Accepted composer 1.2.2-1+deb9u1 (source all) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 10 May 2021 03:14:19 +0530
Source: composer
Binary: composer
Architecture: source all
Version: 1.2.2-1+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Debian PHP PEAR Maintainers <pkg-php-pear@lists.alioth.debian.org>
Changed-By: Utkarsh Gupta <utkarsh@debian.org>
Description:
composer - dependency manager for PHP
Changes:
composer (1.2.2-1+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the LTS team.
* Add patch to fix CVE-2021-29472.
- Security: Fixed command injection vulnerability.
Fix external process calls to avoid user input being
able to pass extra parameters in HgDriver/HgDownloader
and hardened other VCS drivers and downloaders.
(GHSA-h5h8-pc6h-jvvx)
Checksums-Sha1:
41bfb52033e4270f4d63e79106a80e8fbbd2ce49 2459 composer_1.2.2-1+deb9u1.dsc
258cdf07f48e182945f676d041904a3c67008bf8 1070446 composer_1.2.2.orig.tar.gz
7eeddc383627c45cebcc1f3016c632b8cbc0f337 10324 composer_1.2.2-1+deb9u1.debian.tar.xz
a9c1cc72034b6f75ee5658b364d2fbf07558defe 304560 composer_1.2.2-1+deb9u1_all.deb
77572bc8f08f5bc1fc97ff54d783f4e4bc592b97 9661 composer_1.2.2-1+deb9u1_amd64.buildinfo
Checksums-Sha256:
c28d650db1befb2443ea4d5257b9a42e40dbd79c33dd5421b5ceddf0ed7e3eaf 2459 composer_1.2.2-1+deb9u1.dsc
c51b4fb71a0d23e26c5be048743459eefca7c9da22a47f757a433cbb33553bb4 1070446 composer_1.2.2.orig.tar.gz
2fb03e62aa471fc048ad421b13fa3a5eb9094523c6e220837f9f34cc8024285b 10324 composer_1.2.2-1+deb9u1.debian.tar.xz
bdd8185bf32c5f06418f6043f0da127c7c0a914e5f6c28f982fb6b4e55646e9f 304560 composer_1.2.2-1+deb9u1_all.deb
845278cc78a84d5b15be30de5c09d433842d7367896033aec7a3effaa002bee2 9661 composer_1.2.2-1+deb9u1_amd64.buildinfo
Files:
6bcbfc515047107728fd3869cc1de48c 2459 php optional composer_1.2.2-1+deb9u1.dsc
2cdaba60950b7e5fe8061f2585dbe6f6 1070446 php optional composer_1.2.2.orig.tar.gz
489451630d6f35f1b784dafcf9021040 10324 php optional composer_1.2.2-1+deb9u1.debian.tar.xz
6c2f9ff251665f6694601a4b17b1a36d 304560 php optional composer_1.2.2-1+deb9u1_all.deb
307d3269a8cdf342773f6d0aa807fbf5 9661 php optional composer_1.2.2-1+deb9u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJHBAEBCAAxFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmCayd4THHV0a2Fyc2hA
ZGViaWFuLm9yZwAKCRCCPpZ2BsNLltWjD/9AngcnzI4JnzXAJdrE3mBIVAnHx6+Q
20pEPMUmWCe3c1VycmnCzXupascVKcNYDzfZJyJtfkuj179dKBhBk3KAFU3fr5UH
U5GnJvNOIfFiBPkXdN5TnUey6wTh5rvXR1NKZ5UY1fXTzgZ+62qhdnteFvwcgYHE
RBAa8S9MIisaeovFBw807Rd/F3M1DrqZEYR8EWIx67S1ZFAvy9YEX2ZgQ9hvYz6Z
gSotP3nAp09xebS6DvYTRMp33zNiruRC7wiO3oJdyiyvX+XxA4CSomtvHuAo8EdZ
6yFh4RbCsAiD0WE/mPdAso5kN1xq/ZXjR3YMvnsBvVk5qbC6YWTHgzdliw1ACmtb
pCX13FC1tK78yePud+iybcvzXjOyvr2H2XXw5Y07SINJcVIwF3IhGq04LgrqgyPJ
bX5raexpAir3Ns9586IshmX2YoNtHBGRAGiKJ0CBpavasokqeKzNycfOvgG9l9/p
LhyCfQqkfTLyi9wb6mI2pVbeaVbcTLw9SdivmR8ORAPrzCB+xsKlsD5yCckhjtK5
tEEb1ixucAeYXfmkm3Plnf/ja3OaWvNKAxhEPYFB6L3hhuvBdNW8bN+FWSCwdWme
pQpzdo2vI3SKddBLwA8oQBjE8jfZ2drSbc8NkiA+h5+VeM+dkWyrXOgE1ANdbVGB
Fp/Ak3H2gvkEzg==
=Ugmo
-----END PGP SIGNATURE-----
Reply to: