-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 21 Dec 2024 13:38:59 +0000 Source: php-laravel-framework Architecture: source Version: 6.20.14+dfsg-2+deb11u2 Distribution: bullseye-security Urgency: high Maintainer: Debian PHP PEAR Maintainers <pkg-php-pear@lists.alioth.debian.org> Changed-By: Chris Lamb <lamby@debian.org> Closes: 1088189 Changes: php-laravel-framework (6.20.14+dfsg-2+deb11u2) bullseye-security; urgency=high . * Non-maintainer upload by the Debian LTS team. * CVE-2024-52301: When the register_argc_argv php directive was set to "on" and users called a URL with a specially-crafted query string, they were able to change the environment used by the framework when handling the request. Laravel now ignores argv values for environment detection on non-CLI APIs. (Closes: #1088189) Checksums-Sha1: f047c96fa5e9eee53cf7dcf5e9525012dfc6ec8e 4240 php-laravel-framework_6.20.14+dfsg-2+deb11u2.dsc c4ffd212b40f84dba82110febf5756e872f22b67 706308 php-laravel-framework_6.20.14+dfsg.orig.tar.xz 36685a5731c5c009e9e11041a2f2e296bfe16990 10284 php-laravel-framework_6.20.14+dfsg-2+deb11u2.debian.tar.xz 814ac2cd913c8cf4b4579be76307d8b62c80a26b 16660 php-laravel-framework_6.20.14+dfsg-2+deb11u2_amd64.buildinfo Checksums-Sha256: 7a5f594432facaf2469a97a4a30379d5fd7be522dbf61031c117c8fd0937dd52 4240 php-laravel-framework_6.20.14+dfsg-2+deb11u2.dsc 9a7bbf03fbf3a2910a6c67c421ff9407bb63a3aaa87daf85b97ce8ec952d3b28 706308 php-laravel-framework_6.20.14+dfsg.orig.tar.xz a09c3513ddcda69ac9aef69de9efd21b5728aa7ba9514e36ff891cf5d47fc8f6 10284 php-laravel-framework_6.20.14+dfsg-2+deb11u2.debian.tar.xz 5a6468e67243ac693fb70be1beabdc9497003fd6b64827db475f45379b14d51a 16660 php-laravel-framework_6.20.14+dfsg-2+deb11u2_amd64.buildinfo Files: 49ac7d1311a9ed736f883239b9e2c213 4240 php optional php-laravel-framework_6.20.14+dfsg-2+deb11u2.dsc c19c0ac99951bbcbf2096a868b47ab83 706308 php optional php-laravel-framework_6.20.14+dfsg.orig.tar.xz 77b39bb8ed7c21108ef5f62cdf1c80ef 10284 php optional php-laravel-framework_6.20.14+dfsg-2+deb11u2.debian.tar.xz 5750cb5cdd3ccd1a483ad71ee272a438 16660 php optional php-laravel-framework_6.20.14+dfsg-2+deb11u2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmdmxqAACgkQHpU+J9Qx Hli8vhAAsXBnFAgnqDpO425Jj5vnuJjNCgNx2wDGRgAXugw2srCOH7n2Jdv82hSN wpg5HST5WHTVerIZHJD1gtvveldgLVy46Zd+JjqnamHJBUZI8WBQF6FYPLMSoCgT 03nlypxlsT0Sw6Np1qUK6cNaJwzIBlMUA5N+Y/Cl3/v+aDQ0WWZaolJlNIHv3Xn5 BoT6YoTt32xiPo1yk2cZqb8w2iNJ6y1DpxkLO8F0u56Qs3VdYdK7z4U/IOaM3v/u LNm5o3U04ikAbuotggxq8ykdnbNuGckKfb6PlezwFzMtO1dScXsOX0zXTAp1Zs/7 lxlFHZjdHUpSk/HKOUHhlAC1ae4zTunC0hBpyhTz5b5ZN++E+DdME3dUla2qCSQE qvl6tqDeKT9St8hDWRWeNZ5vYBQTTDokSUWkU8uTDAygLzoaZZ4XtPStqJHHzWLg 98syevSsdha+1GnyIgAkimU1Ql8aLCKpRCGrQBiNqb7K+48jkVs9cxFKmirnDlK5 dU7Jrb0kmEZ5sxc1sdU2byNvr+mlZ6Llu8UyKFia2w+J0mnS5I9uMkhmwG9AxGSf gkouepONHPGiQtWlR/22lAEvqtmtLS21Hh9/HHhvhL0W44cVBkoBXflErGOyiXLG PqAfUG/GNFxQXD/shm+KQTx1UoTp5vlxK6x2CdvDK5T1Oo5Fr7E= =l42+ -----END PGP SIGNATURE-----
