uq5t+cyFfbOM=
    =HoVx
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)