Your message dated Tue, 22 Mar 2022 08:34:14 +0000 with message-id <e1nwzy2-0001et...@fasolo.debian.org> and subject line Bug#991541: fixed in php-pear 1:1.10.13+submodules+notgz+2022032201-1 has caused the Debian Bug report #991541, regarding php-pear: CVE-2021-32610: symbolic link path traversal to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 991541: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991541 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: php-pear Version: 1:1.10.12+submodules+notgz+20210212-1 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for php-pear. CVE-2021-32610[0]: | symbolic link path traversal If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-32610 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32610 [1] https://pear.php.net/package/Archive_Tar/download/1.4.14/ [2] https://github.com/pear/Archive_Tar/commit/b5832439b1f37331fb4f87e67fe4f61ca26bf7d4 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: php-pear Source-Version: 1:1.10.13+submodules+notgz+2022032201-1 Done: Ondřej Surý <ond...@debian.org> We believe that the bug you reported is fixed in the latest version of php-pear, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 991...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Ondřej Surý <ond...@debian.org> (supplier of updated php-pear package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 22 Mar 2022 08:38:31 +0100 Source: php-pear Binary: php-pear Architecture: source all Version: 1:1.10.13+submodules+notgz+2022032201-1 Distribution: unstable Urgency: high Maintainer: Debian PHP Maintainers <team+pkg-...@tracker.debian.org> Changed-By: Ondřej Surý <ond...@debian.org> Description: php-pear - Closes: 991541 Changes: php-pear (1:1.10.13+submodules+notgz+2022032201-1) unstable; urgency=high . [ Marco Villegas ] * Update Archive_Tar to 1.4.14 (Closes: #991541) + Properly fix symbolic link path traversal (CVE-2021-32610) . [ Ondřej Surý ] * Update PEAR to 1.10.13 Checksums-Sha1: 42464a726c3b28f0cb53f3d167ac5f4c1a952897 2301 php-pear_1.10.13+submodules+notgz+2022032201-1.dsc eec32b3ee7ee029dec631b3408678d04666c1675 416128 php-pear_1.10.13+submodules+notgz+2022032201.orig.tar.gz f94707d3128df40a51b2721ea5f73e10239c7fea 6784 php-pear_1.10.13+submodules+notgz+2022032201-1.debian.tar.xz 663489c46d27eb52922bdce43580eb9f4d94b60a 289432 php-pear_1.10.13+submodules+notgz+2022032201-1_all.deb d139c6d6b2a87feea17342871299a88957ae8aea 6976 php-pear_1.10.13+submodules+notgz+2022032201-1_amd64.buildinfo Checksums-Sha256: edde6f9749e0d7c55946170626c98a1767bce9d1f15a8e89451487ec30c87c8d 2301 php-pear_1.10.13+submodules+notgz+2022032201-1.dsc 4e33c68a7079430113592f3a38ab4cf412b36469b725664222fffdd29e0ed7cc 416128 php-pear_1.10.13+submodules+notgz+2022032201.orig.tar.gz 3030d9caab042c54ccc9855986e6c58065ad87a1a1dc9c4560215f851ac95619 6784 php-pear_1.10.13+submodules+notgz+2022032201-1.debian.tar.xz 5d93660fbcf4dfdea3f3c5a1d3fb873dca79e87e7fddcfa35cfc8d7cf54b2dd0 289432 php-pear_1.10.13+submodules+notgz+2022032201-1_all.deb 94770c0a9f8c37e0e1acfedf5a6aa4aa2433753a205270db4ffd8dd4b8a1a180 6976 php-pear_1.10.13+submodules+notgz+2022032201-1_amd64.buildinfo Files: d56d65ff3d54b7b44853a86277d8a306 2301 php optional php-pear_1.10.13+submodules+notgz+2022032201-1.dsc 88bdf90f03c03e2ed593668c417c8dd9 416128 php optional php-pear_1.10.13+submodules+notgz+2022032201.orig.tar.gz 15e36b0c3e8bbb0b53b1161b64dde776 6784 php optional php-pear_1.10.13+submodules+notgz+2022032201-1.debian.tar.xz fd9aed173bfa0cabbbaa5276b61bca0e 289432 php optional php-pear_1.10.13+submodules+notgz+2022032201-1_all.deb 1b62e4d87238c21e8dcc1a3001dc2bca 6976 php optional php-pear_1.10.13+submodules+notgz+2022032201-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEw2Gx4wKVQ+vGJel9g3Kkd++uWcIFAmI5fklfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEMz NjFCMUUzMDI5NTQzRUJDNjI1RTk3RDgzNzJBNDc3RUZBRTU5QzIACgkQg3Kkd++u WcJJ+w/9HOJ1rpvMZMQeJkLfLZMndGD2OeVY66wLDYPBFNIyxYo1obm3rD+mIRjP R/2+cfydOyATl8y8lK+qj9pfy+cBIPSUw2fSBUkKO4cJ7T/7A1xe74VRYOgXqSNA rVp/whwtnWkhSxEuxAHKeSdPwXhqozMCODornkTakxyno9ONfNBZDJINMf1X644T 7h27eUcKpTP2DLDWHIhzBApb6Ag62/N0G7EJscIS9tHNfDesYvzufF6qGpUY6O8H Vfqlff46gYQOcvm4YhksgiWPScXGUklHSR95InuKodIlLL6uGINDP93aVvip1bhs VxNtj/tOEcK9LIJpDSZ8zU7hf1Q+mqGF+1SaP2t4fJXdE5Gh+Hmhd/qGoz/zIUKT wK6CTVpX4bgi7/Rw78O32aV2DxOu1l3eMOQVNgtkPgF8m8A3ypR/e8ligZz2LVuY vRcoeNG6OegDEMQdyvVkcFNXYyc663mRkkM6lbF9wXnpEf4aLHNUOnuuynGKHWkU kqGj4T2vDIiD017lFROSbn8QwVDOaP/6Q9xPpVAF4LB7/6/Q519E9HgTh3s81VEo D+RF9utgb2lnhynLiCx7R2FRXtV0ttF+iaKPzptbsRYj/yflZTZnwRaSYRBNniK9 DRu/0O3GjQCNdchoFWOZhkt4fyUW9pRhHCdED857oJFh9EF6K5g= =wmV9 -----END PGP SIGNATURE-----
--- End Message ---
