Bug#1098872: bookworm-pu: package php-nesbot-carbon/2.65.0-1+deb12u1
Control: tags -1 - moreinfo
Hi,
On Tue, Feb 25, 2025 at 01:35:09PM +0200, Adrian Bunk wrote:
> Package: release.debian.org
> Severity: normal
> Tags: bookworm moreinfo
> User: release.debian.org@packages.debian.org
> Usertags: pu
> X-Debbugs-Cc: security@debian.org, Debian PHP PEAR Maintainers <pkg-php-pear@lists.alioth.debian.org>
>
> * CVE-2025-22145: Arbitrary file include in Carbon::setLocale
>
> Tagged moreinfo, as question to the security team whether they want
> this in -pu or as DSA.
This IMHO does not really warrant a DSA. I have marked it accordingly
in the security-tracker for bookworm.
Regards,
Salvatore
Reply to: