—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

– ————————————————————————-
Debian Security Advisory DSA-4378-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
January 30, 2019 https://www.debian.org/security/faq
– ————————————————————————-

Package : php-pear
CVE ID : CVE-2018-1000888
Debian Bug : 919147

Fariskhi Vidyan discovered that the PEAR Archive_Tar package for
handling tar files in PHP is prone to a PHP object injection
vulnerability, potentially allowing a remote attacker to execute
arbitrary code.

For the stable distribution (stretch), this problem has been fixed in
version 1:1.10.1+submodules+notgz-9+deb9u1.

We recommend that you upgrade your php-pear packages.

For the detailed security status of php-pear please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/php-pear

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
—–BEGIN PGP SIGNATURE—–

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlxRxlRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0SLYQ//c4cCTBaPrJpEqyQxbR6F860XakSy4wIV+rcarH8e50wPTGfR9xU6x8jI
PxvjkEP+HsaHNhMHnfnK6Y48P1In5M9UaLMVLKAqmIZAYnBrlxmwgaA3oQMscSe2
R1hJzuZ6arnYJP6fSAu+fBs4zY6MmLsoStcKx4pTM+dYwcFSanzmQlN8EhPFE9fP
YtvzSaBeKEJU7JZ7psMSK3/Zxi7WNyAjhwJPh+y3C0JNY5hyCBtr9UhJjXt2utSu
txG0wfXyhdArwOcSRHGtyA0cKLZBYs/tp588tYQ1bhA9WZqrkON2MqrPlxYLOsRj
lu3DWW4AMijXfvjDd8VUd0mfwJrgsANf1WktTx3Iycmhad2TrwDfyab2zuutBL1b
U96qpklflYuXiGVHsZE9eH+HilkKPTnEseePKpxePM6XBMhQjCaAEjXZTwxEKfOU
aXMZq3woLVs4dIcu+IwIqHQDtyxIefkUVpsJ7VLc/KPO8V3PsnWQaX76raoQ/EpM
tdxCLoDyHkdIHznKdMSn2sGBDpD6KxNIXWf/K2GRr9V3wN76cqjcBa6zIxBte9k+
4MYaxfCq+u/BIecGSMPAVrHMVvsqO+b/f6Jrr8Dp4a8fr5uGAujDn9dPnXJ0aO1+
yKPr77CtBdpV8iMM7L4dr83E+Ci+KS+4gU9ctT8JpZo/u1qmqlk=
=sDXt
—–END PGP SIGNATURE—–