{"affected":[{"ecosystem_specific":{"binaries":[{"php8-pear":"1.10.21-150400.9.3.1","php8-pecl":"1.10.21-150400.9.3.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.4","name":"php8-pear","purl":"pkg:rpm/opensuse/php8-pear&distro=openSUSE%20Leap%2015.4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.10.21-150400.9.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for php8-pear fixes the following issues:\n\n- Add php8-pear to SLE15-SP4 (jsc#SLE-24728)\n- Update to 1.10.21\n  - PEAR 1.10.13\n    * unsupported protocol - use --force to continue\n    * Add $this operator to _determineIfPowerpc calls\n- Update to 1.10.20\n  - Archive_Tar 1.4.14\n    * Properly fix symbolic link path traversal (CVE-2021-32610)\n  - Archive_Tar 1.4.13\n    * Relative symlinks failing (out-of path file extraction)\n  - Archive_Tar 1.4.12\n  - Archive_Tar 1.4.11\n  - Archive_Tar 1.4.10\n    * Fix block padding when the file buffer length is a multiple\n      of 512 and smaller than Archive_Tar buffer length\n    * Don't try to copy username/groupname in chroot jail\n\n- provides and obsoletes php7-pear-Archive_Tar, former location\n  of PEAR/Archive/Tar.php\n\n- Update to version 1.10.19\n  - PEAR 1.10.12\n    * adjust dependencies based on new releases\n  - XML_Util 1.4.5\n    * fix Trying to access array offset on value of type int\n\n- Update to version 1.10.18\n- Remove pear-cacheid-array-check.patch (upstreamed)\n- Contents of .filemap are now sorted internally\n\n- Sort contents of .filemap to make build reproducible\n\n- Recommend php7-openssl to allow https sources to be used\n- Modify metadata_dir for system configuration only\n- Add /var/lib/pear directory where xml files are stored\n- Cleanup %files section\n\n- Only use the GPG keys of Chuck Burgess. Extracted from the \n  Release Manager public keys.\n- Add release versions of PEAR modules\n\n- Install metadata files (registry, filemap, channels, ...) in\n  /var/lib/pear/ instead of /usr/share/php7/PEAR/\n\n- Update to version 1.10.17\n","id":"SUSE-SU-2022:3198-2","modified":"2023-02-07T09:12:06Z","published":"2023-02-07T09:12:06Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2022/suse-su-20223198-2/"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-32610"}],"related":["CVE-2021-32610"],"summary":"Security update for php8-pear","upstream":["CVE-2021-32610"]}