Overview

File _patchinfo of Package patchinfo.34329

<patchinfo incident="34329">
  <issue tracker="cve" id="2024-35241"/>
  <issue tracker="cve" id="2024-35242"/>
  <issue tracker="bnc" id="1226181">VUL-0: CVE-2024-35241: php-composer2: code execution installing packages in repository with specially crafted branch names</issue>
  <issue tracker="bnc" id="1226182">VUL-0: CVE-2024-35242: php-composer2: command injection via specially crafted branch names during repository cloning</issue>
  <packager>pgajdos</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for php-composer2</summary>
  <description>This update for php-composer2 fixes the following issues:

- CVE-2024-35241: Fixed code execution when installing packages in repository with specially crafted branch names (bsc#1226181).
- CVE-2024-35242: Fixed command injection via specially crafted branch names during repository cloning (bsc#1226182).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places