-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 27 Apr 2021 18:20:52 -0400
Source: composer
Architecture: source
Version: 2.0.9-2
Distribution: unstable
Urgency: medium
Maintainer: Debian PHP PEAR Maintainers <pkg-php-pear@lists.alioth.debian.org>
Changed-By: David Prévot <taffit@debian.org>
Changes:
composer (2.0.9-2) unstable; urgency=medium
.
* Use debian/bullseye branch
* Security: Fixed command injection vulnerability.
Fix external process calls to avoid user input being able to pass extra
parameters in HgDriver/HgDownloader and hardened other VCS drivers and
downloaders (GHSA-h5h8-pc6h-jvvx) [CVE-2021-29472]
Checksums-Sha1:
c267afc153ff522c6a8d7bc518ceb217e706369a 2071 composer_2.0.9-2.dsc
1b414f4bd8c7b29f9c0cefd23ab577395523ff24 19924 composer_2.0.9-2.debian.tar.xz
2d1ace29f403bee55a12205ac76fecc773b93eca 9162 composer_2.0.9-2_amd64.buildinfo
Checksums-Sha256:
ae153c0aa9daad590819f8f9891780663b99a1c90bb62e914e2f627af489fa33 2071 composer_2.0.9-2.dsc
72695e46363ec5cc5fba8af668dea010001f5f5e2455cb72d2ef74ea6db3b3d7 19924 composer_2.0.9-2.debian.tar.xz
57406efbe2c56fb28b619d8f6d53d28184e4b36d42cb95b35bc7a91faeed1c13 9162 composer_2.0.9-2_amd64.buildinfo
Files:
dd19dea0003f6edab20c16dbd4af0bc5 2071 php optional composer_2.0.9-2.dsc
65e5b493a02251f84a64e044b0622e21 19924 php optional composer_2.0.9-2.debian.tar.xz
082d328a81e90a77059dba6b48458d7d 9162 php optional composer_2.0.9-2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQFGBAEBCAAwFiEEeHVNB7wJXHRI941mBYwc+UT2vTwFAmCIj7MSHHRhZmZpdEBk
ZWJpYW4ub3JnAAoJEAWMHPlE9r08aKIH/2lMIhoLEBVlvIPe0IJbz8L9Lxpdc36W
Wll58WdCysmC73fyiQ2IvySuP5jOnBvYMmTkPHyGLRXPe6Z6tbn3CNwr36YITIoP
pN1kgI2bFQJic/LJ/aKTCbuOs5Z8esOQ1ChrZ7UFDfoOCHpFrgrvj+em9QwxQW9r
BKMqNn1We8xUBGqa+cxET+7RlETwnMg68k1thcPbUNWaIdxGfxew+Xadh53EnKqx
fhRBzusm7qCzAzC/9/IP6Sixprf3dzctobBxWzaBmOFZ98220m/I4kwZv1+N/Y+t
msivUd7zCJHeHHno8v9W3F8M39c+2RqVoV+k4vBeFnPWCIBM1wbK6wk=
=9pNz
-----END PGP SIGNATURE-----
