Package: release.debian.org Severity: normal Tags: bullseye User: release.debian....@packages.debian.org Usertags: pu X-Debbugs-Cc: php-nyholm-p...@packages.debian.org, t...@security.debian.org Control: affects -1 + src:php-nyholm-psr7
Hi, Please note that this request is very similar to #1034713 for php-guzzlehttp-psr7/1.7.0-1+deb11u2 (even the CVE ID is the same). [ Reason ] I’d like to fix an improper input validation [CVE-2023-29197] filed as #1034597. The security team reviewed this bug filed with a non-RC severity, so I assume they don’t expect to release a DSA for it (as for the other php-guzzlehttp-psr7 issue), anyway the team is X-D-Cc. [ Impact ] It’a security flaw. [ Tests ] The (extended for this fix) upstream testsuite is run at build time and debci. [ Risks ] The code change is fairly trivial, and was adapted from upstream (I used the exact same patch as the one targetted for Bookworm). [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in stable [x] the issue is verified as fixed in unstable [ Changes ] It’s just a stricter validation regex. [ Other info ] Thanks a lot for your work! Cheers taffit
signature.asc
Description: PGP signature