[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1098872: bookworm-pu: package php-nesbot-carbon/2.65.0-1+deb12u1



Control: tags -1 - moreinfo

Hi,

On Tue, Feb 25, 2025 at 01:35:09PM +0200, Adrian Bunk wrote:
> Package: release.debian.org
> Severity: normal
> Tags: bookworm moreinfo
> User: release.debian.org@packages.debian.org
> Usertags: pu
> X-Debbugs-Cc: security@debian.org, Debian PHP PEAR Maintainers <pkg-php-pear@lists.alioth.debian.org>
> 
>   * CVE-2025-22145: Arbitrary file include in Carbon::setLocale
> 
> Tagged moreinfo, as question to the security team whether they want
> this in -pu or as DSA.

This IMHO does not really warrant a DSA. I have marked it accordingly
in the security-tracker for bookworm.

Regards,
Salvatore


Reply to: