php-pear 1:1.10.9+submodules+notgz-1ubuntu0.20.04.2 source package in Ubuntu

Changelog

php-pear (1:1.10.9+submodules+notgz-1ubuntu0.20.04.2) focal-security; urgency=medium

  * SECURITY UPDATE: directory traversal attack in Archive_Tar
    - debian/patches/CVE-2020-36193-1.patch: disallow symlinks to
      out-of-path filenames in submodules/Archive_Tar/Archive/Tar.php.
    - debian/patches/CVE-2020-36193-2.patch: fix out-of-path check for
      virtual relative symlink in submodules/Archive_Tar/Archive/Tar.php.
    - debian/patches/CVE-2020-36193-3.patch: PHP compat fix in
      submodules/Archive_Tar/Archive/Tar.php..
    - CVE-2020-36193

 -- Marc Deslauriers <email address hidden>  Thu, 04 Feb 2021 10:37:22 -0500

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Focal
Original maintainer:
Ubuntu Developers
Architectures:
all
Section:
php
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Focal: [FULLYBUILT] amd64

Downloads

File Size SHA-256 Checksum
php-pear_1.10.9+submodules+notgz.orig.tar.gz 2.1 MiB d138578f93aaf595846e92b5bf5e1b65a5113c823d6fb9ee43138e55cd426c91
php-pear_1.10.9+submodules+notgz-1ubuntu0.20.04.2.debian.tar.xz 9.2 KiB 5074c5e98c38885337b5b2fca7aa8c41295ddb40bda69cdca24fd57edd928a8b
php-pear_1.10.9+submodules+notgz-1ubuntu0.20.04.2.dsc 2.2 KiB 061dd09fb43b480c4a6ee74d47fda746840c3e70b3ca78636498600e3685274a

View changes file

Binary packages built by this source

php-pear: PEAR Base System

 The PEAR package contains:
  * the PEAR installer, for creating, distributing
 and installing packages
  * the PEAR_Exception PHP5 error handling mechanism
  * the PEAR_ErrorStack advanced error handling mechanism
  * the PEAR_Error error handling mechanism
  * the OS_Guess class for retrieving info about the OS
 where PHP is running on
  * the System class for quick handling of common operations
 with files and directories
  * the PEAR base class
 Features in a nutshell:
  * full support for channels
  * pre-download dependency validation
  * new package.xml 2.0 format allows tremendous flexibility while maintaining
 BC
  * support for optional dependency groups and limited support for
 sub-packaging
  * robust dependency support
  * full dependency validation on uninstall
  * remote install for hosts with only ftp access - no more problems with
 restricted host installation
  * full support for mirroring
  * support for bundling several packages into a single tarball
  * support for static dependencies on a url-based package
  * support for custom file roles and installation tasks