-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4817-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso December 19, 2020 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : php-pear CVE ID : CVE-2020-28948 CVE-2020-28949 Debian Bug : 976108 Two vulnerabilities were discovered in the PEAR Archive_Tar package for handling tar files in PHP, potentially allowing a remote attacker to execute arbitrary code or overwrite files. For the stable distribution (buster), these problems have been fixed in version 1:1.10.6+submodules+notgz-1.1+deb10u1. We recommend that you upgrade your php-pear packages. For the detailed security status of php-pear please refer to its security tracker page at: https://security-tracker.debian.org/tracker/php-pear Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl/dzudfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TWeg/+KqzmeZZqlpzXqTgBCuHXAqass34G7oCV8SNKmKD+NVawTblm46rgxlLp tlKNSVQjNC7J5KInsCIGlHwuhxQPaPh/e5S5wiUvaaSHJeUtt3+AklotHsgd8mKa /Z38FLaia+7FQcpYlHNgIXYEjXufhH4wmIdAiuUM35BQTGJwAfCjnCgUbOHb7xUA O/Fjx4yWapX4vJWXjZ/IbBLF0omRf5Py9ogcVoQEjIkGyK3Nd5x/jR9Kstkn5O8U aQbd+dnvDk452DnhJtbRey58ewfyk2Hr4zA+Ew0jw1MoYUUmZhbqzcEU/Q2Y0bvA /vEsz7VZidO+YM32K94brHPnwCN3gZ7kT2bNAyK08VExruve8ii6NH5USm5jkqWY u9UOzyMxZ+crsFz2Zf6wGqZU58Muw54Nl/TJuKl2YlUUJkcXPTDiDWoBknzW7hXN zPrpdeZ3RSPiFLPwqmLBNfrO7ay9IZI+sGR8IlT3CJmVp7v724hzkuQbIRqwDTDG mkbb5JGaPFunjv2AvAdfLWjSTT89Ik8V2guxiAvk675dihzjm45RFKnDYblnoeKp zcxwFZ9Yn5Eq5RiKwHqfaOGrrrqcxYTJ5VpWDgCXZ3kmmSrzsH+Jo5MFei3mi/9T 4mfEOsnvLTDe9urMbdM3WljjMlbrqtZbzFi6xh/uq5t+cyFfbOM= =HoVx -----END PGP SIGNATURE-----