Search for packages
| purl | pkg:deb/debian/php-pear@1:1.10.9%2Bsubmodules%2Bnotgz-1.1?distro=trixie |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-gbz5-5frj-hber | Multiple vulnerabilities through filename manipulation in Archive_Tar Archive_Tar through 1.4.10 has `://` filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as `file://` to overwrite files) can still succeed. See: https://github.com/pear/Archive_Tar/issues/33 |
CVE-2020-28949
GHSA-75c5-f4gw-38r9 |
| VCID-v9v6-ae3e-g3hk | Deserialization of Untrusted Data in Archive_Tar Archive_Tar through 1.4.10 allows an unserialization attack because `phar:` is blocked but `PHAR:` is not blocked. See: https://github.com/pear/Archive_Tar/issues/33 |
CVE-2020-28948
GHSA-jh5x-hfhg-78jq |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-16T11:13:39.000769+00:00 | Debian Importer | Fixing | VCID-gbz5-5frj-hber | https://security-tracker.debian.org/tracker/data/json | 38.4.0 |
| 2026-04-16T08:56:25.787569+00:00 | Debian Importer | Fixing | VCID-v9v6-ae3e-g3hk | https://security-tracker.debian.org/tracker/data/json | 38.4.0 |
| 2026-04-13T07:38:04.010803+00:00 | Debian Importer | Fixing | VCID-gbz5-5frj-hber | https://security-tracker.debian.org/tracker/data/json | 38.3.0 |
| 2026-04-11T17:59:57.741862+00:00 | Debian Importer | Fixing | VCID-v9v6-ae3e-g3hk | https://security-tracker.debian.org/tracker/data/json | 38.3.0 |
| 2026-04-03T07:49:40.183497+00:00 | Debian Importer | Fixing | VCID-gbz5-5frj-hber | https://security-tracker.debian.org/tracker/data/json | 38.1.0 |
| 2026-04-03T07:49:40.142885+00:00 | Debian Importer | Fixing | VCID-v9v6-ae3e-g3hk | https://security-tracker.debian.org/tracker/data/json | 38.1.0 |