-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 06 Dec 2020 16:03:59 +0100 Source: php-pear Architecture: source Version: 1:1.10.6+submodules+notgz-1.1+deb10u1 Distribution: buster-security Urgency: high Maintainer: Debian PHP PEAR Maintainers <pkg-php-pear@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Closes: 976108 Changes: php-pear (1:1.10.6+submodules+notgz-1.1+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * ensure we catch additional malicious/crafted filenames (CVE-2020-28948, CVE-2020-28949) (Closes: #976108) Checksums-Sha1: 2330d4708878fd03a96b56ec5815ff98e3dc9ddf 2284 php-pear_1.10.6+submodules+notgz-1.1+deb10u1.dsc d2d23d9bfcdfce2af7a2ecf78475c725816f4999 2212375 php-pear_1.10.6+submodules+notgz.orig.tar.gz c0934b0e2f73bad8e9d50d9f35b3f9e841ff5ba1 6900 php-pear_1.10.6+submodules+notgz-1.1+deb10u1.debian.tar.xz Checksums-Sha256: 756f6a58d08c040c8cb330342e67cd8c5a4fab6ca162e52de68882c9ba428f3c 2284 php-pear_1.10.6+submodules+notgz-1.1+deb10u1.dsc 239d656f5b88a914552ac10b524551bf052b3f59aa9c57995c8aed6e48b15389 2212375 php-pear_1.10.6+submodules+notgz.orig.tar.gz 41d2d3ba60b92f3950db892f48b7c1f08ecd248cf1439b4a943e91374cced032 6900 php-pear_1.10.6+submodules+notgz-1.1+deb10u1.debian.tar.xz Files: b411b67725bd1860f63868c697ed2fcb 2284 php optional php-pear_1.10.6+submodules+notgz-1.1+deb10u1.dsc 781a7e0d311e16ca7b5e64fcb66b6eac 2212375 php optional php-pear_1.10.6+submodules+notgz.orig.tar.gz 950da5acb41c811754e0c5d87e3876c8 6900 php optional php-pear_1.10.6+submodules+notgz-1.1+deb10u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl/M8+dfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89ELy4P/2DZkR88dfYnPzA4YJ85GpxzoheJq/qY 0ELVkzWyvJxuCKixefXXsHqzcxKNJtOhbuEejBv6DTLs3LinVeBGyeOcQc63198r rL7nXzU43E63Wp+epi5vgojO6vzwDjaFDoLlJguCTW0YVJaXKK89BYdCe0Uf0dLr gVuldYRf/pW58DpdXU6yxXdG2NzCIcBN5hK1URh/9vBYmPLR8jVT4VmsdKL1QNPW YvjGo50B/nbtfY/lWaexS6bPnmhcVhT8xUK33j8ykHInQUb9WA5QqZmx7SPWLZxN aJoyvOlcr41gXatpnUDTR7hRCSomFCuPKZWfAC/ICj9lPEvwZMeKTSfxxiKVYqdg DNAbxQgF/D+ETJWxZSw2hPsBu0FZw/WtJfegsSSQXRYrK1YOvocDMc8uYWSlookr h0YPqz6K0f+erpzKU/3V5mssX/guPMroijSaA5W4ttpvNpyNXRL5KiB1EYxp5GEU WI711fxGtXlPFPcTbmv5ngvcLbLdNHn9c/Px1m9L2TsVbGBGJcZAijpWNtTWNs9j XOoEZVUgXC+E9UwZtmPjalqy6UZLVAxYs4GzahmOnY9ZJjcuqJGaJRhPqsl4mY5t BWiN2C1bKkkzuUwn8olPNsqC1GTKq+DI0IUx4+dvw0CjGXeFoLctIJK/Em9yjtTo D4E95VaZCHsk =7jk0 -----END PGP SIGNATURE-----