• Accepted composer 1.8.4-1+deb10u1 (source) into proposed-updates->stabl

    From Debian FTP Masters@21:1/5 to All on Fri Apr 30 18:50:02 2021
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    Format: 1.8
    Date: Tue, 27 Apr 2021 18:47:26 -0400
    Source: composer
    Architecture: source
    Version: 1.8.4-1+deb10u1
    Distribution: buster-security
    Urgency: high
    Maintainer: Debian PHP PEAR Maintainers <pkg-php-pear@lists.alioth.debian.org> Changed-By: David Prévot <taffit@debian.org>
    Changes:
    composer (1.8.4-1+deb10u1) buster-security; urgency=high
    .
    * Use debian/buster branch
    * Security: Fixed command injection vulnerability.
    Fix external process calls to avoid user input being able to pass extra
    parameters in HgDriver/HgDownloader and hardened other VCS drivers and
    downloaders (GHSA-h5h8-pc6h-jvvx) [CVE-2021-29472]
    Checksums-Sha1:
    9af4139edce953b988c41ccf1b014886b3d481cb 1904 composer_1.8.4-1+deb10u1.dsc
    d202319631cd905aa3b701c1e50a5c5254c2c1ca 406561 composer_1.8.4.orig.tar.gz
    bba3b811ad4bb5c032583012c9fb894da122730d 10132 composer_1.8.4-1+deb10u1.debian.tar.xz
    6f8ec7c5dbd33bc23f83df69bacc43abf27b2c2c 6607 composer_1.8.4-1+deb10u1_amd64.buildinfo
    Checksums-Sha256:
    929ed9cfff462e73da62a15b61487109b18519acaa169a7f2e5fb0a21c654c8b 1904 composer_1.8.4-1+deb10u1.dsc
    288ab33c8f11f0db4b5883d4a115a8ead8ef1a74c924f3accadc61d220ca22de 406561 composer_1.8.4.orig.tar.gz
    b1bf0bb2e9b380b571ea0766b8798e79a5ccd6f74e7e45188bc357f552ada79e 10132 composer_1.8.4-1+deb10u1.debian.tar.xz
    adfff81649bde008a3cb02eed442d20bfd0b5993424db7510c67289d4ef8a123 6607 composer_1.8.4-1+deb10u1_amd64.buildinfo
    Files:
    225717c2d0142c5c0d586ef317e03247 1904 php optional composer_1.8.4-1+deb10u1.dsc
    0fb0249cc1047048c91fa1c7c6d706a4 406561 php optional composer_1.8.4.orig.tar.gz
    6904f36136877b24326af227cf5092b5 10132 php optional composer_1.8.4-1+deb10u1.debian.tar.xz
    05b8242600876bb070d0a62eade2f2f7 6607 php optional composer_1.8.4-1+deb10u1_amd64.buildinfo

    -----BEGIN PGP SIGNATURE-----

    iQFGBAEBCAAwFiEEeHVNB7wJXHRI941mBYwc+UT2vTwFAmCKj3ESHHRhZmZpdEBk ZWJpYW4ub3JnAAoJEAWMHPlE9r08+bgIAITuMGfbKA1IVpfJH3m7vydm6mt47ZVM 1k0jv8pQMxjUeHfysfh3TVfAeAe9dKYZt60Yt02djI2HQTQyqo+MaLEHmhQBSvmf 65Y5dYSRWmxMZxHQBQt/xmIh6Sc/HYnw/dyrNOCEGqPZASXXKGJ2OhXMGO+Mi5K0 oyEOpyI/7vR4mAIZZUHnUWuj9I2+e88GxUKZkkQ45UZrflB6e9Ece46Vth7311aH 4nBpq4FDsyWch1ihB1eZWk6Cg1NP1GmK/DJBktM4dCW9VcizfoAZfRDdTUFQ25tv krINI9orUi3MxL5tXKB6ki/Y2b9o1PEgYjC7gyoVWv7KIiJKDuJ+65U=
    =UVy2
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)