—–BEGIN PGP SIGNED MESSAGE—–
\nHash: SHA512<\/p>\n
– ————————————————————————-
\nDebian Security Advisory DSA-5632-1 security@debian.org
\nhttps:\/\/www.debian.org\/security\/ Sebastien Delafond
\nFebruary 26, 2024 https:\/\/www.debian.org\/security\/faq
\n– ————————————————————————-<\/p>\n
Package : composer
\nCVE ID : CVE-2024-24821
\nDebian Bug : 1063603<\/p>\n
It was discovered that composer, a dependency manager for the PHP
\nlanguage, processed files in the local working directory. This could
\nlead to local privilege escalation or malicious code execution. Due to
\na technical issue this email was not sent on 2024-02-26 like it should
\nhave.<\/p>\n
For the oldstable distribution (bullseye), this problem has been fixed
\nin version 2.0.9-2+deb11u2.<\/p>\n
For the stable distribution (bookworm), this problem has been fixed in
\nversion 2.5.5-1+deb12u1.<\/p>\n
We recommend that you upgrade your composer packages.<\/p>\n
For the detailed security status of composer please refer to
\nits security tracker page at:
\nhttps:\/\/security-tracker.debian.org\/tracker\/composer<\/p>\n
Further information about Debian Security Advisories, how to apply
\nthese updates to your system and frequently asked questions can be
\nfound at: https:\/\/www.debian.org\/security\/<\/p>\n
Mailing list: debian-security-announce@lists.debian.org
\n—–BEGIN PGP SIGNATURE—–<\/p>\n
iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg\/PVnWQFAmX0DyUACgkQEL6Jg\/PV
\nnWSBoggAmRdaBN8p7agJH0S2fvEJWuF+gFAAY4112EeOzbHwk\/Bm6EuTY9VcGTtj
\nHlW8X3t\/H1+NW5xejcm1gEaXIE2HHIc1KTaG3ui\/kKC2T3ybx0cmnqYWu\/TJWmw+
\nnbaneBK74PkXukzFvjuYaOy7a6EgnpNcMhc0b2tc\/IqIUOYiePKbg4lio8u6q5rP
\n5uFIJydeqI0IXja6H4N0ub\/zOAn6I6C3ToKMa0WnfllmrMaj\/JnBbgam3VrT06n6
\n3NoW6xZepdMDP3QofOVWWP5HshF\/0CH1BGEcKS6AtAaIgARalFMgbP6SU8NDsgNF
\nQ3UCiuR+sTjZc2YA0muIpmBGSPVyAw==
\n=y4my
\n—–END PGP SIGNATURE—–<\/p>\n","protected":false},"excerpt":{"rendered":"
—–BEGIN PGP SIGNED MESSAGE—– Hash: SHA512 – ————————————————————————- Debian Security Advisory DSA-5632-1 security@debian.org https:\/\/www.debian.org\/security\/ Sebastien Delafond February 26, 2024 https:\/\/www.debian.org\/security\/faq – ————————————————————————- Package : composer CVE ID : CVE-2024-24821 Debian Bug : 1063603 It was discovered that composer, a dependency manager for the PHP language, processed files in the local working directory. This could lead …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-55430","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/55430","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=55430"}],"version-history":[{"count":1,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/55430\/revisions"}],"predecessor-version":[{"id":55468,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/55430\/revisions\/55468"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=55430"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=55430"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=55430"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}