Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/php-pear@1:1.10.12%2Bsubmodules%2Bnotgz%2B20210212-1
purl pkg:deb/debian/php-pear@1:1.10.12%2Bsubmodules%2Bnotgz%2B20210212-1
Next non-vulnerable version 1:1.10.13+submodules+notgz+2022032202-2
Latest non-vulnerable version 1:1.10.13+submodules+notgz+2022032202-2
Risk 4.0
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-tk1v-t2e5-jqae
Aliases:
CVE-2021-32610
GHSA-p8q8-jfcv-g2h2
Improper Link Resolution Before File Access In Archive_Tar, symlinks can refer to targets outside of the extracted archive.
1:1.10.13+submodules+notgz+2022032202-2
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (3)
Vulnerability Summary Aliases
VCID-gbz5-5frj-hber Multiple vulnerabilities through filename manipulation in Archive_Tar Archive_Tar through 1.4.10 has `://` filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as `file://` to overwrite files) can still succeed. See: https://github.com/pear/Archive_Tar/issues/33 CVE-2020-28949
GHSA-75c5-f4gw-38r9
VCID-kc7d-5k6x-77bp Directory Traversal in Archive_Tar Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related issue to CVE-2020-28948. ### :exclamation: Note: There was an [initial fix](https://github.com/pear/Archive_Tar/commit/cde460582ff389404b5b3ccb59374e9b389de916) for this vulnerability made in version `1.4.12`. That fix introduced a bug which was [fixed in 1.4.13](https://github.com/pear/Archive_Tar/pull/36). Therefore we have set the first-patched-version to `1.4.13` which the earliest working version that avoids this vulnerability. CVE-2020-36193
GHSA-rpw6-9xfx-jvcx
VCID-v9v6-ae3e-g3hk Deserialization of Untrusted Data in Archive_Tar Archive_Tar through 1.4.10 allows an unserialization attack because `phar:` is blocked but `PHAR:` is not blocked. See: https://github.com/pear/Archive_Tar/issues/33 CVE-2020-28948
GHSA-jh5x-hfhg-78jq

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T09:50:25.199194+00:00 Debian Importer Affected by VCID-tk1v-t2e5-jqae https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T00:52:27.314281+00:00 Debian Oval Importer Fixing VCID-gbz5-5frj-hber https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-16T00:18:04.850222+00:00 Debian Oval Importer Fixing VCID-v9v6-ae3e-g3hk https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T15:17:56.473511+00:00 Debian Oval Importer Fixing VCID-kc7d-5k6x-77bp https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-13T06:34:38.653682+00:00 Debian Importer Affected by VCID-tk1v-t2e5-jqae https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-12T00:24:52.442835+00:00 Debian Oval Importer Fixing VCID-gbz5-5frj-hber https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T23:51:43.611672+00:00 Debian Oval Importer Fixing VCID-v9v6-ae3e-g3hk https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T15:06:14.269462+00:00 Debian Oval Importer Fixing VCID-kc7d-5k6x-77bp https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-08T23:55:28.879275+00:00 Debian Oval Importer Fixing VCID-gbz5-5frj-hber https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T23:23:43.255564+00:00 Debian Oval Importer Fixing VCID-v9v6-ae3e-g3hk https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T18:22:18.058908+00:00 Debian Importer Affected by VCID-tk1v-t2e5-jqae https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-08T15:01:37.659744+00:00 Debian Oval Importer Fixing VCID-kc7d-5k6x-77bp https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0