Accepted composer 2.5.5-1+deb12u4 (source) into oldstable-proposed-updates

Debian FTP Masters Mon, 04 May 2026 02:33:15 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 15 Apr 2026 12:33:06 +0200
Source: composer
Architecture: source
Version: 2.5.5-1+deb12u4
Distribution: bookworm
Urgency: medium
Maintainer: Debian PHP PEAR Maintainers <[email protected]>
Changed-By: David Prévot <[email protected]>
Changes:
 composer (2.5.5-1+deb12u4) bookworm; urgency=medium
 .
   * Fix command injection via malicious Perforce source reference/url
     [CVE-2026-40261]
   * Fix ommand injection via malicious Perforce repository definition
     [CVE-2026-40176]
   * Fix remote Code Execution via web-accessible composer.phar
     [CVE-2023-43655]
Checksums-Sha1:
 850719837677af2463a4b37ba367d9c0dbdd5277 2391 composer_2.5.5-1+deb12u4.dsc
 5fd92907014f33ddf3be657114149480b9b329eb 23424 
composer_2.5.5-1+deb12u4.debian.tar.xz
 f7a681d3255ce96931e5f3b7a6bf8d80a416a8d8 10275 
composer_2.5.5-1+deb12u4_amd64.buildinfo
Checksums-Sha256:
 a3771087fd25596915128d9e8c5eb97a51863d7cf9398ba80e4b43c1f1be2cb5 2391 
composer_2.5.5-1+deb12u4.dsc
 2b7c3a1f867bc40161e5ca2b8c58df10eaf5e40f2d11febacd3729dd09961ddf 23424 
composer_2.5.5-1+deb12u4.debian.tar.xz
 b921aa898eab48904e253eb1ec878804cceec7dcc652342df8eb4e0b49ce017a 10275 
composer_2.5.5-1+deb12u4_amd64.buildinfo
Files:
 c7709fa2466587c0903d6e6fcd18592e 2391 php optional composer_2.5.5-1+deb12u4.dsc
 ca9c7b4d2cf8cadc35e20d40a6dc46cd 23424 php optional 
composer_2.5.5-1+deb12u4.debian.tar.xz
 d03cbc7b4ae803bf244535748175e1d3 10275 php optional 
composer_2.5.5-1+deb12u4_amd64.buildinfo

pgpSA24ZK11Qj.pgp
Description: PGP signature

Accepted composer 2.5.5-1+deb12u4 (source) into oldstable-proposed-updates

Reply via email to