-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 28 May 2022 18:18:24 +0200 Source: composer Architecture: source Version: 1.8.4-1+deb10u2 Distribution: buster Urgency: medium Maintainer: Debian PHP PEAR Maintainers <pkg-php-pear@lists.alioth.debian.org> Changed-By: David Prévot <taffit@debian.org> Closes: 955485 989315 1009960 Changes: composer (1.8.4-1+deb10u2) buster; urgency=medium . * Fix code injection vulnerability [CVE-2022-24828] (Closes: #1009960) * Update GitHub token pattern (Closes: #989315) * Use Authorization header instead of deprecated access_token query param (Closes: #955485) Checksums-Sha1: 6e4a8fca20b9b4719e94808e7b0e7bc0eb48ceef 1904 composer_1.8.4-1+deb10u2.dsc d202319631cd905aa3b701c1e50a5c5254c2c1ca 406561 composer_1.8.4.orig.tar.gz ac72be77e3747c29b2b885ecf8dfaa6d0d85b9c4 13064 composer_1.8.4-1+deb10u2.debian.tar.xz cfdfc533e5656587470768c0cbcc0aee04513c7b 6680 composer_1.8.4-1+deb10u2_amd64.buildinfo Checksums-Sha256: 53310c41fb83e1482c9a291bf7509f0cfcc1119a18513099f1645626ec6adf1a 1904 composer_1.8.4-1+deb10u2.dsc 288ab33c8f11f0db4b5883d4a115a8ead8ef1a74c924f3accadc61d220ca22de 406561 composer_1.8.4.orig.tar.gz 23e6590db42362576cd594fea7c8aabe8c378164822dfa7d640750dab24272e8 13064 composer_1.8.4-1+deb10u2.debian.tar.xz 1aef941fe03a282bd6236320d61795b0dc61ee3e798780a01e6a444acdbad8d9 6680 composer_1.8.4-1+deb10u2_amd64.buildinfo Files: 2f6a5a87ec66bdf25d2d44d3187ccdd1 1904 php optional composer_1.8.4-1+deb10u2.dsc 0fb0249cc1047048c91fa1c7c6d706a4 406561 php optional composer_1.8.4.orig.tar.gz 0a176b8aad179123ba8f682a77683333 13064 php optional composer_1.8.4-1+deb10u2.debian.tar.xz 34ef98cad317e22ffb370321089fe6ba 6680 php optional composer_1.8.4-1+deb10u2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQFGBAEBCAAwFiEEeHVNB7wJXHRI941mBYwc+UT2vTwFAmKTRKESHHRhZmZpdEBk ZWJpYW4ub3JnAAoJEAWMHPlE9r08xlsIAJNUoobevU+X3afaILEtcS3Gn802koKd TCJTI/WduSlbDxwcLOtLxGVabI0qPfHE5pPAlwbGWIV+rap8bg1YpgDaGjB3tt6b yenRgmMWVY1zNhbaSal0ns4eno635UaNDZfvkyVmpbESLHIARMDjQD008ndQ7aWw 4v7qzzewwGLxSedSprYJY+sbaTLXPfaazOakOC8VdHMqQTWrAm4p3xgeOT4kaHX7 LsicdptQvWfl15XUfMaC9iS8CPSrNBL7j62mp76taF8PdcP/jkX7xtv+Ar/Pr3KT eZ+2FAOk4oHHrwCjsWhpsqeFIbsBzAUEoiRga9quH08kdxtYD6L/M4Y= =TsZe -----END PGP SIGNATURE-----