Discussion:
Bug#1098872: bookworm-pu: package php-nesbot-carbon/2.65.0-1+deb12u1
Add Reply
Adrian Bunk
2025-02-25 11:40:01 UTC
Reply
Permalink
Package: release.debian.org
Severity: normal
Tags: bookworm moreinfo
User: ***@packages.debian.org
Usertags: pu
X-Debbugs-Cc: ***@debian.org, Debian PHP PEAR Maintainers <pkg-php-***@lists.alioth.debian.org>

* CVE-2025-22145: Arbitrary file include in Carbon::setLocale

Tagged moreinfo, as question to the security team whether they want
this in -pu or as DSA.
Adrian Bunk
2025-02-25 11:50:02 UTC
Reply
Permalink
Post by Adrian Bunk
...
* CVE-2025-22145: Arbitrary file include in Carbon::setLocale
Tagged moreinfo, as question to the security team whether they want
this in -pu or as DSA.
Updated debdiff that also Closes: #1092680 in the changelog is attached.

cu
Adrian
Debian Bug Tracking System
2025-02-25 20:00:01 UTC
Reply
Permalink
tags -1 - moreinfo
Bug #1098872 [release.debian.org] bookworm-pu: package php-nesbot-carbon/2.65.0-1+deb12u1
Removed tag(s) moreinfo.
--
1098872: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098872
Debian Bug Tracking System
Contact ***@bugs.debian.org with problems
Salvatore Bonaccorso
2025-02-25 20:00:01 UTC
Reply
Permalink
Control: tags -1 - moreinfo

Hi,
Post by Adrian Bunk
Package: release.debian.org
Severity: normal
Tags: bookworm moreinfo
Usertags: pu
* CVE-2025-22145: Arbitrary file include in Carbon::setLocale
Tagged moreinfo, as question to the security team whether they want
this in -pu or as DSA.
This IMHO does not really warrant a DSA. I have marked it accordingly
in the security-tracker for bookworm.

Regards,
Salvatore
Adam D Barratt
2025-03-01 11:20:01 UTC
Reply
Permalink
package release.debian.org
tags 1098872 = bookworm pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm.

Thanks for your contribution!

Upload details
==============

Package: php-nesbot-carbon
Version: 2.65.0-1+deb12u1

Explanation: fix arbitrary file include issue [CVE-2025-22145]
Debian Bug Tracking System
2025-03-01 11:20:01 UTC
Reply
Permalink
Post by Adam D Barratt
package release.debian.org
Limiting to bugs with field 'package' containing at least one of 'release.debian.org'
Limit currently set to 'package':'release.debian.org'
Post by Adam D Barratt
tags 1098872 = bookworm pending
Bug #1098872 [release.debian.org] bookworm-pu: package php-nesbot-carbon/2.65.0-1+deb12u1
Added tag(s) pending.
Post by Adam D Barratt
thanks
Stopping processing here.

Please contact me if you need assistance.
--
1098872: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098872
Debian Bug Tracking System
Contact ***@bugs.debian.org with problems
Loading...