Ubuntu
php-pear package

  1. Bug #1946886
  2. Activity log

Activity log for bug #1946886

Date Who What changed Old value New value Message
2021-10-13 04:05:46 Bryce Harrington bug added bug
2021-10-13 04:05:48 Bryce Harrington bug added subscriber Canonical Server Team
2021-10-13 04:15:24 Bryce Harrington php-pear (Ubuntu): assignee Bryce Harrington (bryce)
2021-10-19 03:30:32 Bryce Harrington description Scheduled-For: 22.11 Upstream: tbd Debian: 1:1.10.12+submodules+notgz+20210212-1 Ubuntu: 1:1.10.12+submodules+notgz+20210212-1ubuntu1 ### New Debian Changes ### php-pear (1:1.10.12+submodules+notgz+20210212-1) unstable; urgency=medium [ Ondřej Surý ] * (CVE-2020-36193) Update Archive_Tar to 1.4.12 (Closes: #980428) * Remove .gitattributes from submodules as it breaks our build [ Mathieu Parent ] * Remove all *.tgz files, to ease copyright review -- Ondřej Surý <ondrej@debian.org> Fri, 12 Feb 2021 09:05:38 +0100 php-pear (1:1.10.12+submodules+notgz-1) unstable; urgency=medium * Update PEAR to 1.10.12 * Update Archive_Tar to 1.4.7 * Update Console_Getopt to 1.4.2 * Update Structures_Graph to latest trunk * Update XML_Util to 1.4.3 * Lower the dh_compat level to 10 to help with backports * Remove .gitattributes from submodules as it breaks our build * Use pristine-tar (first create and then use pristine-tar commit) -- Ondřej Surý <ondrej@debian.org> Sat, 10 Oct 2020 15:10:13 +0200 php-pear (1:1.10.9+submodules+notgz-1) unstable; urgency=low [ Ondřej Surý ] * Update PEAR to 1.10.8 * Update Archive_Tar to 1.4.6 * Update Console_Getopt to 1.4.2 * Update maintainer address * Update gbp.conf for salsa and enable pristine-tar * Bump policy to recent version (no change) [ Mathieu Parent ] * Update PEAR to 1.10.9 - Fixes count() on non Countable (Closes: #890433) * Update Archive_Tar to 1.4.7 * Update Structures_Graph to v1.1.1 + 1 minor patch * Add debian/README.source * Fix package-uses-deprecated-source-override-location * Fix insecure-copyright-format-uri * Fix debian-watch-uses-insecure-uri * Bump debhelper compat to 12 * Update debian/php-pear.substvars-static * Fix manpage-has-errors-from-man * Standards-Version: 4.4.0 * Add debian/salsa-ci.yml * Implement the SOURCE_DATE_EPOCH specification (Closes: #750697) -- Mathieu Parent <sathieu@debian.org> Thu, 01 Aug 2019 23:15:22 +0200 php-pear (1:1.10.6+submodules+notgz-1) unstable; urgency=medium * Update PEAR to 1.10.6 -- Ondřej Surý <ondrej@debian.org> Mon, 01 Oct 2018 12:15:44 +0000 php-pear (1:1.10.5+submodules+notgz-1) unstable; urgency=medium * Update PEAR to 1.10.5 * Update Archive_Tar to 1.4.3 * Update XML_Util to 1.4.3 -- Ondřej Surý <ondrej@debian.org> Thu, 10 Aug 2017 23:19:49 +0200 php-pear (1:1.10.4+submodules+notgz-1) experimental; urgency=medium * Update PEAR to 1.10.4 * Rebase patches on top of 1.10.4+submodules+notgz * Update submodules to latest PEAR packaged versions: bdd47347df76dbaa89227c5e1afd6f6809985b4c submodules/Archive_Tar (1.4.2) 82f05cd1aa3edf34e19aa7c8ca312ce13a6a577f submodules/Console_Getopt (v1.4.1) 608fdc835a62fb238e61bd1cf0aaf6c7a4420b5c submodules/Structures_Graph (v1.1.1) 0ee5f1d88573a935daf68d795048165b3491b5ff submodules/XML_Util (v1.4.2) -- Ondřej Surý <ondrej@debian.org> Tue, 30 May 2017 