-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 27 Apr 2021 18:47:26 -0400
Source: composer
Architecture: source
Version: 1.8.4-1+deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Debian PHP PEAR Maintainers <
pkg-php-pear@lists.alioth.debian.org> Changed-By: David Prévot <
taffit@debian.org>
Changes:
composer (1.8.4-1+deb10u1) buster-security; urgency=high
.
* Use debian/buster branch
* Security: Fixed command injection vulnerability.
Fix external process calls to avoid user input being able to pass extra
parameters in HgDriver/HgDownloader and hardened other VCS drivers and
downloaders (GHSA-h5h8-pc6h-jvvx) [CVE-2021-29472]
Checksums-Sha1:
9af4139edce953b988c41ccf1b014886b3d481cb 1904 composer_1.8.4-1+deb10u1.dsc
d202319631cd905aa3b701c1e50a5c5254c2c1ca 406561 composer_1.8.4.orig.tar.gz
bba3b811ad4bb5c032583012c9fb894da122730d 10132 composer_1.8.4-1+deb10u1.debian.tar.xz
6f8ec7c5dbd33bc23f83df69bacc43abf27b2c2c 6607 composer_1.8.4-1+deb10u1_amd64.buildinfo
Checksums-Sha256:
929ed9cfff462e73da62a15b61487109b18519acaa169a7f2e5fb0a21c654c8b 1904 composer_1.8.4-1+deb10u1.dsc
288ab33c8f11f0db4b5883d4a115a8ead8ef1a74c924f3accadc61d220ca22de 406561 composer_1.8.4.orig.tar.gz
b1bf0bb2e9b380b571ea0766b8798e79a5ccd6f74e7e45188bc357f552ada79e 10132 composer_1.8.4-1+deb10u1.debian.tar.xz
adfff81649bde008a3cb02eed442d20bfd0b5993424db7510c67289d4ef8a123 6607 composer_1.8.4-1+deb10u1_amd64.buildinfo
Files:
225717c2d0142c5c0d586ef317e03247 1904 php optional composer_1.8.4-1+deb10u1.dsc
0fb0249cc1047048c91fa1c7c6d706a4 406561 php optional composer_1.8.4.orig.tar.gz
6904f36136877b24326af227cf5092b5 10132 php optional composer_1.8.4-1+deb10u1.debian.tar.xz
05b8242600876bb070d0a62eade2f2f7 6607 php optional composer_1.8.4-1+deb10u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQFGBAEBCAAwFiEEeHVNB7wJXHRI941mBYwc+UT2vTwFAmCKj3ESHHRhZmZpdEBk ZWJpYW4ub3JnAAoJEAWMHPlE9r08+bgIAITuMGfbKA1IVpfJH3m7vydm6mt47ZVM 1k0jv8pQMxjUeHfysfh3TVfAeAe9dKYZt60Yt02djI2HQTQyqo+MaLEHmhQBSvmf 65Y5dYSRWmxMZxHQBQt/xmIh6Sc/HYnw/dyrNOCEGqPZASXXKGJ2OhXMGO+Mi5K0 oyEOpyI/7vR4mAIZZUHnUWuj9I2+e88GxUKZkkQ45UZrflB6e9Ece46Vth7311aH 4nBpq4FDsyWch1ihB1eZWk6Cg1NP1GmK/DJBktM4dCW9VcizfoAZfRDdTUFQ25tv krINI9orUi3MxL5tXKB6ki/Y2b9o1PEgYjC7gyoVWv7KIiJKDuJ+65U=
=UVy2
-----END PGP SIGNATURE-----
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)