Your message dated Fri, 23 Apr 2021 19:32:56 +0000 with message-id <e1la1xs-000gog...@fasolo.debian.org> and subject line Bug#980428: fixed in php-pear 1:1.10.6+submodules+notgz-1.1+deb10u2 has caused the Debian Bug report #980428, regarding Disallow symlinks to out-of-path filenames (CVE-2020-36193) to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 980428: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980428 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: php-pear Version: 1:1.10.9+submodules+notgz-1.1 Severity: important Tags: security X-Debbugs-Cc: Debian Security Team <t...@security.debian.org> Hi, The latest (1.4.11) Archive_Tar adds a fix related to CVE-2020-28948. https://github.com/FriendsOfPHP/security-advisories/pull/525 Regards David
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---Source: php-pear Source-Version: 1:1.10.6+submodules+notgz-1.1+deb10u2 Done: Salvatore Bonaccorso <car...@debian.org> We believe that the bug you reported is fixed in the latest version of php-pear, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 980...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated php-pear package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 17 Apr 2021 14:08:59 +0200 Source: php-pear Architecture: source Version: 1:1.10.6+submodules+notgz-1.1+deb10u2 Distribution: buster-security Urgency: high Maintainer: Debian PHP PEAR Maintainers <pkg-php-p...@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 980428 Changes: php-pear (1:1.10.6+submodules+notgz-1.1+deb10u2) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * directory traversal due to inadequate checking of symbolic links (CVE-2020-36193) (Closes: #980428) - Disallow symlinks to out-of-path filenames - Add testcase for relative and in-path symlink - Fix out-of-path check for virtual relative symlink - PHP compat fix Checksums-Sha1: 802f7b83ece0656a194ff71b8142f0de4a6f7dd6 2284 php-pear_1.10.6+submodules+notgz-1.1+deb10u2.dsc 511395dad1e6ce18f5b44b0d78f1ac69ce53bff2 8680 php-pear_1.10.6+submodules+notgz-1.1+deb10u2.debian.tar.xz ace60a2001a310de987c6d09ba4dfff48638c367 6675 php-pear_1.10.6+submodules+notgz-1.1+deb10u2_source.buildinfo Checksums-Sha256: dcc92530a0f52b4df8bbb136bc2e46e560489856fa754a8a765e82ea83d5cf41 2284 php-pear_1.10.6+submodules+notgz-1.1+deb10u2.dsc ad21a14d6ef907bfd710b9535cfb30a95071b3c4d341bf2dc6f21e20af52212a 8680 php-pear_1.10.6+submodules+notgz-1.1+deb10u2.debian.tar.xz 4736544b8aa6e27b1947a0f1b675a817e1fd68e07ecf4633f2f81ded03da5f9b 6675 php-pear_1.10.6+submodules+notgz-1.1+deb10u2_source.buildinfo Files: d019eeebce1af0ced3278452c43c86f0 2284 php optional php-pear_1.10.6+submodules+notgz-1.1+deb10u2.dsc 27d8b2902bd8bdcce0a8235a89e25d1a 8680 php optional php-pear_1.10.6+submodules+notgz-1.1+deb10u2.debian.tar.xz 9fe8fe3f70eed1ee92a359dfe11a1d4f 6675 php optional php-pear_1.10.6+submodules+notgz-1.1+deb10u2_source.buildinfo -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmB7K+pfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89E7FoP/RsAMjfLiG6c6WfZB/2XKLkCMuV0DQ0Z ttQIMraWYX8cVGfs+C6eDcqm+LxZj5rdnCQATMMMfZBwLn6XXsA7gOcADGbqkjC1 dYe3iMGGFhTGB9nmGdAxWlaWr5iOGF9ZHf/j5WgYU6nq4yumKD2XSd2AqtlMox0t oqHcAkw3fP1vikHti81xW6zPiEuSH2Ewei4L69WNqFexB+hlW7ahH+pQGaJTNYPl 7pGMqhBvxm6YsDrLr1/Km9fVIPDeltcg6mXtjlTmekKdqEq3eK+CAQDiSO+CJ24T MZatlTpzU3mQtOJ0k2uBlSVZ4A8o8P4xLA2G2eN96nBebVBekY3n+X6LEHuxAglK 2RjCafGXPqx0U6j6PSA1oGSgsuaPTBTtbW2clxIgUDQ/ruKrhmNl0u6RBOwlFMGy LSYX4RNJlJ3FiYNkk+xLD0b1tDHqlgu/3xMKUN1Saz/ZlXKnaHAx1lO5u1kh+h4I 5xgk8u660dp1FS3JbWZyCpHmDA2ZaYrDKmVDc2+lBNVa/kFkWUvV45OoeS38Y65p i3AdWz1oJ1V1Krswg0qNd/4h+0Lm49kYBxLZj9iVvTMPWuZRrnM8/BwfNzMqYYF8 0dwhYaouOWe/Z2k/PZ+6PHgVvghtlFrhPneTvcByAJGO4+XA7wNBrYMYsibKkzQz svoF6bPoHYpY =sgi3 -----END PGP SIGNATURE-----
--- End Message ---
