Your message dated Tue, 22 Mar 2022 07:33:52 +0000 with message-id <e1nwz1c-0002up...@fasolo.debian.org> and subject line Bug#991541: fixed in php-pear 1:1.10.13+submodules+notgz-1 has caused the Debian Bug report #991541, regarding php-pear: CVE-2021-32610: symbolic link path traversal to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 991541: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991541 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: php-pear Version: 1:1.10.12+submodules+notgz+20210212-1 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for php-pear. CVE-2021-32610[0]: | symbolic link path traversal If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-32610 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32610 [1] https://pear.php.net/package/Archive_Tar/download/1.4.14/ [2] https://github.com/pear/Archive_Tar/commit/b5832439b1f37331fb4f87e67fe4f61ca26bf7d4 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: php-pear Source-Version: 1:1.10.13+submodules+notgz-1 Done: Ondřej Surý <ond...@debian.org> We believe that the bug you reported is fixed in the latest version of php-pear, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 991...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Ondřej Surý <ond...@debian.org> (supplier of updated php-pear package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 22 Mar 2022 08:09:46 +0100 Source: php-pear Architecture: source Version: 1:1.10.13+submodules+notgz-1 Distribution: unstable Urgency: medium Maintainer: Debian PHP Maintainers <team+pkg-...@tracker.debian.org> Changed-By: Ondřej Surý <ond...@debian.org> Closes: 991541 Changes: php-pear (1:1.10.13+submodules+notgz-1) unstable; urgency=medium . [ Marco Villegas ] * Update Archive_Tar to 1.4.14 (Closes: #991541) + Properly fix symbolic link path traversal (CVE-2021-32610) . [ Ondřej Surý ] * Update PEAR to 1.10.13 Checksums-Sha1: 8587f848d53a864845bb2d58f916716d454e1fdb 2224 php-pear_1.10.13+submodules+notgz-1.dsc f25f8eebd9fc3098f8ca053c325cfd09116b8ea8 416717 php-pear_1.10.13+submodules+notgz.orig.tar.gz 8495230f479b1668f20aad35682b24d775059d29 6776 php-pear_1.10.13+submodules+notgz-1.debian.tar.xz 59282b216af65ecba4691fe2e7f73280a0ad7805 6888 php-pear_1.10.13+submodules+notgz-1_amd64.buildinfo Checksums-Sha256: 703e08224421d3c901bd3d5455f0ba03acd73bd720404333bdf2f94e0a5e4db6 2224 php-pear_1.10.13+submodules+notgz-1.dsc bd1ad326187841c1984e88bd05b52c96d2361770770731fff35160117dfb50a6 416717 php-pear_1.10.13+submodules+notgz.orig.tar.gz b3fbf8fc59d561b9108c1d9a01a24f257c5118bf20de55dc466f33bc190efd1c 6776 php-pear_1.10.13+submodules+notgz-1.debian.tar.xz df12620d6f3fcb6d2e2682c2d5e1525f6d9ddd7d43a7256d7cb25f3e0ce1f925 6888 php-pear_1.10.13+submodules+notgz-1_amd64.buildinfo Files: b3ef407488317f3d39968567bc4983b0 2224 php optional php-pear_1.10.13+submodules+notgz-1.dsc c6b2282faf193d6ea8e7f47f55800803 416717 php optional php-pear_1.10.13+submodules+notgz.orig.tar.gz 49c9cb85feb64ec2abb34dcb39c66f75 6776 php optional php-pear_1.10.13+submodules+notgz-1.debian.tar.xz 39b7849aba98e49712e04056148628cf 6888 php optional php-pear_1.10.13+submodules+notgz-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEw2Gx4wKVQ+vGJel9g3Kkd++uWcIFAmI5d6tfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEMz NjFCMUUzMDI5NTQzRUJDNjI1RTk3RDgzNzJBNDc3RUZBRTU5QzIACgkQg3Kkd++u WcJWFBAAl+UFqdvcpOQSg2MPXzLUgZtXvP+K0R0F7SbOnhTIv2Dr1XCdKtQH0v3q sBj56/H5h8VL5Oko+gaEcQUPoTC+QgbIsU53ZP3AC6L2zCUiUpH24dJSZ3uxqF8d WW77lHu67QaR0mlFp/HqC2KqQLt4oV4Eh+w0s+OSdKCu2ezX+5wCW1nN1B/xv1E0 UXQKUHZjvKHHvu/465+Jyzj09fuL6b5HuEbjODHA5NSA8riBHcm6tCJ2/Zl0J1IS CRPgpqXrTy5l7HBhrrC1IWIiwmYET4zzVRSPX+FF2fIUIeqr39zZoJYxeUcZWaVn 104jKOZIjQSrAKOsmiNR8GnmBMb0PSnz6TKaeyfiGdz2odHmE/1IdGgLRTizV5cC MXwWIETk9CHS8jX5ZZlqSC8KrMjPGlt3XkOKULbg1v+6vugRU+xzf7JbPWNQrd/q kV9GyDG5lhSmQ+BBA3BYfGExtm56oOeCyOjWYCcaalXCJGUQvaBc2hpQR1gGCGQm vo1kknebWuptnLvQ5G+d2S2Y+Yc5lS3erlVQHzPHoDWgBYmB8ZsXomX7UjbPjITr 1WXggiZ/DvaVQdDd6kpxfcNxp9QT04yzS/U7H1Zsuuwv1fABaUCNDOueyA0rUkFk zACdrtt4JmFYgdYsKBE9HWA22qoKZJt9iNUUhM/gIdvU2Ib31sk= =UQ5g -----END PGP SIGNATURE-----
--- End Message ---
