-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 14 Jun 2024 13:46:22 +0200 Source: composer Architecture: source Version: 2.0.9-2+deb11u3 Distribution: bullseye-security Urgency: medium Maintainer: Debian PHP PEAR Maintainers Changed-By: David Prévot Closes: 1073125 1073126 Changes: composer (2.0.9-2+deb11u3) bullseye-security; urgency=medium . * Include security fixes from 2.7.7 - Multiple command injections via malicious git/hg branch names (GHSA-v9qv-c7wm-wgmf) [CVE-2024-35242] (Closes: #1073126) - Command injection via malicious git branch name (GHSA-47f6-5gq3-vx9c) [CVE-2024-35241] (Closes: #1073125) Checksums-Sha1: 17ba234703d3d01ca4ea79e46a6a6238c1bc21b4 2103 composer_2.0.9-2+deb11u3.dsc 97be85e2cf972b932ba1ac9c7c40b2eb3ea40a49 31024 composer_2.0.9-2+deb11u3.debian.tar.xz 0147cb28c9eb59068543732aa067d5557983a2a2 9586 composer_2.0.9-2+deb11u3_amd64.buildinfo Checksums-Sha256: 25eb7151832b8d66ba431bac76c43bee035d888c705bd87eb3266f547633e865 2103 composer_2.0.9-2+deb11u3.dsc 9b698296975118a00ad7c80ccae6025c4de0b62fdea46a0d7d6e9d67c2ecf416 31024 composer_2.0.9-2+deb11u3.debian.tar.xz 0e6f4c5cd3a571c84220cbd36f4a7560e8bc330d1e1f802fe15544e544ded9d8 9586 composer_2.0.9-2+deb11u3_amd64.buildinfo Files: 2afd26b459e781b0719942725e97c27b 2103 php optional composer_2.0.9-2+deb11u3.dsc 8decf869c99ca9fb1113a0e41464eca9 31024 php optional composer_2.0.9-2+deb11u3.debian.tar.xz 250778ed040f42dac1dd96466bfcdf8d 9586 php optional composer_2.0.9-2+deb11u3_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQFGBAEBCAAwFiEEeHVNB7wJXHRI941mBYwc+UT2vTwFAmZwH3ISHHRhZmZpdEBk ZWJpYW4ub3JnAAoJEAWMHPlE9r08VtwH/046SKe+DhI2Lj7Xtdc0niO888mtDzva VgFo6FfnIfRYIqyMuGNEWXy9w0bFJFBmDU/OCWNlzq09k4gRVtpoXelnxbhko+Fn Abn6eBNu81OzKG/8AvOoDnlC0MKhbAxjLaCp/cVWe683YjRzR6Wg8Zzy+VkBopgJ DJpE7PTOQlJiCuExquFeRLeDOp4Nf3TWb35zfWD+pWjskJUJja4c3nmUkYFBZS9e WQ6Ooyw6JpHv1LnjZHIC3uQNJRl3KdXPXpGGIboVlpVQtbuQSSjoTxizolIDPno0 fLa0ooiYDN6wGBpTryYEKSeaIMNXM7LwIBY1AaxN8ckExeRQKHg6wx4= =Yw/i -----END PGP SIGNATURE-----