php-pear (1:1.10.5+submodules+notgz-1ubuntu1.18.04.4) bionic-security; urgency=medium * SECURITY UPDATE: incorrect symlink extraction - debian/patches/CVE-2021-32610.patch: properly fix symbolic link path traversal in submodules/Archive_Tar/Archive/Tar.php. - CVE-2021-32610 -- Marc Deslauriers Wed, 28 Jul 2021 10:48:51 -0400 php-pear (1:1.10.5+submodules+notgz-1ubuntu1.18.04.3) bionic-security; urgency=medium * SECURITY UPDATE: directory traversal attack in Archive_Tar - debian/patches/CVE-2020-36193-1.patch: disallow symlinks to out-of-path filenames in submodules/Archive_Tar/Archive/Tar.php. - debian/patches/CVE-2020-36193-2.patch: fix out-of-path check for virtual relative symlink in submodules/Archive_Tar/Archive/Tar.php. - debian/patches/CVE-2020-36193-3.patch: PHP compat fix in submodules/Archive_Tar/Archive/Tar.php.. - CVE-2020-36193 -- Marc Deslauriers Thu, 04 Feb 2021 10:38:05 -0500 php-pear (1:1.10.5+submodules+notgz-1ubuntu1.18.04.2) bionic-security; urgency=medium * SECURITY UPDATE: unserialization attack in Archive_Tar - debian/patches/CVE-2020-2894x.patch: catch additional malicious or crafted filenames in submodules/Archive_Tar/Archive/Tar.php. - CVE-2020-28948 - CVE-2020-28949 -- Marc Deslauriers Mon, 30 Nov 2020 10:02:42 -0500 php-pear (1:1.10.5+submodules+notgz-1ubuntu1.18.04.1) bionic-security; urgency=medium * SECURITY UPDATE: unserialization vulnerability in Archive_Tar - debian/patches/CVE-2018-1000888.patch: don't allow filenames to start with phar:// in submodules/Archive_Tar/Archive/Tar.php. - CVE-2018-1000888 -- Marc Deslauriers Fri, 11 Jan 2019 13:23:21 -0500 php-pear (1:1.10.5+submodules+notgz-1ubuntu1) bionic; urgency=medium * debian/patches/php72_count_of_notcountable.patch: PHP7.2 warns when count() is called on non-Countable. -- Nishanth Aravamudan Wed, 14 Feb 2018 10:22:41 -0800 php-pear (1:1.10.5+submodules+notgz-1) unstable; urgency=medium * Update PEAR to 1.10.5 * Update Archive_Tar to 1.4.3 * Update XML_Util to 1.4.3 -- Ondřej Surý Thu, 10 Aug 2017 23:19:49 +0200 php-pear (1:1.10.4+submodules+notgz-1) experimental; urgency=medium * Update PEAR to 1.10.4 * Rebase patches on top of 1.10.4+submodules+notgz * Update submodules to latest PEAR packaged versions: bdd47347df76dbaa89227c5e1afd6f6809985b4c submodules/Archive_Tar (1.4.2) 82f05cd1aa3edf34e19aa7c8ca312ce13a6a577f submodules/Console_Getopt (v1.4.1) 608fdc835a62fb238e61bd1cf0aaf6c7a4420b5c submodules/Structures_Graph (v1.1.1) 0ee5f1d88573a935daf68d795048165b3491b5ff submodules/XML_Util (v1.4.2) -- Ondřej Surý Tue, 30 May 2017 16:18:19 +0200 php-pear (1:1.10.1+submodules+notgz-9) unstable; urgency=medium * Fix Vcs-* fields (was pointing to pkg-php-tools) * Standards-Version: 3.9.8, no change -- Mathieu Parent Wed, 25 Jan 2017 07:48:36 +0100 php-pear (1:1.10.1+submodules+notgz-8) unstable; urgency=medium * Remove /usr/share/php/{.depdb,.filemap} - As they would be outdated. - This also fixes the last remaining FTBR -- Mathieu Parent Sun, 24 Apr 2016 00:54:49 +0200 php-pear (1:1.10.1+submodules+notgz-7) unstable; urgency=medium * Makes the build reproducible by fixing _lastmodified to be an int -- Mathieu Parent Wed, 20 Apr 2016 06:47:23 +0200 php-pear (1:1.10.1+submodules+notgz-6) unstable; urgency=medium * Add mv_conffile to move existing /etc/pear.conf to /etc/pear/pear.conf -- Ondřej Surý Tue, 22 Mar 2016 09:48:02 +0100 php-pear (1:1.10.1+submodules+notgz-5) unstable; urgency=medium * Replace /usr/share/doc/php-pear symlink by a dir (Closes: #817814) * Set PHP_PEAR_SYSCONF_DIR to /etc/pear (Closes: #818271) * Fix "PECL extensions FTBFS with PHP Fatal error: Call to a member function getFilelist() on null" (Closes: #805222) * Standards-Version: 3.9.7 * Updated Vcs-* fields to use https * Add lintian override for pear-package-without-pkg-php-tools-builddep -- Mathieu Parent Sat, 19 Mar 2016 22:43:58 +0100 php-pear (1:1.10.1+submodules+notgz-4) unstable; urgency=medium * pecl command needs to run without -n to pickup default PHP cli configuration, so XML module gets loaded * php-pear needs to pull XML extension as packaged in php-xml both into Depends and Build-Depends -- Ondřej Surý Thu, 03 Mar 2016 11:17:21 +0100 php-pear (1:1.10.1+submodules+notgz-3) unstable; urgency=medium * Depend on generic php-cli instead of php5-cli * Fix debian/php-pear.substvars-static to not depend on php5-* * Move included modules from Depends to Provides -- Ondřej Surý Mon, 07 Dec 2015 16:00:56 +0100 php-pear (1:1.10.1+submodules+notgz-2) experimental; urgency=medium * Don't depend on included libs: Structures_Graph, Console_Getopt, XML_Util -- Mathieu Parent Tue, 08 Dec 2015 23:17:52 +0100 php-pear (1:1.10.1+submodules+notgz-1) experimental; urgency=low * Initial release. (Closes: #801919) * Using epoch, as package was previously in src:php5 (Closes: #714848) * Install manpages (Closes: #414878) -- Mathieu Parent Fri, 27 Nov 2015 23:30:21 +0100