-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 15 Apr 2026 12:33:06 +0200
Source: composer
Binary: composer
Architecture: all
Version: 2.5.5-1+deb12u4
Distribution: bookworm
Urgency: medium
Maintainer: all Build Daemon (x86-grnet-02) <buildd_all-x86-grnet-02@buildd.debian.org>
Changed-By: David Prévot <taffit@debian.org>
Description:
 composer   - dependency manager for PHP
Changes:
 composer (2.5.5-1+deb12u4) bookworm; urgency=medium
 .
   * Fix command injection via malicious Perforce source reference/url
     [CVE-2026-40261]
   * Fix ommand injection via malicious Perforce repository definition
     [CVE-2026-40176]
   * Fix remote Code Execution via web-accessible composer.phar
     [CVE-2023-43655]
Checksums-Sha1:
 13e86a7966338285d326f062c4a74cf4209d748e 10188 composer_2.5.5-1+deb12u4_all-buildd.buildinfo
 27f024aed9e77a7b977de2a1e89687cae99d4e71 493016 composer_2.5.5-1+deb12u4_all.deb
Checksums-Sha256:
 3b7e2195bbceae6d1aa430fce7169d4e641b9b3a420c7773a0f51c5ec227f42f 10188 composer_2.5.5-1+deb12u4_all-buildd.buildinfo
 fbe0a91f734186d215d63976dc31f69d4dbe3c690faacc465ebaa1e0b138f65d 493016 composer_2.5.5-1+deb12u4_all.deb
Files:
 7242b57b51ea6cdc45efc80e7438c654 10188 php optional composer_2.5.5-1+deb12u4_all-buildd.buildinfo
 2f143603c5d9fffdedd9f458fc8d6b9d 493016 php optional composer_2.5.5-1+deb12u4_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE81O8NL+3kjBAqEvLmgPNRvTf/zcFAmn4arEACgkQmgPNRvTf
/zf7Cg/+P6V321FCkUNk+AEKBcgKkUwaaWuPZ6hMJZ0IYqY0nWS1yXY/mlsG2Tm+
5CNUpmCrE4izTkX4LGUnVvK8N20o4Sm3orSfCwZPw6IdFhNqtFBASqvqpRPwwuOt
Be8m+pyEdhxccA4hHEBAhhESh6XNXzfdeYBvSgFwqqkLBjaarGzAtEO8YRbaOPcT
x/vDK1I8YkW/kgZw3og71q/LEphKnuPekMJ+dtYO1Fv/QWsKzJeDk4gmnp8iFCmC
hSm8ja59G2RDauZ4EQKSzp7Z1rDrJCvNEoE8IGwNt8vi6AET9sbScCYfRYouAHdf
8X9p0y3EnBcgAuzsGiz7ri5+wD8FLZROOrwqMrj0GtEbcFJeCGR5cAhISNx0aezo
Q6RezIuMWuNAMo5PEzlmitJDTcLUbX32ME0SAS4aR5DeD8OMwD5f1IHv/JfkbaXm
fbRkZhMuxdK8EWIHFJgQKKF7ruKyJ4enqd9Ldt84o8YleyBnwUwJYrW0CyAo+mIp
6hVudhXxyz6+/wsymuiEpVSoye4V9XtziZ5g5iOjMJzmL4ssVBPA5HTJvvkvA0VJ
WmL4W5Ny8n/UZaeEY+YcD5xORbMVBeMM5qRWEqTFxAg5tKFR0OdGlgf5a6riqKPM
xD6gpqlD5R0FbmNo9ovrSAZ0aFTZ+gyiU5HfPu03O1c2wXSN4U4=
=vrHR
-----END PGP SIGNATURE-----