All patches in our current delta are related to fixes for the Archive_Tar submodule.
All these fixes have been applied in Archive_Tar 1.4.14, which is the version being shipped in the current Debian unstable package. The patches are: debian/patches/CVE-2020-36193-2.patch @ Ubuntu delta: Available in Tar_Archive since 1.4.13. https://github.com/pear/Archive_Tar/commit/b6da5c32254162fa0752616479fb3d3c5297c1cf debian/patches/CVE-2020-36193-3.patch @ Ubuntu delta: Available in Tar_Archive since 1.4.13. https://github.com/pear/Archive_Tar/commit/7d8782d95f74b5889bfaaad43e74086f1918ec2b debian/patches/CVE-2021-32610.patch @ Ubuntu delta: Available in Tar_Archive since 1.4.14. https://github.com/pear/Archive_Tar/commit/b5832439b1f37331fb4f87e67fe4f61ca26bf7d4 Therefore, this should be a sync instead of a merge. ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-36193 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-32610 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1971311 Title: Merge php-pear from Debian unstable for kinetic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php-pear/+bug/1971311/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
