Bug#1098872: bookworm-pu: package php-nesbot-carbon/2.65.0-1+deb12u1

To: Adrian Bunk <bunk@debian.org>, 1098872@bugs.debian.org
Subject: Bug#1098872: bookworm-pu: package php-nesbot-carbon/2.65.0-1+deb12u1
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Tue, 25 Feb 2025 20:53:31 +0100
Message-id: <[🔎] Z74fuxy9g79AXS81@eldamar.lan>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 1098872@bugs.debian.org
In-reply-to: <[🔎] 174048330984.1368538.12599851879422562333.reportbug@localhost>
References: <[🔎] 174048330984.1368538.12599851879422562333.reportbug@localhost> <[🔎] 174048330984.1368538.12599851879422562333.reportbug@localhost>

Control: tags -1 - moreinfo

Hi,

On Tue, Feb 25, 2025 at 01:35:09PM +0200, Adrian Bunk wrote:
> Package: release.debian.org
> Severity: normal
> Tags: bookworm moreinfo
> User: release.debian.org@packages.debian.org
> Usertags: pu
> X-Debbugs-Cc: security@debian.org, Debian PHP PEAR Maintainers <pkg-php-pear@lists.alioth.debian.org>
> 
>   * CVE-2025-22145: Arbitrary file include in Carbon::setLocale
> 
> Tagged moreinfo, as question to the security team whether they want
> this in -pu or as DSA.

This IMHO does not really warrant a DSA. I have marked it accordingly
in the security-tracker for bookworm.

Regards,
Salvatore

Reply to:

References:
- Bug#1098872: bookworm-pu: package php-nesbot-carbon/2.65.0-1+deb12u1
  - From: Adrian Bunk <bunk@debian.org>

Prev by Date: Bug#1098901: transition: Qt 6.8.2
Next by Date: Processed: Re: Bug#1098872: bookworm-pu: package php-nesbot-carbon/2.65.0-1+deb12u1
Previous by thread: Bug#1098872: bookworm-pu: package php-nesbot-carbon/2.65.0-1+deb12u1
Next by thread: Processed: Re: Bug#1098872: bookworm-pu: package php-nesbot-carbon/2.65.0-1+deb12u1
Index(es):
- Date
- Thread