| Description: | The php-pear package contains the PHP Extension and Application Repository (PEAR), a framework and distribution system for reusable PHP components.
Security Fix(es):
Archive_Tar: allows an unserialization attack because phar: is blocked but PHAR: is not blocked (CVE-2020-28948)
Archive_Tar: improper filename sanitization leads to file overwrites (CVE-2020-28949)
Archive_Tar: directory traversal due to inadequate checking of symbolic links (CVE-2020-36193)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
|