• [SECURITY] [DSA 5632-1] composer security update

    From Sebastien Delafond@21:1/5 to All on Fri Mar 15 10:10:01 2024
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5632-1 security@debian.org https://www.debian.org/security/ Sebastien Delafond February 26, 2024 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : composer
    CVE ID : CVE-2024-24821
    Debian Bug : 1063603

    It was discovered that composer, a dependency manager for the PHP
    language, processed files in the local working directory. This could
    lead to local privilege escalation or malicious code execution. Due to
    a technical issue this email was not sent on 2024-02-26 like it should

    For the oldstable distribution (bullseye), this problem has been fixed
    in version 2.0.9-2+deb11u2.

    For the stable distribution (bookworm), this problem has been fixed in
    version 2.5.5-1+deb12u1.

    We recommend that you upgrade your composer packages.

    For the detailed security status of composer please refer to
    its security tracker page at: https://security-tracker.debian.org/tracker/composer

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org

    iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAmX0DyUACgkQEL6Jg/PV nWSBoggAmRdaBN8p7agJH0S2fvEJWuF+gFAAY4112EeOzbHwk/Bm6EuTY9VcGTtj HlW8X3t/H1+NW5xejcm1gEaXIE2HHIc1KTaG3ui/kKC2T3ybx0cmnqYWu/TJWmw+ nbaneBK74PkXukzFvjuYaOy7a6EgnpNcMhc0b2tc/IqIUOYiePKbg4lio8u6q5rP 5uFIJydeqI0IXja6H4N0ub/zOAn6I6C3ToKMa0WnfllmrMaj/JnBbgam3VrT06n6 3NoW6xZepdMDP3QofOVWWP5HshF/0CH1BGEcKS6AtAaIgARalFMgbP6SU8NDsgNF Q3UCiuR+sTjZc2YA0muIpmBGSPVyAw==
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)