Bug#980428: marked as done (Disallow symlinks to out-of-path filenames (CVE-2020-36193))

Fri, 12 Feb 2021 02:39:19 -0800 

Your message dated Fri, 12 Feb 2021 10:34:57 +0000
with message-id <e1lavmr-000hsz...@fasolo.debian.org>
and subject line Bug#980428: fixed in php-pear 
1:1.10.12+submodules+notgz+20210212-1
has caused the Debian Bug report #980428,
regarding Disallow symlinks to out-of-path filenames (CVE-2020-36193)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
980428: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980428
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: php-pear
Version: 1:1.10.9+submodules+notgz-1.1
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team <t...@security.debian.org>

Hi,

The latest (1.4.11) Archive_Tar adds a fix related to CVE-2020-28948.

https://github.com/FriendsOfPHP/security-advisories/pull/525

Regards

David

Attachment: signature.asc
Description: PGP signature


--- End Message ---
--- Begin Message --- 
Source: php-pear
Source-Version: 1:1.10.12+submodules+notgz+20210212-1
Done: Ondřej Surý <ond...@debian.org>

We believe that the bug you reported is fixed in the latest version of
php-pear, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 980...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ondřej Surý <ond...@debian.org> (supplier of updated php-pear package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 12 Feb 2021 09:05:38 +0100
Source: php-pear
Architecture: source
Version: 1:1.10.12+submodules+notgz+20210212-1
Distribution: unstable
Urgency: medium
Maintainer: Debian PHP Maintainers <team+pkg-...@tracker.debian.org>
Changed-By: Ondřej Surý <ond...@debian.org>
Closes: 980428
Changes:
 php-pear (1:1.10.12+submodules+notgz+20210212-1) unstable; urgency=medium
 .
   [ Ondřej Surý ]
   * (CVE-2020-36193) Update Archive_Tar to 1.4.12 (Closes: #980428)
   * Remove .gitattributes from submodules as it breaks our build
 .
   [ Mathieu Parent ]
   * Remove all *.tgz files, to ease copyright review
Checksums-Sha1:
 74e29d8dd430a654caf7b8fcc81d925534bc79e8 2290 
php-pear_1.10.12+submodules+notgz+20210212-1.dsc
 95c4533361a01969ef0c30fff2095f55f7595c49 2221198 
php-pear_1.10.12+submodules+notgz+20210212.orig.tar.gz
 7685ad08d09cecdfd5b8d90f4b70a76d09be3ee2 6712 
php-pear_1.10.12+submodules+notgz+20210212-1.debian.tar.xz
 7a7161143b003cd3a939a86b362929c6441b174b 7033 
php-pear_1.10.12+submodules+notgz+20210212-1_amd64.buildinfo
Checksums-Sha256:
 c8b8f81eac6948c30cb182b18f80c0517ee41ff7e3dd8bf745b0431c454376b8 2290 
php-pear_1.10.12+submodules+notgz+20210212-1.dsc
 2887a634d8687f9d2a933a4660d9f8a83abe260c34724060af22299e4c382de4 2221198 
php-pear_1.10.12+submodules+notgz+20210212.orig.tar.gz
 82fdcbb893a59a5afef2bd7bd854aa23da9b885de7357615104c11b959c671f2 6712 
php-pear_1.10.12+submodules+notgz+20210212-1.debian.tar.xz
 4fba433c1ade466d370e2bd34c0220ed900766d8c17ef07c572d17a156df7416 7033 
php-pear_1.10.12+submodules+notgz+20210212-1_amd64.buildinfo
Files:
 d0ee822f5bd08ab1295f6c632505d274 2290 php optional 
php-pear_1.10.12+submodules+notgz+20210212-1.dsc
 4c4b4e72791d3d7d935cc7f3b341f19f 2221198 php optional 
php-pear_1.10.12+submodules+notgz+20210212.orig.tar.gz
 8f5f123b710aab4a092e0a211ebec275 6712 php optional 
php-pear_1.10.12+submodules+notgz+20210212-1.debian.tar.xz
 916b762a15105f0fe394d41f59c41eba 7033 php optional 
php-pear_1.10.12+submodules+notgz+20210212-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEw2Gx4wKVQ+vGJel9g3Kkd++uWcIFAmAmU9tfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEMz
NjFCMUUzMDI5NTQzRUJDNjI1RTk3RDgzNzJBNDc3RUZBRTU5QzIACgkQg3Kkd++u
WcJjYw/8Dd80ldhQFmtkzc9FqNuqk2dDPhB0w7YiQ3HZpzAB60YVketWxDpsPhPw
ZTcwMz/mBqX0nUZ7egLZgpqTpJGPX7geDkhlcrHoITv1Z15wXTycqi3+6hxTXDwN
Y+vGUE46VlDBeblFXWVQmuADk43GINwX78zJbDMATlYoSyqBcKioXmzM2i1cGGc6
ffghhl2IAzmJLsFrTtReU2j0lmdKAYb5fc0zceKPP1KGvFsU+2UgXccwyuu/2Ahf
/8eKh1RdHN3Zm6RAtb+Q+bI4fYOdBMQ9T9xBundIAsjUKY77sT6MseNbFEYcqMQ9
1YGVZZvBEwbaJJ3l75AHWlhtPWyLt7Li5WxmjYlHYbkvbOuS7LHbAddmt4BuYGA4
Xa8xOfGBjJhPRrwUmdbKRvQ7fUkMZtS+FdILG4MTkPYZdW/jNr2X/fO9DNdhm2ns
Zx0Ws8oM7JPAmGYQb5m25i6PUzCjT4naTquoz+uQq2mVfzdw2yY58CipqBUuq0io
VgZKJ7ZpD3gNNaVjKPQNaX7heQ5h7VoDU0sool3gWWeVtjRHYLvLRkCO8kbShApx
wev9TyJElB4yqPAc7o4s6V/Ru38NpqLqFYnPX0wRuYc+25144hnk6sltiOxu9aUc
hOfjiU5E8v1R2PPj9GBzQOHZJ7T8zB1TUrosrd4Tzq6rq0D0muQ=
=JbvM
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to