Bug#1128481: marked as done (php-zumba-json-serializer: CVE-2026-27206)

Mon, 02 Mar 2026 15:23:20 -0800 

Your message dated Mon, 02 Mar 2026 23:20:13 +0000
with message-id <[email protected]>
and subject line Bug#1128481: fixed in php-zumba-json-serializer 3.2.4-1
has caused the Debian Bug report #1128481,
regarding php-zumba-json-serializer: CVE-2026-27206
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1128481: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128481
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: php-zumba-json-serializer
Version: 3.2.2-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>

Hi,

The following vulnerability was published for php-zumba-json-serializer.

CVE-2026-27206[0]:
| Potential PHP Object Injection via Unrestricted @type in
| unserialize()

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2026-27206
    https://www.cve.org/CVERecord?id=CVE-2026-27206
[1] 
https://github.com/zumba/json-serializer/security/advisories/GHSA-v7m3-fpcr-h7m2
[2] 
https://github.com/zumba/json-serializer/commit/bf26227879adefce75eb9651040d8982be97b881

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: php-zumba-json-serializer
Source-Version: 3.2.4-1
Done: William Desportes <[email protected]>

We believe that the bug you reported is fixed in the latest version of
php-zumba-json-serializer, which is due to be installed in the Debian FTP 
archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
William Desportes <[email protected]> (supplier of updated 
php-zumba-json-serializer package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 02 Mar 2026 16:01:59 +0100
Source: php-zumba-json-serializer
Architecture: source
Version: 3.2.4-1
Distribution: unstable
Urgency: medium
Maintainer: William Desportes <[email protected]>
Changed-By: William Desportes <[email protected]>
Closes: 1128481
Changes:
 php-zumba-json-serializer (3.2.4-1) unstable; urgency=medium
 .
   * New upstream version 3.2.4 (Closes: #1128481, CVE-2026-27206)
   * Remove now default Priority: optional
   * Remove now default Rules-Requires-Root: no
   * Bump Standards-Version to 4.7.3
   * Migrate d/watch to version 5
   * Add Security-Contact to d/u/metadata
Checksums-Sha1:
 20e3e279e2ef3469b5115231522bdeb0c0018df5 1606 
php-zumba-json-serializer_3.2.4-1.dsc
 18f7bd714852abcfd3ffd7e970d483109aa6edba 15856 
php-zumba-json-serializer_3.2.4.orig.tar.xz
 ce8fd8020ce66ad2b4fba0a07e8ed75931dc551c 2948 
php-zumba-json-serializer_3.2.4-1.debian.tar.xz
 78d9b615e93bc5645fcf73f77653d34c667d9689 11138 
php-zumba-json-serializer_3.2.4-1_source.buildinfo
Checksums-Sha256:
 11d3f4a2a7b67b562a0714a8076017f57672153f511a8f719fa4a3b5f1f2944a 1606 
php-zumba-json-serializer_3.2.4-1.dsc
 d329368caead3ff295ff6b1059e3f646600b627a64ae085e4fdaf14bfdd182b0 15856 
php-zumba-json-serializer_3.2.4.orig.tar.xz
 089aca9117724899415faab0f4f2c1b5a3374480298da507325258ce09d1f5cd 2948 
php-zumba-json-serializer_3.2.4-1.debian.tar.xz
 09c75f218a0398d10b0515a4ba335e80b98697a874fba3710e25992796aaf744 11138 
php-zumba-json-serializer_3.2.4-1_source.buildinfo
Files:
 77f87733bb3d3265a2efd8f8a1e07d7f 1606 php optional 
php-zumba-json-serializer_3.2.4-1.dsc
 d8ac1f2079f194fd0d5e052ab584fcd1 15856 php optional 
php-zumba-json-serializer_3.2.4.orig.tar.xz
 75b108f8b2f38020e91e359c0800988b 2948 php optional 
php-zumba-json-serializer_3.2.4-1.debian.tar.xz
 7587f33824c3b2915506e68abd0d78f4 11138 php optional 
php-zumba-json-serializer_3.2.4-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQTUOpr7jDz/A89V91JwaE9HF9SaMQUCaaYXaAAKCRBwaE9HF9Sa
MT+aAP9jQ8AznOccQ7AHD6aitODnHs+7i/wQ2rdyT0PQQBrujQEA52jobzl5tPFM
Tps3nGozyUDxMQgkBcmyg26Rcsvo4Q4=
=AygQ
-----END PGP SIGNATURE-----

Attachment: pgprGUULcrDhx.pgp
Description: PGP signature


--- End Message ---

Reply via email to