What Are You Looking For?

Sign Up
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-f3dedfef46
2023-10-15 01:42:32.629286
--------------------------------------------------------------------------------

Name        : composer
Product     : Fedora 38
Version     : 2.6.5
Release     : 1.fc38
URL         : https://getcomposer.org/
Summary     : Dependency Manager for PHP
Description :
Composer helps you declare, manage and install dependencies of PHP projects,
ensuring you have the right stack everywhere.

Documentation: https://getcomposer.org/doc/

--------------------------------------------------------------------------------
Update Information:

**Version 2.6.5** -  2023-10-06    * Fixed error when vendor dir contains broken
symlinks (#11670)   * Fixed composer.lock missing from Composer's zip archives
(#11674)   * Fixed AutoloadGenerator::dump() non-BC signature change in 2.6.4
(cb363b0e8)    ----  **Version 2.6.4** -  2023-09-29    * Security: Fixed
possible remote code execution vulnerability if composer.phar is publicly
accessible, executable as PHP, and register_argc_argv is enabled in php.ini
(GHSA-jm6m-4632-36hf / **CVE-2023-43655**)   * Fixed json output of abandoned
packages in audit command (#11647)   * Performance improvement in pool
optimization step (#11638)   * Performance improvement in `show -a
` (#11659)
--------------------------------------------------------------------------------
ChangeLog:

* Fri Oct  6 2023 Remi Collet  - 2.6.5-1
- update to 2.6.5
* Fri Sep 29 2023 Remi Collet  - 2.6.4-1
- update to 2.6.4
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2241496 - CVE-2023-43655 composer: Remote Code Execution via web-accessible composer.phar
        https://bugzilla.redhat.com/show_bug.cgi?id=2241496
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-f3dedfef46' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue

Fedora 38: composer 2023-f3dedfef46

October 15, 2023
**Version 2.6.5** - 2023-10-06 * Fixed error when vendor dir contains broken symlinks (#11670) * Fixed composer.lock missing from Composer's zip archives (#11674) * Fixed Autolo...

Summary

Composer helps you declare, manage and install dependencies of PHP projects,

ensuring you have the right stack everywhere.

Documentation: https://getcomposer.org/doc/

Update Information:

**Version 2.6.5** - 2023-10-06 * Fixed error when vendor dir contains broken symlinks (#11670) * Fixed composer.lock missing from Composer's zip archives (#11674) * Fixed AutoloadGenerator::dump() non-BC signature change in 2.6.4 (cb363b0e8) ---- **Version 2.6.4** - 2023-09-29 * Security: Fixed possible remote code execution vulnerability if composer.phar is publicly accessible, executable as PHP, and register_argc_argv is enabled in php.ini (GHSA-jm6m-4632-36hf / **CVE-2023-43655**) * Fixed json output of abandoned packages in audit command (#11647) * Performance improvement in pool optimization step (#11638) * Performance improvement in `show -a ` (#11659)

Change Log

* Fri Oct 6 2023 Remi Collet - 2.6.5-1 - update to 2.6.5 * Fri Sep 29 2023 Remi Collet - 2.6.4-1 - update to 2.6.4

References

[ 1 ] Bug #2241496 - CVE-2023-43655 composer: Remote Code Execution via web-accessible composer.phar https://bugzilla.redhat.com/show_bug.cgi?id=2241496

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-f3dedfef46' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
Name : composer
Product : Fedora 38
Version : 2.6.5
Release : 1.fc38
URL : https://getcomposer.org/
Summary : Dependency Manager for PHP

Related News

QNAP Warns Customers to Patch Linux Sudo Flaw in NAS Devices

Mar 31, 2023

Linux Foundation Creates OpenWallet Foundation

Feb 27, 2023

Companies Can’t Stop Using Open Source

Mar 8, 2023

Make Linux Safer… Or Die Trying

Feb 16, 2023

News

Advisories

HOWTOs

Features

Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024
Cloud Security Basics for Small Businesses
Scanning and Defending Networks with Nmap

About Us

Powered By

Footer Logo