Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <>
Subject: Accepted php-pear 1:1.10.6+submodules+notgz-1.1+deb10u2 (source) into stable->embargoed, stable
Date: Tue, 20 Apr 2021 18:10:57 +0000
Signed by: Salvatore Bonaccorso <carnil@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 17 Apr 2021 14:08:59 +0200
Source: php-pear
Architecture: source
Version: 1:1.10.6+submodules+notgz-1.1+deb10u2
Distribution: buster-security
Urgency: high
Maintainer: Debian PHP PEAR Maintainers <pkg-php-pear@lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 980428
Changes:
 php-pear (1:1.10.6+submodules+notgz-1.1+deb10u2) buster-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * directory traversal due to inadequate checking of symbolic links
     (CVE-2020-36193) (Closes: #980428)
     - Disallow symlinks to out-of-path filenames
     - Add testcase for relative and in-path symlink
     - Fix out-of-path check for virtual relative symlink
     - PHP compat fix
Checksums-Sha1:
 802f7b83ece0656a194ff71b8142f0de4a6f7dd6 2284 php-pear_1.10.6+submodules+notgz-1.1+deb10u2.dsc
 511395dad1e6ce18f5b44b0d78f1ac69ce53bff2 8680 php-pear_1.10.6+submodules+notgz-1.1+deb10u2.debian.tar.xz
 ace60a2001a310de987c6d09ba4dfff48638c367 6675 php-pear_1.10.6+submodules+notgz-1.1+deb10u2_source.buildinfo
Checksums-Sha256:
 dcc92530a0f52b4df8bbb136bc2e46e560489856fa754a8a765e82ea83d5cf41 2284 php-pear_1.10.6+submodules+notgz-1.1+deb10u2.dsc
 ad21a14d6ef907bfd710b9535cfb30a95071b3c4d341bf2dc6f21e20af52212a 8680 php-pear_1.10.6+submodules+notgz-1.1+deb10u2.debian.tar.xz
 4736544b8aa6e27b1947a0f1b675a817e1fd68e07ecf4633f2f81ded03da5f9b 6675 php-pear_1.10.6+submodules+notgz-1.1+deb10u2_source.buildinfo
Files:
 d019eeebce1af0ced3278452c43c86f0 2284 php optional php-pear_1.10.6+submodules+notgz-1.1+deb10u2.dsc
 27d8b2902bd8bdcce0a8235a89e25d1a 8680 php optional php-pear_1.10.6+submodules+notgz-1.1+deb10u2.debian.tar.xz
 9fe8fe3f70eed1ee92a359dfe11a1d4f 6675 php optional php-pear_1.10.6+submodules+notgz-1.1+deb10u2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmB7K+pfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89E7FoP/RsAMjfLiG6c6WfZB/2XKLkCMuV0DQ0Z
ttQIMraWYX8cVGfs+C6eDcqm+LxZj5rdnCQATMMMfZBwLn6XXsA7gOcADGbqkjC1
dYe3iMGGFhTGB9nmGdAxWlaWr5iOGF9ZHf/j5WgYU6nq4yumKD2XSd2AqtlMox0t
oqHcAkw3fP1vikHti81xW6zPiEuSH2Ewei4L69WNqFexB+hlW7ahH+pQGaJTNYPl
7pGMqhBvxm6YsDrLr1/Km9fVIPDeltcg6mXtjlTmekKdqEq3eK+CAQDiSO+CJ24T
MZatlTpzU3mQtOJ0k2uBlSVZ4A8o8P4xLA2G2eN96nBebVBekY3n+X6LEHuxAglK
2RjCafGXPqx0U6j6PSA1oGSgsuaPTBTtbW2clxIgUDQ/ruKrhmNl0u6RBOwlFMGy
LSYX4RNJlJ3FiYNkk+xLD0b1tDHqlgu/3xMKUN1Saz/ZlXKnaHAx1lO5u1kh+h4I
5xgk8u660dp1FS3JbWZyCpHmDA2ZaYrDKmVDc2+lBNVa/kFkWUvV45OoeS38Y65p
i3AdWz1oJ1V1Krswg0qNd/4h+0Lm49kYBxLZj9iVvTMPWuZRrnM8/BwfNzMqYYF8
0dwhYaouOWe/Z2k/PZ+6PHgVvghtlFrhPneTvcByAJGO4+XA7wNBrYMYsibKkzQz
svoF6bPoHYpY
=sgi3
-----END PGP SIGNATURE-----

News for package php-pear