Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted composer 1.8.4-1+deb10u4 (source) into oldoldstable
Date: Wed, 19 Jun 2024 19:30:20 +0000
Signed by: Chris Lamb <lamby@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 19 Jun 2024 11:57:13 -0700
Source: composer
Architecture: source
Version: 1.8.4-1+deb10u4
Distribution: buster-security
Urgency: high
Maintainer: Debian PHP PEAR Maintainers <pkg-php-pear@lists.alioth.debian.org>
Changed-By: Chris Lamb <lamby@debian.org>
Closes: 1073125 1073126
Changes:
 composer (1.8.4-1+deb10u4) buster-security; urgency=high
 .
   * Non-maintainer upload by the Debian LTS team.
   * CVE-2024-35241: Prevent a command-line injection vulnerability in the
     'status', 'reinstall' and 'remove' functionality where packages installed
     via Git that used maliciously-crafted branch names could have been used to
     execute arbitrary shell commands. (Closes: #1073125)
   * CVE-2024-35242: Prevent a command-line injection vulnerability in the
     'install' functionality where packages installed via Hg or Git that used
     maliciously-crafted branch names could have been used to execute arbitrary
     shell commands. (Closes: #1073126)
Checksums-Sha1:
 bc7638ea1ab7650bc8f7907d21c86e4b78fa4c5a 2331 composer_1.8.4-1+deb10u4.dsc
 d202319631cd905aa3b701c1e50a5c5254c2c1ca 406561 composer_1.8.4.orig.tar.gz
 49c6cb05f0bdb0172e96808424b32203b7dbc0a3 425976 composer_1.8.4-1+deb10u4.debian.tar.xz
 e4b492eb5992d78bf8c58e12b9616123e72d032f 9516 composer_1.8.4-1+deb10u4_amd64.buildinfo
Checksums-Sha256:
 0a026327ad177bf4ed2097d37f19cbeaed88ac4fb6f61a014ae026bf8e0a6662 2331 composer_1.8.4-1+deb10u4.dsc
 288ab33c8f11f0db4b5883d4a115a8ead8ef1a74c924f3accadc61d220ca22de 406561 composer_1.8.4.orig.tar.gz
 9eb0486fbf18e04e155e310204a57d7529a150d5361f9fd136aa74221177c1b8 425976 composer_1.8.4-1+deb10u4.debian.tar.xz
 68908f137bb8efd45c6539fc4132c158096bb5123a970176e6d8c005a579d1b4 9516 composer_1.8.4-1+deb10u4_amd64.buildinfo
Files:
 0fd43448b528e21759e5d46ccef0cac3 2331 php optional composer_1.8.4-1+deb10u4.dsc
 0fb0249cc1047048c91fa1c7c6d706a4 406561 php optional composer_1.8.4.orig.tar.gz
 841e7610fbd7cea610b976cddcfe1e42 425976 php optional composer_1.8.4-1+deb10u4.debian.tar.xz
 522a3930ba12a3b1b03ccfb13bdb7da8 9516 php optional composer_1.8.4-1+deb10u4_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmZzMEkACgkQHpU+J9Qx
HliQbQ/9EvORyF8r/5a4xOt0SsHfc8yBYSyGyXPbI5G1Zz2DZVAwrNKTQ1i9modK
sQ56i+KWmBBEhg1ca53aPOT9o2JmlfIDdzhV+acRsrXvOqXLv7RgWh7Sh/amdu/O
xjGyzyUUigCF6IaCdgcLxzY9DN4XCJ8cDiZFMKdUGeQgl6H94UkgsiHHINhUIua6
MLgij9x1oQ+gGAbfwVJaVKq6Bk3lh4PnU24AJohkiKZbSvWTsHFsJPEr8agYEjcu
hnC9cyZoNdt4KpD73l7o5Xr8w2hfMY7BETYFrUUijW7qCa6dPFbPDyOPuw5pNrCV
Td/Ybd/48TXRCBEi+YReR4wV4Oc68Ga4R9zhbGbl13STtoPD6V02TgqwvqoglyKh
6H0tbgkGV+yrYjdd081x9v3cgqNwNP2v6yxIDhgpbV8ibxwpYKivxxEDbfHWS7W3
CkdrSzyYpS4iz2kXSwKBCGOKq2cL+m1igeINlFvAOETThQYD2mFgwq/KL+pf+n7s
vFOIpwnkd/NKUDtixox7BSp5sPriRkv8FJKN72sCoGhAqbNiE4Z2bzCpdjIAS4+u
5mdR9CX5WckrbtLXDlaSVLBHzSHaJE1dFXWRhWUfDP2luxyqMJ++CVHUEdtnMYpK
FpYSWwzkooQ1UBcv1RvpkMAyOnYya5sNe1Ze/3QgB7jTGxQRuk8=
=26kV
-----END PGP SIGNATURE-----

News for package composer