UbuntuUpdates.org

Package "php-pear"

Name: php-pear

Description:

PEAR Base System

Latest version: 1:1.10.9+submodules+notgz-1ubuntu0.20.10.1
Release: groovy (20.10)
Level: updates
Repository: main
Homepage: https://pear.php.net/package/PEAR

Links


Download "php-pear"


Other versions of "php-pear" in Groovy

Repository Area Version
base main 1:1.10.9+submodules+notgz-1
security main 1:1.10.9+submodules+notgz-1ubuntu0.20.10.1

Changelog

Version: 1:1.10.9+submodules+notgz-1ubuntu0.20.10.1 2020-12-01 15:07:22 UTC

  php-pear (1:1.10.9+submodules+notgz-1ubuntu0.20.10.1) groovy-security; urgency=medium

  * SECURITY UPDATE: unserialization attack in Archive_Tar
    - debian/patches/CVE-2020-2894x.patch: catch additional malicious or
      crafted filenames in submodules/Archive_Tar/Archive/Tar.php.
    - CVE-2020-28948
    - CVE-2020-28949

 -- Marc Deslauriers <email address hidden> Mon, 30 Nov 2020 09:55:16 -0500

CVE-2020-2894 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.4
CVE-2020-28948 Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked.
CVE-2020-28949 Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to o



About   -   Send Feedback to @ubuntu_updates