Your message dated Fri, 30 Apr 2021 18:48:45 +0000
with message-id <[email protected]>
and subject line Bug#987831: fixed in php-laravel-framework 6.20.14+dfsg-2
has caused the Debian Bug report #987831,
regarding php-illuminate-database: Security issue: SQL injection with Microsoft
SQL Server
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
987831: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987831
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: php-illuminate-database
Version: 6.20.14+dfsg-1
Severity: important
Tags: security
Upstream has published a security advisory [1,2] regarding an SQL
injection vulnerability when used with Microsoft SQL Server.
The vulnerability was fixed upstream in version 6.20.26 and 8.40.0.
[1] https://blog.laravel.com/security-sql-injection-in-sql-server-limit-offset
[2] https://github.com/laravel/framework/security/advisories/GHSA-4mg9-vhxq-vm7j
--- End Message ---
--- Begin Message ---
Source: php-laravel-framework
Source-Version: 6.20.14+dfsg-2
Done: Robin Gustafsson <[email protected]>
We believe that the bug you reported is fixed in the latest version of
php-laravel-framework, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Robin Gustafsson <[email protected]> (supplier of updated php-laravel-framework
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 30 Apr 2021 18:23:38 +0200
Source: php-laravel-framework
Architecture: source
Version: 6.20.14+dfsg-2
Distribution: unstable
Urgency: medium
Maintainer: Debian PHP PEAR Maintainers <[email protected]>
Changed-By: Robin Gustafsson <[email protected]>
Closes: 987831
Changes:
php-laravel-framework (6.20.14+dfsg-2) unstable; urgency=medium
.
* Fix security issue: SQL injection with Microsoft SQL Server
(Closes: #987831)
Checksums-Sha1:
7452b2c1134e038377295cb4bee90a3e648b91cb 3860
php-laravel-framework_6.20.14+dfsg-2.dsc
e5656847dbdbbdaed434a21270c00a672de6f30c 7948
php-laravel-framework_6.20.14+dfsg-2.debian.tar.xz
ca094c835cd31c0de7a18d1506388a4d502398ea 15220
php-laravel-framework_6.20.14+dfsg-2_amd64.buildinfo
Checksums-Sha256:
d2c269f9c3b56f120656c14a59bb4698532346ac9adb49e56d032aadaf4a7fd2 3860
php-laravel-framework_6.20.14+dfsg-2.dsc
a2813891f333d6ec04fa371ac4d24f8cf46513f2bae8efb26e02b93cdffe2e5c 7948
php-laravel-framework_6.20.14+dfsg-2.debian.tar.xz
d0d3510941aef3742fcfe292d9958be7ac903c4c3da0b1ab0c6ac34019c89e14 15220
php-laravel-framework_6.20.14+dfsg-2_amd64.buildinfo
Files:
0050f64f5cbf050294bf8adfcbf458c3 3860 php optional
php-laravel-framework_6.20.14+dfsg-2.dsc
1b11b1d09b59b6f2c0105d6647b39e73 7948 php optional
php-laravel-framework_6.20.14+dfsg-2.debian.tar.xz
e54435b370cb4a88783f8b288fef39c7 15220 php optional
php-laravel-framework_6.20.14+dfsg-2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEeHVNB7wJXHRI941mBYwc+UT2vTwFAmCMUB0ACgkQBYwc+UT2
vTwyIAgAk9WiZwXpcE16BapXO3sd9/fXZHm2Bsm83aeIXKIATRLyLihFcelxRJZK
jtyFv3ooKb7t9tPerlipyOej8XmZNwp5DARAkbWvaJfAbC1PzgyNEjYcK1ZFbGld
V/bw+ypIHhZ/OMl69Rvv4EIVydsvlu9qCxAjQmHYFGhGdNbVq7yVmRP47uPCYHiK
z7/TMQK5ZsWz9KoRwRycvcRz281jIyNm4gRjP92LZE/eZEXvcm0HabRL80AQmHYB
EtlSexTgGkQ+oafRuGEMUrKa2AdJ9QPdBL9JY9E4KiEPPmL050/yFf6IEwIQsUc2
jD/E6hHAEywpk6ThJKtgvPJVRhPSUg==
=J4Lv
-----END PGP SIGNATURE-----
--- End Message ---
