| Release | Version |
|---|---|
| stretch | 1:1.10.1+submodules+notgz-9+deb9u3 |
| buster | 1:1.10.6+submodules+notgz-1.1+deb10u2 |
| bullseye | 1:1.10.12+submodules+notgz+20210212-1 |
| bookworm | 1:1.10.13+submodules+notgz+2022032202-2 |
| trixie | 1:1.10.13+submodules+notgz+2022032202-2 |
| sid | 1:1.10.13+submodules+notgz+2022032202-2 |
| Bug | stretch | buster | bullseye | bookworm | trixie | sid | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-32610 | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | fixed | In Archive_Tar before 1.4.14, symlinks can refer to targets outside of ... |
| Bug | stretch | buster | bullseye | bookworm | trixie | sid | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-5630 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | PECL in the download utility class in the Installer in PEAR Base Syste ... |
| Bug | Description |
|---|---|
| CVE-2020-36193 | Tar.php in Archive_Tar through 1.4.11 allows write operations with Dir ... |
| CVE-2020-28949 | Archive_Tar through 1.4.10 has :// filename sanitization only to addre ... |
| CVE-2020-28948 | Archive_Tar through 1.4.10 allows an unserialization attack because ph ... |
| CVE-2018-1000888 | PEAR Archive_Tar version 1.4.3 and earlier contains a CWE-502, CWE-915 ... |
| DSA / DLA | Description |
|---|---|
| DSA-4894-1 | php-pear - security update |
| DLA-2621-1 | php-pear - security update |
| DSA-4817-1 | php-pear - security update |
| DLA-2465-1 | php-pear - security update |
| DSA-4378-1 | php-pear - security update |