Control: tags -1 confirmed Hi,
Le Thu, Jun 20, 2024 at 01:59:17PM +0200, Heiko Przybyl a écrit : > Package: composer > Version: 2.0.9-2+deb11u3 > Severity: grave > Justification: renders package unusable > X-Debbugs-Cc: h...@users.noreply.github.com, t...@security.debian.org > > Dear Maintainer, > > yesterday unattended-upgrades installed version 2.0.9-2+deb11u3 composer […] > Simple reproducer: Run composer install on the checkout of the feature-branch > of > https://github.com/htto/debian-oldstable-composer Thanks a lot for the simple PoC, I confirm I can reproduce it on Bullseye (but not Bookworm). It unfortunately wasn’t caught in our reduced CI (dropping some Git related tests because we don’t import the Git repository in the package source). Regards, taffit
signature.asc
Description: PGP signature
