Univention Bugzilla – Bug 53056
php-pear: Multiple issues (4.4)
Last modified: 2021-04-14 12:06:21 CEST
New Debian php-pear 1:1.10.1+submodules+notgz-9+deb9u3 fixes: This update addresses the following issue: * directory traversal due to inadequate checking of symbolic links (CVE-2020-36193)
--- mirror/ftp/4.4/unmaintained/4.4-7/source/php-pear_1.10.1+submodules+notgz-9+deb9u2.dsc +++ apt/ucs_4.4-0-errata4.4-7/source/php-pear_1.10.1+submodules+notgz-9+deb9u3.dsc @@ -1,3 +1,10 @@ +1:1.10.1+submodules+notgz-9+deb9u3 [Tue, 06 Apr 2021 16:28:36 +0200] Sylvain Beucler <beuc@debian.org>: + + * Non-maintainer upload by the LTS Security Team. + * Backport fix for Archive_Tar test suite + * CVE-2020-36193: Tar.php in Archive_Tar allows write operations with + Directory Traversal due to inadequate checking of symbolic links. + 1:1.10.1+submodules+notgz-9+deb9u2 [Mon, 23 Nov 2020 11:07:45 +0000] Chris Lamb <lamby@debian.org>: * CVE-2020-28948, CVE-2020-28949: Prevent a filename sanitisation issue where <http://piuparts.knut.univention.de/4.4-7/#6937923847948451182>
OK: yaml OK: announce_errata OK: patch OK: piuparts
<https://errata.software-univention.de/#/?erratum=4.4x949>