Publishing details

Published on 2021-02-08
Copied from ubuntu xenial in PPA for Ubuntu Security Proposed by Marc Deslauriers

Changelog

php-pear (1:1.10.1+submodules+notgz-6ubuntu0.3) xenial-security; urgency=medium

  * SECURITY UPDATE: directory traversal attack in Archive_Tar
    - debian/patches/CVE-2020-36193-1.patch: disallow symlinks to
      out-of-path filenames in submodules/Archive_Tar/Archive/Tar.php.
    - debian/patches/CVE-2020-36193-2.patch: fix out-of-path check for
      virtual relative symlink in submodules/Archive_Tar/Archive/Tar.php.
    - debian/patches/CVE-2020-36193-3.patch: PHP compat fix in
      submodules/Archive_Tar/Archive/Tar.php..
    - CVE-2020-36193

 -- Marc Deslauriers <email address hidden>  Thu, 04 Feb 2021 10:38:49 -0500

Available diffs

diff from 1:1.10.1+submodules+notgz-6ubuntu0.2 to 1:1.10.1+submodules+notgz-6ubuntu0.3 (1.7 KiB)

Builds

amd64

Built packages

php-pear PEAR Base System

Package files

php-pear_1.10.1+submodules+notgz-6ubuntu0.3.debian.tar.xz (7.2 KiB)
php-pear_1.10.1+submodules+notgz-6ubuntu0.3.dsc (2.1 KiB)
php-pear_1.10.1+submodules+notgz-6ubuntu0.3_all.deb (277.9 KiB)
php-pear_1.10.1+submodules+notgz.orig.tar.gz (2.1 MiB)