-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 14 Jun 2024 08:01:19 +0200 Source: composer Binary: composer Architecture: all Version: 2.5.5-1+deb12u2 Distribution: bookworm-security Urgency: medium Maintainer: all Build Daemon (x86-csail-02) Changed-By: David Prévot Description: composer - dependency manager for PHP Closes: 1073125 1073126 Changes: composer (2.5.5-1+deb12u2) bookworm-security; urgency=medium . * Include security fixes from 2.7.7: - Multiple command injections via malicious git/hg branch names (GHSA-v9qv-c7wm-wgmf) [CVE-2024-35242] (Closes: #1073126) - Command injection via malicious git branch name (GHSA-47f6-5gq3-vx9c) [CVE-2024-35241] (Closes: #1073125) Checksums-Sha1: f58e128caff9318d1275dde61d93e619a2698e4e 9899 composer_2.5.5-1+deb12u2_all-buildd.buildinfo 666b19dbd51584a1df1cfa119c76a4132dcb8208 492352 composer_2.5.5-1+deb12u2_all.deb Checksums-Sha256: 56cb47343058cf59bd6fb44f7de2fc94347edc54c916f895446dbae8488cb6dd 9899 composer_2.5.5-1+deb12u2_all-buildd.buildinfo ed5665825da4a31542649c10d905012949bcbb02fe3c53a07706c3c04233dc16 492352 composer_2.5.5-1+deb12u2_all.deb Files: abab80e1df7f06fa1b0c651ebefba297 9899 php optional composer_2.5.5-1+deb12u2_all-buildd.buildinfo 5193b19cb93bd8cf5cd09743fcb9e60f 492352 php optional composer_2.5.5-1+deb12u2_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEzcbx6nIE/ydHa1FFigL77i1GSVkFAmZwJZQACgkQigL77i1G SVm/TRAAilvN8qFX1lSCCD/gZ01uwj6s9ax3nT7Eva7KN1twCw1Iw5x98jh2gR3D B1EdkBFh/AMsSkVSgER86r5GT/RfmVNfNhp5DDp4rNUbsZdPd9t7u8WhS8A7Pdhb ynjIs+hWs4o10bOjNAXrPiyqQJEuOuWjFxBbyqPQIia7+ss1atVypRP0cC3UHPMj EtLmtRCd+S5KAqAnPDcJB0mEtqcrUraJ/ro1M7jOl+iAIaV0QHkLg0fU8qWXmX8G qHK+yk6yszdIupQO9jueuFggRYF/Ka3bj2HM/2zKxIp0lOv8UtNp2lcfAtVbjFNM /p7sQx+meS3uVHU1g5S6Yi6Q5NgMLRd7yxFWx8txAs0Qs0YYFZP2hb6AttavWRBY 3F7/KJfAAzWcKZCooVeAYpwwj8kB76FRuEgmiaS7eLaXTBD3fqijESP9D0YHts7z +lWG+ofucUl88rqZHTRYwUI/xWQWmWaFCzAstkmRcB1f8e0ysb/4lr+3UOKUfrXs DFgo6+m3Bg/0JMzkF94ufEKyIdX/wEEIam1nU6ILGnYOC5aNjuby97W/4uiUg4na kLyLJN2oI+/NBfjB+KmLk+GSIAF+dh0ydgYHcS0wUo1ke58gf6d5Y3Q2aJrTcLsP JtE6c3ekNhkBUXDf7rFo9nJJbaiX6IA6fqALWI4zryvwh4T5am0= =aSR/ -----END PGP SIGNATURE-----