Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 5632-1] composer security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5632-1] composer security update


Chronologisch Thread  
    < Chronologisch >       < Thread >
  • From: Sebastien Delafond <seb AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 5632-1] composer security update
  • Date: Fri, 15 Mar 2024 09:05:24 +0000
  • List-archive: https://lists.debian.org/msgid-search/E1rl3VE-00AsnM-EL AT seger.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Date:Message-Id:Subject:To:From:Reply-To:Cc:MIME-Version: Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=gHXDwWHP6lOWDXTtLi5aYCH6nyWuAn0I66/E3jiAmWM=; b=tk CCacRKYMJsW4OkTvn24r2uF2lba4i0nTaJFjbr0E0tDFrEVHxQBDODJd9mQfEYIBWlA2TK2SSOc/k Adhd9PJXfXzkHxogTgiT0gSoCwe20cxswugrwD/g52msrtBL5uTrBPjQFTwdDBVVF2kWXIjUhRo4h uvkGNwOug6Tek54Zz5U+/xhp6vkaHTp/zwgSvLYauR6qrIu3mSltcVn9v+9ybh6+iwJMBuE21Nwep CQjkvlC41YkQUVRi/eiSU+3/ZQ00tm9l2SYhQLXAtp+xQag12hmRjZ9U4aOcGZtJdYOQKSG6V7WNA v8PrVJNf4LZcUknYnVO2KGzss0Tw+/kQ==;
  • Old-return-path: <seb AT seger.debian.org>
  • Priority: urgent
  • Resent-date: Fri, 15 Mar 2024 09:05:51 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <JEjsqqyx85I.A.NyG.v9A9lB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5632-1 security AT debian.org
https://www.debian.org/security/ Sebastien Delafond
February 26, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : composer
CVE ID : CVE-2024-24821
Debian Bug : 1063603

It was discovered that composer, a dependency manager for the PHP
language, processed files in the local working directory. This could
lead to local privilege escalation or malicious code execution. Due to
a technical issue this email was not sent on 2024-02-26 like it should
have.

For the oldstable distribution (bullseye), this problem has been fixed
in version 2.0.9-2+deb11u2.

For the stable distribution (bookworm), this problem has been fixed in
version 2.5.5-1+deb12u1.

We recommend that you upgrade your composer packages.

For the detailed security status of composer please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/composer

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAmX0DyUACgkQEL6Jg/PV
nWSBoggAmRdaBN8p7agJH0S2fvEJWuF+gFAAY4112EeOzbHwk/Bm6EuTY9VcGTtj
HlW8X3t/H1+NW5xejcm1gEaXIE2HHIc1KTaG3ui/kKC2T3ybx0cmnqYWu/TJWmw+
nbaneBK74PkXukzFvjuYaOy7a6EgnpNcMhc0b2tc/IqIUOYiePKbg4lio8u6q5rP
5uFIJydeqI0IXja6H4N0ub/zOAn6I6C3ToKMa0WnfllmrMaj/JnBbgam3VrT06n6
3NoW6xZepdMDP3QofOVWWP5HshF/0CH1BGEcKS6AtAaIgARalFMgbP6SU8NDsgNF
Q3UCiuR+sTjZc2YA0muIpmBGSPVyAw==
=y4my
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 5632-1] composer security update, Sebastien Delafond, 15.03.2024

Archiv bereitgestellt durch MHonArc 2.6.19+.

Seitenanfang