Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 5715-1] composer security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5715-1] composer security update


Chronologisch Thread  
    < Chronologisch >       < Thread >
  • From: Moritz Muehlenhoff <jmm AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 5715-1] composer security update
  • Date: Tue, 18 Jun 2024 21:50:25 +0000
  • List-archive: https://lists.debian.org/msgid-search/ZnIBIZleaCkeelUR AT seger.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From:Date :Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=q1TphXlvOV/8ZPMTKq32I50OAa6h07CIDvZrLXYt830=; b=UN QQIqg66aWA/D6QZEaHGjA8SrKLRFZIe66RsHbSK/xLYKsVqAvYYuciveEX7DYUbLs50Tx2D+T+nOq iaprlysiQyBTb/YWBAvL3++NvH+0SpZzPcy8IK1x1SkO0ODGnRb/ec4IiZbhh0OTORiMdUu8dkoSt /kv0OFv5u4CcFyC19WqyZYEUY6T9BXL5uPxAB0ELANxOKwSf7iicvLnl1RQnP9rKY60zY62JDMnMp sOZkSnyMA/Buow1VivwvEEgPyAxqcJY4uigV04+iAO4XspHI3nvj8zDjVh2OvQQ/G/5coOF3DusEJ V1jxPr5YvgALMFFZXME9Jj1VPU2dFxRQ==;
  • Old-return-path: <jmm AT seger.debian.org>
  • Priority: urgent
  • Resent-date: Tue, 18 Jun 2024 21:50:45 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <yZm6Rm1Wg4G.A.NfFF.0EgcmB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5715-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
June 18, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : composer
CVE ID : CVE-2024-35241 CVE-2024-35242

Two vulnerabilities have been discovered in Composer, a dependency
manager for PHP, which could result in arbitrary command execution by
operating on malicious git/hg repositories.

For the oldstable distribution (bullseye), these problems have been fixed
in version 2.0.9-2+deb11u3.

For the stable distribution (bookworm), these problems have been fixed in
version 2.5.5-1+deb12u2.

We recommend that you upgrade your composer packages.

For the detailed security status of composer please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/composer

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmZyAQwACgkQEMKTtsN8
TjYxTw//by7RwssfrKcrNXWHLSJjcCJLtIUfDCzp31pxo9z1uc2viR1QYgfGgIB6
yuUtjY0j8KDVBnvlpo8CTlt9Z5auzgQ0poGzshgKlvFcMwhzt7wQJtoF/mlO1dlA
BUcUyZvv8YLyKA4oYfRIN9bLSsldTb6gSV1bBTVLZeCggWb69HsFHrDxGmpKbcX4
3a+QL+qkScNu6wm7AdEG6RHDwJTJuFh72RjsONrg172i/6zL8wVqbGEg1HRYiFCC
TYTniZsTi1eqQRSNzqIrq61Z/PFHhE7IS7DpNLF+8nVdTFAolou89/VTJSXO/nQC
KR0MN/xHlctKY7wDj4lM3IrqNY0RoG1s4V/EiUz9fzdBitFvozPXgf45h45ETfv7
7NVw8quKrIQGKUNRtRBoemqHJ3J6ZpmGHyR5MRBjLdlZqnY0LtIq5dbj/AZJE48t
waKbP8KsV6Yt7CtXe/c6zbqlRjZsV4p+4qOQtDuSqO751k3gWSLMtgogT4cmKLRu
hhobe/zInQIsiUKcAmYiUcTjv2BXnSz2XYNfBn4Sd4/J2Bn+vMRMlLPOj7U3ZOIz
Zr5gWnSoJrUQEj68icbYHLG2jVGxLpZ+N3YlGEd+V+5N5sklR6Ggy5RjgPCB7at2
84WtvfU0EggKpgWhjoDx273K/EIVEAaEpvIUe3mhle1Tj3cdeYo=
=oulZ
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 5715-1] composer security update, Moritz Muehlenhoff, 18.06.2024

Archiv bereitgestellt durch MHonArc 2.6.19+.

Seitenanfang