Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-lts-changes@lists.debian.org> , <dispatch@tracker.debian.org>
Subject: Accepted composer 1.8.4-1+deb10u3 (source) into oldoldstable
Date: Tue, 26 Mar 2024 22:00:19 +0000
Signed by: Bastien ROUCARIÈS <rouca@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 04 Mar 2024 17:48:29 +0000
Source: composer
Architecture: source
Version: 1.8.4-1+deb10u3
Distribution: buster-security
Urgency: high
Maintainer: Debian PHP PEAR Maintainers <pkg-php-pear@lists.alioth.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Changes:
 composer (1.8.4-1+deb10u3) buster-security; urgency=high
 .
   * Non-maintainer upload.
   * Add Test suite from upstream
   * Force system dependencies loading
   * Fix CVE-2023-43655: . Users publishing a composer.phar
     to a public web-accessible server where the composer.phar
     can be executed as a php file may be subject to a
     remote code execution vulnerability if PHP also has
     `register_argc_argv` enabled in php.ini
Checksums-Sha1:
 97280f22af00097343c851c42d92965367cb9a52 2356 composer_1.8.4-1+deb10u3.dsc
 64c9bd0068668de48bc25b67e620c657e25bfa70 425448 composer_1.8.4-1+deb10u3.debian.tar.xz
 cf2a23b4da7cbbcef19716a862c2740312f0aaa8 9611 composer_1.8.4-1+deb10u3_amd64.buildinfo
Checksums-Sha256:
 f90f1993e390cc31bfef036088952c06f1e16dc34e3cce7a52502325f5f76b30 2356 composer_1.8.4-1+deb10u3.dsc
 9f3fe62907d2ca006fac6d05983b27efa35d6f05f690787cb3e17bec5b867cec 425448 composer_1.8.4-1+deb10u3.debian.tar.xz
 c9e0896689a7ed27284d48554434b2151bd077874e5d2209ac8f4760ab008e1b 9611 composer_1.8.4-1+deb10u3_amd64.buildinfo
Files:
 2c74b4c9e24600494c9909a4b4639d57 2356 php optional composer_1.8.4-1+deb10u3.dsc
 d40213042e5dcee9c415f5474f8f75e8 425448 php optional composer_1.8.4-1+deb10u3.debian.tar.xz
 36b5f90d90ac75df00b1de0b65bd433b 9611 php optional composer_1.8.4-1+deb10u3_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmYDQOsRHHJvdWNhQGRl
Ymlhbi5vcmcACgkQADoaLapBCF+VrxAAqvFnNFPJ+gALEJSaIUuwFa4YfiX8AgDi
JcTqO3Cg84ZzxY0eD5sy9ITsuPVhgFSVSilfVmSU7E7M7qWGwCAsjfgQBqQS/Sxj
MY2Zzj/jd5QTbDq4VKpEl2CZ77+F0089bkU5KixSXJiHIJgGmQsv0tyiQXga4+IT
f7V6KZM3O5nxOzHhCrKQwUcHdkx60X/0dY1hTlZWM0i9bmKBDaD0FUYuJo109sx9
B8nqRBof3CkIaUnzDonH0I253/57eLvewNK3hUjIJ1S1xewE7BE4Kfwv/ZIUjyGI
YYA1BId6qTnYYOjc3kGH4z5j+EQ5X/mV6dbFnniV2XPPi1d6TVJ++73eBoZhfsHN
dGXPI3k+p4B0WF3Keaz+3PlkHqgvIICOMyjy1kHpk/3gHh6sBqAqQQt0N8fNiLEq
W5TcQoA+v+UxAt/vrIZtb42QCjlHg2m9peKqbsvz9we8JzfnKr1ssPHYDQdTZWuA
UBj+UpDewFT3sq048sac2Tc9BkM06Eg9SI6VWaSIzkHLSAznixJTtYx7ZuKFDPIE
iM2MaINXMYxreqU/i4JyN16idYkjzbJfQpPjnxyq9PuvtSMztMNRm6errk1AZB4b
XfiUd+wEBhOi05v/HYg0lGONzFNzrB2Exe7nlEfB22SKwXHZAlgg/n78QN9BxhxV
zqY4Xl29rOU=
=41sW
-----END PGP SIGNATURE-----

News for package composer