-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 14 Jun 2024 13:46:22 +0200
Source: composer
Binary: composer
Architecture: all
Version: 2.0.9-2+deb11u3
Distribution: bullseye-security
Urgency: medium
Maintainer: all Build Daemon (x86-grnet-02) <buildd_all-x86-grnet-02@buildd.debian.org>
Changed-By: David Prévot <taffit@debian.org>
Description:
 composer   - dependency manager for PHP
Closes: 1073125 1073126
Changes:
 composer (2.0.9-2+deb11u3) bullseye-security; urgency=medium
 .
   * Include security fixes from 2.7.7
     - Multiple command injections via malicious git/hg branch names
       (GHSA-v9qv-c7wm-wgmf) [CVE-2024-35242] (Closes: #1073126)
     - Command injection via malicious git branch name
       (GHSA-47f6-5gq3-vx9c) [CVE-2024-35241] (Closes: #1073125)
Checksums-Sha1:
 f26fc365c40aeb114021e936c1a59a3db20b917d 9929 composer_2.0.9-2+deb11u3_all-buildd.buildinfo
 f025f5e0609c403eb26785b7da50546ecb9e283e 411932 composer_2.0.9-2+deb11u3_all.deb
Checksums-Sha256:
 db1975d15e92dd9a9fdc92a1eda23c056bc5abf090139b8ceee4cc092cf83368 9929 composer_2.0.9-2+deb11u3_all-buildd.buildinfo
 eef66379220843e8510a70ebcd46b2bb2e2065e123aa7182de734b21a65b1acb 411932 composer_2.0.9-2+deb11u3_all.deb
Files:
 d4d0dd7abf2d07e4f62745100c47eee7 9929 php optional composer_2.0.9-2+deb11u3_all-buildd.buildinfo
 d1f640cfdc8302e36b1e9ccb7f2bf2ab 411932 php optional composer_2.0.9-2+deb11u3_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEQsM0t1ygJv2xcx3e4cagXJhOTXsFAmZwJVgACgkQ4cagXJhO
TXuaXA/+IDbj9+wsUWXxDJn3T2Dx85dFOHXlNRYodxK1zK+446yQmrbfv5wfnhB/
IJzuWcke2MlP4WReeRncbn+EC+Y/eaCDVFZNvQ5pdjlYqkGwWhcPY+WnO3jV2DAN
7n0vT2tUI9WO/7CBSYrdSkdFZ3Tw7EWPQ2XIer+xsDYxIyN2taATZkYeX5bByihB
zMyXqxldw/++qtiT+L9gwQ7zswvyrbf44xeLhvyfOZOGmm7PJl9lJbcOpOovDLuz
sk7EE5nH4Guh6rAtLS8qz4E7eAYk8/X+A7+j+GeNpyVBSsaTjTiDQsoSMoF2M7rn
cujLPkVdKRlRQ6JMQVs7JvDuSch+tcM3/GP6DmawOLTcaKOwB868BqbhJb1ntMMs
3bq7opoEiLozBnalc7wqWfBxpWogRKjmd/vm/ZN/iXIsffCPxChvTSN7vTY1b/PB
i6vcZwnUoCtU6MgPykNROfupBDe4+AxLuimI+C/iyNFt1FStDQj0koJ1HTpJXl5X
8T1ZO8fm9J3QQYXuyAe3JbUE2CKjkwvw3JLvh1ZMAKo75iuV2Umi2A8wjb9vaYwy
gw7bDAP3hFxSZJAKI/Zq+U+3sZQwNa0ln5Qb3qWgfXfuZ+ySQzisgbqDq3m6P4Qq
4NunXByHnweOt1gZEtLKWL0iozbn6z02QXaDUcqrtjGBswC6YVc=
=QnMK
-----END PGP SIGNATURE-----