David Prévot
2024-02-29 14:00:01 UTC
Reply
PermalinkSeverity: normal
Tags: bullseye
X-Debbugs-Cc: php-proxy-***@packages.debian.org, ***@security.debian.org
Control: affects -1 + src:php-proxy-manager
User: ***@packages.debian.org
Usertags: pu
[4/6 for bullseye]
This is a follow up from composer/DSA-5632-1, similar to #1065061 in
bookworm.
In order to fix a Debian-specific issue related to CVE-2024-24821, we
agreed with the security team to push related dependencies via the next
point release.
The only change (besides changelog entry) in the binary package is the
following (thanks to diffoscope).
â â âââ ./usr/share/php/ProxyManager/autoload.php
â â â @@ -1,10 +1,10 @@
â â â <?php
â â â
â â â -require_once 'Laminas/Code/autoload.php';
â â â +require_once __DIR__ . '/../Laminas/Code/autoload.php';
â â â
â â â // @codingStandardsIgnoreFile
The goal is to ensure related dependencies are loaded from the system
path.
The attached debdiff is a bit bigger, since it aims at keeping the
testsuite at buildtime effective.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
TIA for considering.
Cheers,
taffit