-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4378-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso January 30, 2019 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : php-pear CVE ID : CVE-2018-1000888 Debian Bug : 919147 Fariskhi Vidyan discovered that the PEAR Archive_Tar package for handling tar files in PHP is prone to a PHP object injection vulnerability, potentially allowing a remote attacker to execute arbitrary code. For the stable distribution (stretch), this problem has been fixed in version 1:1.10.1+submodules+notgz-9+deb9u1. We recommend that you upgrade your php-pear packages. For the detailed security status of php-pear please refer to its security tracker page at: https://security-tracker.debian.org/tracker/php-pear Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlxRxlRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0SLYQ//c4cCTBaPrJpEqyQxbR6F860XakSy4wIV+rcarH8e50wPTGfR9xU6x8jI PxvjkEP+HsaHNhMHnfnK6Y48P1In5M9UaLMVLKAqmIZAYnBrlxmwgaA3oQMscSe2 R1hJzuZ6arnYJP6fSAu+fBs4zY6MmLsoStcKx4pTM+dYwcFSanzmQlN8EhPFE9fP YtvzSaBeKEJU7JZ7psMSK3/Zxi7WNyAjhwJPh+y3C0JNY5hyCBtr9UhJjXt2utSu txG0wfXyhdArwOcSRHGtyA0cKLZBYs/tp588tYQ1bhA9WZqrkON2MqrPlxYLOsRj lu3DWW4AMijXfvjDd8VUd0mfwJrgsANf1WktTx3Iycmhad2TrwDfyab2zuutBL1b U96qpklflYuXiGVHsZE9eH+HilkKPTnEseePKpxePM6XBMhQjCaAEjXZTwxEKfOU aXMZq3woLVs4dIcu+IwIqHQDtyxIefkUVpsJ7VLc/KPO8V3PsnWQaX76raoQ/EpM tdxCLoDyHkdIHznKdMSn2sGBDpD6KxNIXWf/K2GRr9V3wN76cqjcBa6zIxBte9k+ 4MYaxfCq+u/BIecGSMPAVrHMVvsqO+b/f6Jrr8Dp4a8fr5uGAujDn9dPnXJ0aO1+ yKPr77CtBdpV8iMM7L4dr83E+Ci+KS+4gU9ctT8JpZo/u1qmqlk= =sDXt -----END PGP SIGNATURE-----