php-pear (1:1.10.5+submodules+notgz-1ubuntu1.18.10.1) cosmic-security; urgency=medium * SECURITY UPDATE: unserialization vulnerability in Archive_Tar - debian/patches/CVE-2018-1000888.patch: don't allow filenames to start with phar:// in submodules/Archive_Tar/Archive/Tar.php. - CVE-2018-1000888 -- Marc Deslauriers <email address hidden> Fri, 11 Jan 2019 13:19:50 -0500