-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 19 Apr 2026 13:13:52 +0200
Source: composer
Architecture: source
Version: 2.10.0~rc1-2
Distribution: experimental
Urgency: medium
Maintainer: Debian PHP PEAR Maintainers <pkg-php-pear@lists.alioth.debian.org>
Changed-By: David Prévot <taffit@debian.org>
Changes:
composer (2.10.0~rc1-2) experimental; urgency=medium
.
* Fix command injection via malicious Perforce repository definition
[CVE-2026-40261]
* Fix command injection via malicious Perforce source reference/url
[CVE-2026-40176]
Checksums-Sha1:
5da22d1b4aa1b3e2177556b1d53a89436bd9edb3 2334 composer_2.10.0~rc1-2.dsc
d7378d956d1c87cf7ef1b6acbcb7907ee042b5a5 55428 composer_2.10.0~rc1-2.debian.tar.xz
a8d8242846fe4dcb7ee3311d594dc355f14ac38d 9622 composer_2.10.0~rc1-2_amd64.buildinfo
Checksums-Sha256:
7427d94e6a9086835e6ac101b7a5726ce4c261074bca44832ea1f8b6969222f0 2334 composer_2.10.0~rc1-2.dsc
2cdeab7cb611c5553ec45d89e068c3c9f90b5e2257eaade6e776ffea38fa5fae 55428 composer_2.10.0~rc1-2.debian.tar.xz
663db00e39620014b4aef3e57a1133190f877c446e41702d2a4d2c4223647fd0 9622 composer_2.10.0~rc1-2_amd64.buildinfo
Files:
7293a6003b64166b46b74fd7e4a2b87c 2334 php optional composer_2.10.0~rc1-2.dsc
56ade4c8e18356c19e977c68bcbed420 55428 php optional composer_2.10.0~rc1-2.debian.tar.xz
c4559ebe21a4a5ff90a0cca1e0210bd5 9622 php optional composer_2.10.0~rc1-2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQFGBAEBCgAwFiEEeHVNB7wJXHRI941mBYwc+UT2vTwFAmnkuzoSHHRhZmZpdEBk
ZWJpYW4ub3JnAAoJEAWMHPlE9r08GI0H/1Nctw6zdVDLG7b+O6yaNAdssfomOJGh
S8Ou3jyFNBj1tU/A+FQ3nJmGZggY6R2eOEPeov1oN/mZe10dYkWD0vSLGw3Z6zR8
XU6w1z6ogQ5I3z7GfHYQ5uNJmhgXDEMLaGtM7rDZeR8WB6ioBQlpmHMVA1DcSXWP
I7pbYXpnAlrsj7kW0hWiwX04K1YclCM7Gw+ltvrohZUO1xmuhCsue7C1kAaVSQUP
nDQ/7V/XWKckch2qieyZ0kqpc6CktXoAK3te6Jd6Yocg0ZaYKCucxpmneFRAtnGN
1CEmhsD9BY55OzIyN7lZLLOgolP4vd7MzFuIEMVKQSqKV5bHipOc9TY=
=MJYz
-----END PGP SIGNATURE-----
