Package: release.debian.org Severity: normal Tags: bullseye X-Debbugs-Cc: php-doctrine-annotati...@packages.debian.org, t...@security.debian.org Control: affects -1 + src:php-doctrine-annotations User: release.debian....@packages.debian.org Usertags: pu
[6/6 for bullseye] This is a follow up from composer/DSA-5632-1, similar to #1065065 in bookworm. In order to fix a Debian-specific issue related to CVE-2024-24821, we agreed with the security team to push related dependencies via the next point release. The only change (besides changelog entry) in the binary package is the following (thanks to diffoscope). │ │ ├── ./usr/share/php/Doctrine/Common/Annotations/autoload.php │ │ │ @@ -1,10 +1,10 @@ │ │ │ <?php │ │ │ │ │ │ -require_once 'Doctrine/Common/Lexer/autoload.php'; │ │ │ +require_once __DIR__ . '/../Lexer/autoload.php'; │ │ │ │ │ │ // @codingStandardsIgnoreFile │ │ │ // @codeCoverageIgnoreStart The goal is to ensure related dependencies are loaded from the system path. The attached debdiff is a bit bigger, since it aims at keeping the testsuite at buildtime effective. [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable TIA for considering. Cheers, taffit
signature.asc
Description: PGP signature
