Publishing details
Changelog
php-pear (1:1.10.1+submodules+notgz-6ubuntu0.3) xenial-security; urgency=medium
* SECURITY UPDATE: directory traversal attack in Archive_Tar
- debian/patches/CVE-2020-36193-1.patch: disallow symlinks to
out-of-path filenames in submodules/Archive_Tar/Archive/Tar.php.
- debian/patches/CVE-2020-36193-2.patch: fix out-of-path check for
virtual relative symlink in submodules/Archive_Tar/Archive/Tar.php.
- debian/patches/CVE-2020-36193-3.patch: PHP compat fix in
submodules/Archive_Tar/Archive/Tar.php..
- CVE-2020-36193
-- Marc Deslauriers <email address hidden> Thu, 04 Feb 2021 10:38:49 -0500
Builds
Built packages
-
php-pear
PEAR Base System
Package files