Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted composer 1.2.2-1+deb9u1 (source all) into oldstable
Date: Tue, 11 May 2021 18:30:13 +0000
Signed by: Utkarsh Gupta <utkarsh@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 10 May 2021 03:14:19 +0530
Source: composer
Binary: composer
Architecture: source all
Version: 1.2.2-1+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Debian PHP PEAR Maintainers <pkg-php-pear@lists.alioth.debian.org>
Changed-By: Utkarsh Gupta <utkarsh@debian.org>
Description:
 composer   - dependency manager for PHP
Changes:
 composer (1.2.2-1+deb9u1) stretch-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * Add patch to fix CVE-2021-29472.
     - Security: Fixed command injection vulnerability.
       Fix external process calls to avoid user input being
       able to pass extra parameters in HgDriver/HgDownloader
       and hardened other VCS drivers and downloaders.
       (GHSA-h5h8-pc6h-jvvx)
Checksums-Sha1:
 41bfb52033e4270f4d63e79106a80e8fbbd2ce49 2459 composer_1.2.2-1+deb9u1.dsc
 258cdf07f48e182945f676d041904a3c67008bf8 1070446 composer_1.2.2.orig.tar.gz
 7eeddc383627c45cebcc1f3016c632b8cbc0f337 10324 composer_1.2.2-1+deb9u1.debian.tar.xz
 a9c1cc72034b6f75ee5658b364d2fbf07558defe 304560 composer_1.2.2-1+deb9u1_all.deb
 77572bc8f08f5bc1fc97ff54d783f4e4bc592b97 9661 composer_1.2.2-1+deb9u1_amd64.buildinfo
Checksums-Sha256:
 c28d650db1befb2443ea4d5257b9a42e40dbd79c33dd5421b5ceddf0ed7e3eaf 2459 composer_1.2.2-1+deb9u1.dsc
 c51b4fb71a0d23e26c5be048743459eefca7c9da22a47f757a433cbb33553bb4 1070446 composer_1.2.2.orig.tar.gz
 2fb03e62aa471fc048ad421b13fa3a5eb9094523c6e220837f9f34cc8024285b 10324 composer_1.2.2-1+deb9u1.debian.tar.xz
 bdd8185bf32c5f06418f6043f0da127c7c0a914e5f6c28f982fb6b4e55646e9f 304560 composer_1.2.2-1+deb9u1_all.deb
 845278cc78a84d5b15be30de5c09d433842d7367896033aec7a3effaa002bee2 9661 composer_1.2.2-1+deb9u1_amd64.buildinfo
Files:
 6bcbfc515047107728fd3869cc1de48c 2459 php optional composer_1.2.2-1+deb9u1.dsc
 2cdaba60950b7e5fe8061f2585dbe6f6 1070446 php optional composer_1.2.2.orig.tar.gz
 489451630d6f35f1b784dafcf9021040 10324 php optional composer_1.2.2-1+deb9u1.debian.tar.xz
 6c2f9ff251665f6694601a4b17b1a36d 304560 php optional composer_1.2.2-1+deb9u1_all.deb
 307d3269a8cdf342773f6d0aa807fbf5 9661 php optional composer_1.2.2-1+deb9u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJHBAEBCAAxFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmCayd4THHV0a2Fyc2hA
ZGViaWFuLm9yZwAKCRCCPpZ2BsNLltWjD/9AngcnzI4JnzXAJdrE3mBIVAnHx6+Q
20pEPMUmWCe3c1VycmnCzXupascVKcNYDzfZJyJtfkuj179dKBhBk3KAFU3fr5UH
U5GnJvNOIfFiBPkXdN5TnUey6wTh5rvXR1NKZ5UY1fXTzgZ+62qhdnteFvwcgYHE
RBAa8S9MIisaeovFBw807Rd/F3M1DrqZEYR8EWIx67S1ZFAvy9YEX2ZgQ9hvYz6Z
gSotP3nAp09xebS6DvYTRMp33zNiruRC7wiO3oJdyiyvX+XxA4CSomtvHuAo8EdZ
6yFh4RbCsAiD0WE/mPdAso5kN1xq/ZXjR3YMvnsBvVk5qbC6YWTHgzdliw1ACmtb
pCX13FC1tK78yePud+iybcvzXjOyvr2H2XXw5Y07SINJcVIwF3IhGq04LgrqgyPJ
bX5raexpAir3Ns9586IshmX2YoNtHBGRAGiKJ0CBpavasokqeKzNycfOvgG9l9/p
LhyCfQqkfTLyi9wb6mI2pVbeaVbcTLw9SdivmR8ORAPrzCB+xsKlsD5yCckhjtK5
tEEb1ixucAeYXfmkm3Plnf/ja3OaWvNKAxhEPYFB6L3hhuvBdNW8bN+FWSCwdWme
pQpzdo2vI3SKddBLwA8oQBjE8jfZ2drSbc8NkiA+h5+VeM+dkWyrXOgE1ANdbVGB
Fp/Ak3H2gvkEzg==
=Ugmo
-----END PGP SIGNATURE-----

News for package composer