Control: reassign -1 src:php-illuminate-database I filled the bug against the binary package, that has been superseded by src:php-laravel-framework and thus missed the expected audience, sorry about that.
Le Tue, Feb 02, 2021 at 11:20:06AM -0400, David Prévot a écrit : > Le 23/01/2021 à 18:49, David Prévot a écrit : > > Package: php-illuminate-database > > Version: 5.7.27-1 > […] > > A quick look at the php-illuminate-database code, as shipped in stable, > > makes me think that it is probably vulnerable to CVE-2021-21263 as fixed > > in 6.20.11 > > Also, since the CVE-2021-21263 fix was incomplete, upstream released another > security update as 6.20.14. > > https://github.com/laravel/framework/security/advisories/GHSA-x7p5-p2c9-phvg > > Regards > > David
signature.asc
Description: PGP signature