Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <>
Subject: Accepted composer 1.8.4-1+deb10u1 (source) into stable->embargoed, stable
Date: Thu, 29 Apr 2021 16:48:24 +0000
Signed by: David Prévot <taffit@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 27 Apr 2021 18:47:26 -0400
Source: composer
Architecture: source
Version: 1.8.4-1+deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Debian PHP PEAR Maintainers <pkg-php-pear@lists.alioth.debian.org>
Changed-By: David Prévot <taffit@debian.org>
Changes:
 composer (1.8.4-1+deb10u1) buster-security; urgency=high
 .
   * Use debian/buster branch
   * Security: Fixed command injection vulnerability.
     Fix external process calls to avoid user input being able to pass extra
     parameters in HgDriver/HgDownloader and hardened other VCS drivers and
     downloaders (GHSA-h5h8-pc6h-jvvx) [CVE-2021-29472]
Checksums-Sha1:
 9af4139edce953b988c41ccf1b014886b3d481cb 1904 composer_1.8.4-1+deb10u1.dsc
 d202319631cd905aa3b701c1e50a5c5254c2c1ca 406561 composer_1.8.4.orig.tar.gz
 bba3b811ad4bb5c032583012c9fb894da122730d 10132 composer_1.8.4-1+deb10u1.debian.tar.xz
 6f8ec7c5dbd33bc23f83df69bacc43abf27b2c2c 6607 composer_1.8.4-1+deb10u1_amd64.buildinfo
Checksums-Sha256:
 929ed9cfff462e73da62a15b61487109b18519acaa169a7f2e5fb0a21c654c8b 1904 composer_1.8.4-1+deb10u1.dsc
 288ab33c8f11f0db4b5883d4a115a8ead8ef1a74c924f3accadc61d220ca22de 406561 composer_1.8.4.orig.tar.gz
 b1bf0bb2e9b380b571ea0766b8798e79a5ccd6f74e7e45188bc357f552ada79e 10132 composer_1.8.4-1+deb10u1.debian.tar.xz
 adfff81649bde008a3cb02eed442d20bfd0b5993424db7510c67289d4ef8a123 6607 composer_1.8.4-1+deb10u1_amd64.buildinfo
Files:
 225717c2d0142c5c0d586ef317e03247 1904 php optional composer_1.8.4-1+deb10u1.dsc
 0fb0249cc1047048c91fa1c7c6d706a4 406561 php optional composer_1.8.4.orig.tar.gz
 6904f36136877b24326af227cf5092b5 10132 php optional composer_1.8.4-1+deb10u1.debian.tar.xz
 05b8242600876bb070d0a62eade2f2f7 6607 php optional composer_1.8.4-1+deb10u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQFGBAEBCAAwFiEEeHVNB7wJXHRI941mBYwc+UT2vTwFAmCKj3ESHHRhZmZpdEBk
ZWJpYW4ub3JnAAoJEAWMHPlE9r08+bgIAITuMGfbKA1IVpfJH3m7vydm6mt47ZVM
1k0jv8pQMxjUeHfysfh3TVfAeAe9dKYZt60Yt02djI2HQTQyqo+MaLEHmhQBSvmf
65Y5dYSRWmxMZxHQBQt/xmIh6Sc/HYnw/dyrNOCEGqPZASXXKGJ2OhXMGO+Mi5K0
oyEOpyI/7vR4mAIZZUHnUWuj9I2+e88GxUKZkkQ45UZrflB6e9Ece46Vth7311aH
4nBpq4FDsyWch1ihB1eZWk6Cg1NP1GmK/DJBktM4dCW9VcizfoAZfRDdTUFQ25tv
krINI9orUi3MxL5tXKB6ki/Y2b9o1PEgYjC7gyoVWv7KIiJKDuJ+65U=
=UVy2
-----END PGP SIGNATURE-----

News for package composer