Debian Security Advisory 5632-1

-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5632-1                   [email protected]://www.debian.org/security/                       Sebastien DelafondFebruary 26, 2024                     https://www.debian.org/security/faq- -------------------------------------------------------------------------Package        : composerCVE ID         : CVE-2024-24821Debian Bug     : 1063603It was discovered that composer, a dependency manager for the PHPlanguage, processed files in the local working directory. This couldlead to local privilege escalation or malicious code execution. Due toa technical issue this email was not sent on 2024-02-26 like it shouldhave.For the oldstable distribution (bullseye), this problem has been fixedin version 2.0.9-2+deb11u2.For the stable distribution (bookworm), this problem has been fixed inversion 2.5.5-1+deb12u1.We recommend that you upgrade your composer packages.For the detailed security status of composer please refer toits security tracker page at:https://security-tracker.debian.org/tracker/composerFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: [email protected] PGP SIGNATURE-----iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAmX0DyUACgkQEL6Jg/PVnWSBoggAmRdaBN8p7agJH0S2fvEJWuF+gFAAY4112EeOzbHwk/Bm6EuTY9VcGTtjHlW8X3t/H1+NW5xejcm1gEaXIE2HHIc1KTaG3ui/kKC2T3ybx0cmnqYWu/TJWmw+nbaneBK74PkXukzFvjuYaOy7a6EgnpNcMhc0b2tc/IqIUOYiePKbg4lio8u6q5rP5uFIJydeqI0IXja6H4N0ub/zOAn6I6C3ToKMa0WnfllmrMaj/JnBbgam3VrT06n63NoW6xZepdMDP3QofOVWWP5HshF/0CH1BGEcKS6AtAaIgARalFMgbP6SU8NDsgNFQ3UCiuR+sTjZc2YA0muIpmBGSPVyAw===y4my-----END PGP SIGNATURE-----