Bug#1011636: guzzle: [CVE-2022-29248] Cross-domain cookie leakage
Hi Katharina, Le 09/06/2022 à 09:18, Katharina Drexel a écrit : https://salsa.debian.org/php-team/pear/php-guzzlehttp-guzzle . Problably someone with the corresponding permissions should upload the package to the Debian archive. Sure. Did you forget to push the pristine-tar branch, and your tags? It’s difficult to get the differences with the previous version (7.4.1-1) as is. d/changelog should close this bug by the way (I didn’t look further yet). Did you find our recent [documentation]? documentation: https://wiki.debian.org/Teams/DebianPHPGroup/Composer We may continue on the Debian PHP PEAR (and Composer) Maintainers list if you wish. Regards David
Bug#1011636: guzzle: [CVE-2022-29248] Cross-domain cookie leakage
Hello David, Thanks for the link. I uploaded a newer version to https://salsa.debian.org/php-team/pear/php-guzzlehttp-guzzle . Problably someone with the corresponding permissions should upload the package to the Debian archive. Regards Katharina > Guzzle 7.5.0 (and 7.4.3) has just been released fixing a > cross-domain cookie leakage. > > More information: > > https://github.com/guzzle/guzzle/security/advisories/GHSA-cwmx-hcrq-mhc3 signature.asc Description: PGP signature
Bug#1011636: guzzle: [CVE-2022-29248] Cross-domain cookie leakage
Package: php-guzzlehttp-guzzle Version: 7.4.1-1 Severity: serious Tags: upstream security X-Debbugs-Cc: Debian Security Team Guzzle 7.5.0 (and 7.4.3) has just been released fixing a cross-domain cookie leakage. More information: https://github.com/guzzle/guzzle/security/advisories/GHSA-cwmx-hcrq-mhc3 Regards David P.-S. Please, consider maintaining this package within the Debian PHP PEAR (and Composer) Maintainers team. FYI, I just started documenting our usual workflom. https://wiki.debian.org/Teams/DebianPHPGroup/Composer signature.asc Description: PGP signature