16:18:19 +0200 php-pear (1:1.10.1+submodules+notgz-9) unstable; urgency=medium * Fix Vcs-* fields (was pointing to pkg-php-tools) * Standards-Version: 3.9.8, no change -- Mathieu Parent <sathieu@debian.org> Wed, 25 Jan 2017 07:48:36 +0100 php-pear (1:1.10.1+submodules+notgz-8) unstable; urgency=medium * Remove /usr/share/php/{.depdb,.filemap} - As they would be outdated. - This also fixes the last remaining FTBR -- Mathieu Parent <sathieu@debian.org> Sun, 24 Apr 2016 00:54:49 +0200 php-pear (1:1.10.1+submodules+notgz-7) unstable; urgency=medium * Makes the build reproducible by fixing _lastmodified to be an int -- Mathieu Parent <sathieu@debian.org> Wed, 20 Apr 2016 06:47:23 +0200 php-pear (1:1.10.1+submodules+notgz-6) unstable; urgency=medium ### Old Ubuntu Delta ### php-pear (1:1.10.12+submodules+notgz+20210212-1ubuntu1) impish; urgency=medium * SECURITY REGRESSIONS: - debian/patches/CVE-2020-36193-2.patch: fix out-of-path check for virtual relative symlink in submodules/Archive_Tar/Archive/Tar.php. - debian/patches/CVE-2020-36193-3.patch: PHP compat fix in submodules/Archive_Tar/Archive/Tar.php. * SECURITY UPDATE: incorrect symlink extraction - debian/patches/CVE-2021-32610.patch: properly fix symbolic link path traversal in submodules/Archive_Tar/Archive/Tar.php. - CVE-2021-32610 -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 28 Jul 2021 10:39:27 -0400 Upstream: 1.10.13 Debian: 1:1.10.12+submodules+notgz+20210212-1 Ubuntu: 1:1.10.12+submodules+notgz+20210212-1ubuntu1 Debian typically updates this package every 2 months, but has not done so since 21.04. Check back monthly. There is a new upstream version, however, so may be worth going ahead of debian and/or updating it in Debian and syncing it. ### New Debian Changes ### php-pear (1:1.10.12+submodules+notgz+20210212-1) unstable; urgency=medium   [ Ondřej Surý ]   * (CVE-2020-36193) Update Archive_Tar to 1.4.12 (Closes: #980428)   * Remove .gitattributes from submodules as it breaks our build   [ Mathieu Parent ]   * Remove all *.tgz files, to ease copyright review  -- Ondřej Surý <ondrej@debian.org> Fri, 12 Feb 2021 09:05:38 +0100 php-pear (1:1.10.12+submodules+notgz-1) unstable; urgency=medium   * Update PEAR to 1.10.12   * Update Archive_Tar to 1.4.7   * Update Console_Getopt to 1.4.2   * Update Structures_Graph to latest trunk   * Update XML_Util to 1.4.3   * Lower the dh_compat level to 10 to help with backports   * Remove .gitattributes from submodules as it breaks our build   * Use pristine-tar (first create and then use pristine-tar commit)  -- Ondřej Surý <ondrej@debian.org> Sat, 10 Oct 2020 15:10:13 +0200 php-pear (1:1.10.9+submodules+notgz-1) unstable; urgency=low   [ Ondřej Surý ]   * Update PEAR to 1.10.8   * Update Archive_Tar to 1.4.6   * Update Console_Getopt to 1.4.2   * Update maintainer address   * Update gbp.conf for salsa and enable pristine-tar   * Bump policy to recent version (no change)   [ Mathieu Parent ]   * Update PEAR to 1.10.9     - Fixes count() on non Countable (Closes: #890433)   * Update Archive_Tar to 1.4.7   * Update Structures_Graph to v1.1.1 + 1 minor patch   * Add debian/README.source   * Fix package-uses-deprecated-source-override-location   * Fix insecure-copyright-format-uri   * Fix debian-watch-uses-insecure-uri   * Bump debhelper compat to 12   * Update debian/php-pear.substvars-static   * Fix manpage-has-errors-from-man   * Standards-Version: 4.4.0   * Add debian/salsa-ci.yml   * Implement the SOURCE_DATE_EPOCH specification (Closes: #750697)  -- Mathieu Parent <sathieu@debian.org> Thu, 01 Aug 2019 23:15:22 +0200 php-pear (1:1.10.6+submodules+notgz-1) unstable; urgency=medium   * Update PEAR to 1.10.6  -- Ondřej Surý <ondrej@debian.org> Mon, 01 Oct 2018 12:15:44 +0000 php-pear (1:1.10.5+submodules+notgz-1) unstable; urgency=medium   * Update PEAR to 1.10.5   * Update Archive_Tar to 1.4.3   * Update XML_Util to 1.4.3  -- Ondřej Surý <ondrej@debian.org> Thu, 10 Aug 2017 23:19:49 +0200 php-pear (1:1.10.4+submodules+notgz-1) experimental; urgency=medium   * Update PEAR to 1.10.4   * Rebase patches on top of 1.10.4+submodules+notgz   * Update submodules to latest PEAR packaged versions:     bdd47347df76dbaa89227c5e1afd6f6809985b4c submodules/Archive_Tar (1.4.2)     82f05cd1aa3edf34e19aa7c8ca312ce13a6a577f submodules/Console_Getopt (v1.4.1)     608fdc835a62fb238e61bd1cf0aaf6c7a4420b5c submodules/Structures_Graph (v1.1.1)     0ee5f1d88573a935daf68d795048165b3491b5ff submodules/XML_Util (v1.4.2)  -- Ondřej Surý <ondrej@debian.org> Tue, 30 May 2017 16:18:19 +0200 php-pear (1:1.10.1+submodules+notgz-9) unstable; urgency=medium   * Fix Vcs-* fields (was pointing to pkg-php-tools)   * Standards-Version: 3.9.8, no change  -- Mathieu Parent <sathieu@debian.org> Wed, 25 Jan 2017 07:48:36 +0100 php-pear (1:1.10.1+submodules+notgz-8) unstable; urgency=medium   * Remove /usr/share/php/{.depdb,.filemap}     - As they would be outdated.     - This also fixes the last remaining FTBR  -- Mathieu Parent <sathieu@debian.org> Sun, 24 Apr 2016 00:54:49 +0200 php-pear (1:1.10.1+submodules+notgz-7) unstable; urgency=medium   * Makes the build reproducible by fixing _lastmodified to be an int  -- Mathieu Parent <sathieu@debian.org> Wed, 20 Apr 2016 06:47:23 +0200 php-pear (1:1.10.1+submodules+notgz-6) unstable; urgency=medium ### Old Ubuntu Delta ### php-pear (1:1.10.12+submodules+notgz+20210212-1ubuntu1) impish; urgency=medium   * SECURITY REGRESSIONS:     - debian/patches/CVE-2020-36193-2.patch: fix out-of-path check for       virtual relative symlink in submodules/Archive_Tar/Archive/Tar.php.     - debian/patches/CVE-2020-36193-3.patch: PHP compat fix in       submodules/Archive_Tar/Archive/Tar.php.   * SECURITY UPDATE: incorrect symlink extraction     - debian/patches/CVE-2021-32610.patch: properly fix symbolic link path       traversal in submodules/Archive_Tar/Archive/Tar.php.     - CVE-2021-32610  -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 28 Jul 2021 10:39:27 -0400
2021-10-19 03:30:35 Bryce Harrington php-pear (Ubuntu): milestone ubuntu-22.01
2021-11-16 21:24:30 Bryce Harrington php-pear (Ubuntu): status New Incomplete
2022-01-11 03:25:36 Bryce Harrington php-pear (Ubuntu): milestone ubuntu-22.01 ubuntu-22.02
2022-03-07 22:39:47 Bryce Harrington php-pear (Ubuntu): status Incomplete Fix Committed
2022-03-08 15:57:21 Bryce Harrington php-pear (Ubuntu): status Fix Committed Incomplete
2022-05-05 23:06:05 Bryce Harrington marked as duplicate 1971311