Ausführen beliebiger Kommandos in composer
ID: | FEDORA-2021-ab7d0d3486 |
Distribution: | Fedora |
Plattformen: | Fedora 34 |
Datum: | Mi, 26. Mai 2021, 07:14 |
Referenzen: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29472 |
Applikationen: | composer |
Originalnachricht |
|
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2021-ab7d0d3486 2021-05-26 00:57:51.583442 -------------------------------------------------------------------------------- Name : composer Product : Fedora 34 Version : 2.0.13 Release : 1.fc34 URL : https://getcomposer.org/ Summary : Dependency Manager for PHP Description : Composer helps you declare, manage and install dependencies of PHP projects, ensuring you have the right stack everywhere. Documentation: https://getcomposer.org/doc/ -------------------------------------------------------------------------------- Update Information: **Version 2.0.13** 2021-04-27 * Security: Fixed command injection vulnerability in HgDriver/HgDownloader and hardened other VCS drivers and downloaders (GHSA-h5h8-pc6h-jvvx / CVE-2021-29472) * Fixed install step at the end of the init command to take new dependencies into account correctly * Fixed `update --lock` listing updates which were not really happening (#9812) * Fixed support for --no-dev combined with --locked in outdated and show commands (#9788) -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 27 2021 Remi Collet |