-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ----------------------------------------------------------------------- Debian LTS Advisory DLA-2654-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Utkarsh Gupta May 12, 2021 https://wiki.debian.org/LTS - -----------------------------------------------------------------------
Package : composer Version : 1.2.2-1+deb9u1 CVE ID : CVE-2021-29472 It was discovered that composer, a dependency manager for PHP, did not properly sanitize Mercurial URLs, which could lead to arbitrary code execution. For Debian 9 stretch, this problem has been fixed in version 1.2.2-1+deb9u1. We recommend that you upgrade your composer packages. For the detailed security status of composer please refer to its security tracker page at: https://security-tracker.debian.org/tracker/composer Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmCa6WYACgkQgj6WdgbD S5aaqRAAhnvOvYG+r0W/Rf2S3x0uQaixIrXSFKQ5E2/9xW+Uu4hApG1aoMX6OdmS k25hzVS7ZyyRKjqUvgzS11GxzrSGdrrLj95fzlVA1lwq0ulJ8QdA3XIZ3XkqPNk+ nRQmY99FtqPV44TAIT55mcjHNpgVz4fFNqj4/KZzsvWYxsF7Nvm0T0TvU7soW6bQ ay25cBHjUsiHd34tliBgkwDFmcLv6mL1yW9axKYNKcXn/6SAN163Ftoe0Q8P1c98 JmmAnmc+NmRjQB4jHEkajzjb/yFLIWIA35i8FAZiAcJyu5vQdVzCpt1kovOlcmXM EZJt2jjLtEqpXhI1pC6OrD24zaDMnppB7Up7tYigfA44IV45s9dhB+VppEPop6ik 0sRENxYFOvtE0azAwJxeR2TKaMxOmfmdTVbVdZhCpwh+eiYEoUPxsgNr4FkEdeOa TgVJZp/XQJR9D1NYG+K25WAuXlCDzlgjg6E2n+z7rVxHJDZcYbR1BqfNPCqXsWms faVImZDGzfR19j7KaD6GrcUDms3EdcGlr8zFN9KYjNB9fjNpzebMT7QTqwULnwDP PAupG6tPQByx2I42VI1AKA9+E7vdCCywZ0z21ci15yQG0fFBkxCbnJdm5dYSXH94 4YwPFHSZBxyTQeg70Dn6SmtXfPsJLhT82dIsjjfcN7+Mrrc/7lw= =i2YQ -----END PGP SIGNATURE-----
