-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 29 May 2022 11:55:56 +0200 Source: composer Architecture: source Version: 2.0.9-2+deb11u1 Distribution: bullseye Urgency: medium Maintainer: Debian PHP PEAR Maintainers <pkg-php-pear@lists.alioth.debian.org> Changed-By: David Prévot <taffit@debian.org> Closes: 989315 1009960 Changes: composer (2.0.9-2+deb11u1) bullseye; urgency=medium . * Fix code injection vulnerability [CVE-2022-24828] (Closes: #1009960) * Update GitHub token pattern (Closes: #989315) * Checkout ProcessExecutorMock.php needed for updated tests Checksums-Sha1: 51bd0fcde22afbabf9c7694dd777a928a46b6b52 2103 composer_2.0.9-2+deb11u1.dsc 7f01174b027cccae81fabeb230d25237cd60c57f 23508 composer_2.0.9-2+deb11u1.debian.tar.xz fcc636a33fe5b8abddb80079c70eb542cfd95354 9609 composer_2.0.9-2+deb11u1_amd64.buildinfo Checksums-Sha256: 52a19ee9a8156e48649a9e0b5fc475f5bd412d7deae7d05cf9d8814f51c1724f 2103 composer_2.0.9-2+deb11u1.dsc 2be9160e4634f922cd6deb3565e151f4db8206185c3a0a83bda5ae5bf1c6ff08 23508 composer_2.0.9-2+deb11u1.debian.tar.xz d955fd0182b637ebe2ed59b843dfd4e2db16e2eea3c88c5ec7fd111b543704fe 9609 composer_2.0.9-2+deb11u1_amd64.buildinfo Files: f2460363246ce122bcec3e04c7db368e 2103 php optional composer_2.0.9-2+deb11u1.dsc 97652de3ce064bb89190bd301b08a5d0 23508 php optional composer_2.0.9-2+deb11u1.debian.tar.xz e2f25ba3b3a2d889b400f36b36ca3a8d 9609 php optional composer_2.0.9-2+deb11u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQFGBAEBCAAwFiEEeHVNB7wJXHRI941mBYwc+UT2vTwFAmKTRIcSHHRhZmZpdEBk ZWJpYW4ub3JnAAoJEAWMHPlE9r08XmcH/3FnuwRwee1qM7pMmYh5xZrH602EKPkc 74pQR4mCkq3dzd6ipco1NM1yAHndSkkMUFcxhSXKNPFz/xzAiodUvnxk0+lV2yPA g0WoT+fDnI6AadoMSukpNJzNONBoqOhuaQ43ik0rmfoFObA3BWeAoyFwehTMzBIc /XKfrdNxww4okpHEv6jRZJAQskHaMlRPmbKrU9Yq8I+y9v7pyH2AdgUpaoWJNoqc ucNXzBWetoWT/a+o/sezo8wrVeWRUbjvH2BDTQumom6a6fde9pgRhqNRJcIWksGe K658KOarT22xQ3V2Ohz6j7mD/UZXL+wKWoPy79POhj+pC4njDd8qsWk= =WNtv -----END PGP SIGNATURE-----