-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 15 Apr 2026 10:50:08 +0200 Source: composer Binary: composer Architecture: all Version: 2.8.8-1+deb13u2 Distribution: trixie Urgency: medium Maintainer: all Build Daemon (x86-grnet-02) Changed-By: David Prévot Description: composer - dependency manager for PHP Changes: composer (2.8.8-1+deb13u2) trixie; urgency=medium . * Fix command injection via malicious Perforce repository definition [CVE-2026-40261] * Fix command injection via malicious Perforce source reference/url [CVE-2026-40176] Checksums-Sha1: 191723ee9f1394d3bad471c6a68621c88eaca616 10014 composer_2.8.8-1+deb13u2_all-buildd.buildinfo 8e94fafcc1f4a5237e19f02e1546d7eb6e1851c4 533768 composer_2.8.8-1+deb13u2_all.deb Checksums-Sha256: d49f143e58328b9e0d09c96dcc61398c0ccc6463d7db6f0e606b31da391f5ab8 10014 composer_2.8.8-1+deb13u2_all-buildd.buildinfo 3f5825ec454e84ef2f359725678352f8dbec5b97fa6077004c63c18c35aa4bb1 533768 composer_2.8.8-1+deb13u2_all.deb Files: 4006a69e24dccee724a9bd5106480b54 10014 php optional composer_2.8.8-1+deb13u2_all-buildd.buildinfo c3aa5ed797b26bfc01fc376db97851e5 533768 php optional composer_2.8.8-1+deb13u2_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE81O8NL+3kjBAqEvLmgPNRvTf/zcFAmn4a6wACgkQmgPNRvTf /zd7tA/+LGhSAYyCfNpfMJOCXFPfSjVKit5TJb4EfBklNbd/Xa+347jzsPHy9Dw7 yQgMXlNISbdMyuwhHcifpZ/WcIKlFGy/se199vVnXeLsB/Op1WFy/ElejB7Zh1qf 8rt303KayVo6q4d5giFHziFGMsznTwgXLaiCM7RrLUgmEdifn9fYJH/Hf8jyW0i9 OnNAaLqi1nAHbttOBjqxEN9Ik5YEf26n5rtmN3why7Iz2k/3uSNrSbXP2wUDJSMN oZ0si6kRjec2Wk1OAgxvUOwNxwmdwqEdOOCKZo41d8jNuIBuBdQmEg2h+fVCrlEn u5bA4QMNqqJDAhjZPqm+i0dt15MhkTAU2RsOm6J7wM4H1EQijMMeV1NPU62NHe0H UWcsIoUvRNRLU6bF20X8eH7RVXiSclj1Ng3U6YoSbpMeUhlyvkFXLqC+zoNjD0hY D3tPdIdJqhBrdRMPfTXvLmN/G6Of+nm/0xPlXKjFZnAqUMgxCZKtV9luxN9KXpQd zxFF9wYZWPdSBtiWxgftVlOfiOcJsr1J2fbtmHnlmpDC890Fu50KAg39zU+Qlf2s tQToBu3KyfSzPrYicpF8AvrGgt04v+PxMkL3noLvuO3FE4JEHnyop5UoDY1UQmoo eoZL9RboyoBOcNbBrfo9Un5+neQNOtxRw9f34vNhYphYVf6xkok= =KJqa -----END PGP SIGNATURE-----