-
php-pear (1:1.10.9+submodules+notgz-1ubuntu0.20.10.2) groovy-security; urgency=medium
* SECURITY UPDATE: directory traversal attack in Archive_Tar
- debian/patches/CVE-2020-36193-1.patch: disallow symlinks to
out-of-path filenames in submodules/Archive_Tar/Archive/Tar.php.
- debian/patches/CVE-2020-36193-2.patch: fix out-of-path check for
virtual relative symlink in submodules/Archive_Tar/Archive/Tar.php.
- debian/patches/CVE-2020-36193-3.patch: PHP compat fix in
submodules/Archive_Tar/Archive/Tar.php..
- CVE-2020-36193
-- Marc Deslauriers <email address hidden> Thu, 04 Feb 2021 10:36:47 -0500
-
php-pear (1:1.10.9+submodules+notgz-1ubuntu0.20.10.1) groovy-security; urgency=medium
* SECURITY UPDATE: unserialization attack in Archive_Tar
- debian/patches/CVE-2020-2894x.patch: catch additional malicious or
crafted filenames in submodules/Archive_Tar/Archive/Tar.php.
- CVE-2020-28948
- CVE-2020-28949
-- Marc Deslauriers <email address hidden> Mon, 30 Nov 2020 09:55:16 -0500
-
php-pear (1:1.10.9+submodules+notgz-1) unstable; urgency=low
[ Ondřej Surý ]
* Update PEAR to 1.10.8
* Update Archive_Tar to 1.4.6
* Update Console_Getopt to 1.4.2
* Update maintainer address
* Update gbp.conf for salsa and enable pristine-tar
* Bump policy to recent version (no change)
[ Mathieu Parent ]
* Update PEAR to 1.10.9
- Fixes count() on non Countable (Closes: #890433)
* Update Archive_Tar to 1.4.7
* Update Structures_Graph to v1.1.1 + 1 minor patch
* Add debian/README.source
* Fix package-uses-deprecated-source-override-location
* Fix insecure-copyright-format-uri
* Fix debian-watch-uses-insecure-uri
* Bump debhelper compat to 12
* Update debian/php-pear.substvars-static
* Fix manpage-has-errors-from-man
* Standards-Version: 4.4.0
* Add debian/salsa-ci.yml
* Implement the SOURCE_DATE_EPOCH specification (Closes: #750697)
-- Mathieu Parent <email address hidden> Thu, 01 Aug 2019 23:15:22 +0200
