php-pear 1:1.10.5+submodules+notgz-1ubuntu1.18.04.1 source package in Ubuntu


php-pear (1:1.10.5+submodules+notgz-1ubuntu1.18.04.1) bionic-security; urgency=medium

  * SECURITY UPDATE: unserialization vulnerability in Archive_Tar
    - debian/patches/CVE-2018-1000888.patch: don't allow filenames to start
      with phar:// in submodules/Archive_Tar/Archive/Tar.php.
    - CVE-2018-1000888

 -- Marc Deslauriers <email address hidden>  Fri, 11 Jan 2019 13:23:21 -0500

Upload details

Uploaded by:
Marc Deslauriers on 2019-01-11
Uploaded to:
Original maintainer:
Ubuntu Developers
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Bionic updates on 2019-01-14 main php
Bionic security on 2019-01-14 main php


Bionic: [FULLYBUILT] amd64


File Size SHA-256 Checksum
php-pear_1.10.5+submodules+notgz.orig.tar.gz 2.1 MiB c47dff694bc69768c197d7b965aa6032a4243e40bafb30b400c2d32f959d3be0
php-pear_1.10.5+submodules+notgz-1ubuntu1.18.04.1.debian.tar.xz 6.7 KiB 84553981076784ed4c7cb8273948df4775986383055f5a1ea259cd012148d203
php-pear_1.10.5+submodules+notgz-1ubuntu1.18.04.1.dsc 2.1 KiB 629c6d8ac44925dfcdab8c8955c77c37247eaee0eb5d6c5848f73adf07c06648

View changes file

Binary packages built by this source

php-pear: PEAR Base System

 The PEAR package contains:
  * the PEAR installer, for creating, distributing
 and installing packages
  * the PEAR_Exception PHP error handling mechanism
  * the PEAR_ErrorStack advanced error handling mechanism
  * the PEAR_Error error handling mechanism
  * the OS_Guess class for retrieving info about the OS
 where PHP is running on
  * the System class for quick handling of common operations
 with files and directories
  * the PEAR base class
 Features in a nutshell:
  * full support for channels
  * pre-download dependency validation
  * new package.xml 2.0 format allows tremendous flexibility while maintaining
  * support for optional dependency groups and limited support for
  * robust dependency support
  * full dependency validation on uninstall
  * remote install for hosts with only ftp access - no more problems with
 restricted host installation
  * full support for mirroring
  * support for bundling several packages into a single tarball
  * support for static dependencies on a url-based package
  * support for custom file roles and installation tasks