Debian alert DLA-4068-1 (php-nesbot-carbon)

From:
             
 
Adrian Bunk <bunk@debian.org>
To:
             
 
debian-lts-announce@lists.debian.org
Subject:
             
 
[SECURITY] [DLA 4068-1] php-nesbot-carbon security update
Date:
             
 
Tue, 25 Feb 2025 13:44:35 +0200
Message-ID:
             
 
<Z72tI29ZUClID45m@localhost>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4068-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
February 25, 2025                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : php-nesbot-carbon
Version        : 2.32.2-1+deb11u1
CVE ID         : CVE-2025-22145
Debian Bug     : 1092680

Arbitrary file include in Carbon::setLocale has been fixed in Carbon,
a PHP API extension for DateTime.

For Debian 11 bullseye, this problem has been fixed in version
2.32.2-1+deb11u1.

We recommend that you upgrade your php-nesbot-carbon packages.

For the detailed security status of php-nesbot-carbon please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/php-nesbot-carbon

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAme9rSMACgkQiNJCh6LY
mLGphw//REIUJLOXMB1W8zlwI/EPYLNpOY6HdAAO7ylQFoP9s2PB22AnJRUXGWYS
Ii6IYfLk4g7Ky3U4LZ7xpEm96QuF6NUQ9jkdeIngp21/qcW5EzuTJVk03tSJfG/h
dssHv0YgK06xDc+cQyU5jlgMf/vTLpIx/mDlQKgDsAjCg4C5JktUREJr38Ix961D
e0xuEvxA3Wo6pU/2pk179hjsm6MRGKes5eNwwBTDd844ocUgQb//GGtpioz33+0y
9xUah3PiJg97AHizDCjNBcSYFxL1YiZPKqFx+1RJoz3PmhXH/6Aq8ilPrqncMel/
ZWV9AJ6OfHGRsCbgUzZxcADcN1AeuQnoSVnK4O40GQGA6ic22KtbCX1Dwfn1Jjx0
L2fnH1d42OcFTfw5hrdhDD9D9W7quM6af+ji0k/bIeOMj8qHWmUA+nzCdU6ugXa3
aPcRWjI1rGmaPsth38/rfals0LUyELAdZ5ao0wyRWEtN6e6f5ILUSMwcBb9zBriC
hyBNgADr4lIL/v7iFPucObcw4chOGq8lrsxFysVDVezRHCGAp4B4lq4QcRUkS/ZS
61qowX12bPEe9xVVqmNm/zu4rLAHBecMnPOsRWbmPcxbz4cYbwyYChLzTMvmV+JW
C/t/g7RB3eT3cKflFCr/3LGWxtujwRu+kqB5od+/mJU2SIz92PQ=
=4Kbf
-----END PGP SIGNATURE-----