Ack, it's in my queue for tomorrow now. Thanks for poking. Ondrej
On Sat, 6 Feb 2021 at 22:51, Salvatore Bonaccorso <car...@debian.org> wrote: > Control: severity -1 serous > > Hi PHP maintainers, > > On Mon, Jan 18, 2021 at 08:03:42PM -0400, David Prévot wrote: > > Package: php-pear > > Version: 1:1.10.9+submodules+notgz-1.1 > > Severity: important > > Tags: security > > X-Debbugs-Cc: Debian Security Team <t...@security.debian.org> > > > > Hi, > > > > The latest (1.4.11) Archive_Tar adds a fix related to CVE-2020-28948. > > > > https://github.com/FriendsOfPHP/security-advisories/pull/525 > > This should ideally be fixed before the bullseye release, so raising > the severity to RC. > > Regards, > Salvatore > >
