FEDORA-2023-dbe9d482a8 — security update for composer — Fedora Updates System

obsolete

composer-2.6.4-1.fc38

FEDORA-2023-dbe9d482a8 created by remi a year ago for Fedora 38

Version 2.6.4 - 2023-09-29

Security: Fixed possible remote code execution vulnerability if composer.phar is publicly accessible, executable as PHP, and register_argc_argv is enabled in php.ini (GHSA-jm6m-4632-36hf / CVE-2023-43655)
Fixed json output of abandoned packages in audit command (#11647)
Performance improvement in pool optimization step (#11638)
Performance improvement in show -a <packagename> (#11659)

This update has been submitted for testing by remi.

This update's test gating status has been changed to 'ignored'.

imabug provided feedback a year ago

karma

This update has been pushed to testing.

remi edited this update.

This update has been obsoleted by composer-2.6.5-1.fc38.

Please login to add feedback.

Metadata

Type

security

Severity

low

Karma

1

Signed

Content Type

RPM

Test Gating

ignored

Autopush Settings

Unstable by Karma

-3

Stable by Karma

3

Stable by Time

7 days

Thresholds

Minimum Karma

+1

Minimum Testing

7 days

Dates

submitted

a year ago

in testing

a year ago

modified

a year ago

Builds

1

composer-2.6.4-1.fc38

BZ#2241496 CVE-2023-43655 composer: Remote Code Execution via web-accessible composer.phar

0

0

BZ#2241498 CVE-2023-43655 composer: Remote Code Execution via web-accessible composer.phar [fedora-all]

0

0

composer-2.6.4-1.fc38

Automated Test Results

ignored

Copyright © 2007-2025 Red Hat, Inc. and others.

Running bodhi-server 8.3.0 on bodhi-web-177-rvwvq.

bodhi is Free Software. Please file issues if you have any problems. Read the documentation.

• Composes • Legal • Privacy policy •