-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 14 Jun 2024 08:01:19 +0200 Source: composer Architecture: source Version: 2.5.5-1+deb12u2 Distribution: bookworm-security Urgency: medium Maintainer: Debian PHP PEAR Maintainers Changed-By: David Prévot Closes: 1073125 1073126 Changes: composer (2.5.5-1+deb12u2) bookworm-security; urgency=medium . * Include security fixes from 2.7.7: - Multiple command injections via malicious git/hg branch names (GHSA-v9qv-c7wm-wgmf) [CVE-2024-35242] (Closes: #1073126) - Command injection via malicious git branch name (GHSA-47f6-5gq3-vx9c) [CVE-2024-35241] (Closes: #1073125) Checksums-Sha1: 304cf6eca620fbf34ce802cc09a3f27490feeadd 2391 composer_2.5.5-1+deb12u2.dsc 54503e38a0659af490a8a791d30580c5521e03bc 20152 composer_2.5.5-1+deb12u2.debian.tar.xz 86356bbc66f52aefdf4f1552a0c8c59e063ee307 9467 composer_2.5.5-1+deb12u2_amd64.buildinfo Checksums-Sha256: b11887416eea5f358eaf2ec8875eb83d984dd4d65f747af621c89d4d7bc4377c 2391 composer_2.5.5-1+deb12u2.dsc 2cb597ed19127e1c1ed35de749f282f68a2ab228ddd9155f5a0ecb95f06ce96b 20152 composer_2.5.5-1+deb12u2.debian.tar.xz 7be89f57557f8fb4828c2f668b04e83e4fd1904343d0b6bbe698ca7d91fab3d0 9467 composer_2.5.5-1+deb12u2_amd64.buildinfo Files: add278e1bb46637b6c70a7b310b45f0e 2391 php optional composer_2.5.5-1+deb12u2.dsc dddb4e340e9235718071b7641d948407 20152 php optional composer_2.5.5-1+deb12u2.debian.tar.xz 525368e7ff656c7ca691192b6857843e 9467 php optional composer_2.5.5-1+deb12u2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQFGBAEBCAAwFiEEeHVNB7wJXHRI941mBYwc+UT2vTwFAmZwH3ISHHRhZmZpdEBk ZWJpYW4ub3JnAAoJEAWMHPlE9r08SGUH/2JC5oOPBBhN7OTtXeiiT4jTix02EvoC cTijWdwH+30vKLMkZoSAMX7TLEuvlwuSoZCP7OKxFwLe89zwmvlA1aeXv013Azzj eRHf6MmMb641DzpuDYcjBM1zD11V/xMgPkzVVubgQgxSHlcFKToBr9EDeay/B/rC dBnvQ6gy+pC0RtppQT9UD+BLiVph7w7RzyvpEXqq69zQZeN40WZAtcEmRwh3logy 4sCVkM7AY2J3RqZ8JhNRjwbauPaE7vOG4xmdfckcDv0tOvzjLOQev3VAtYGMLCwS fj1AQu8CH+yIcMpIEAgpQqzvaqwedh6Wv9SZAs6OzP5mOC5rUd7aECI= =0bkr -----END PGP SIGNATURE-----