#1136642 trixie-pu: package composer/2.8.8-1+deb13u3

#1136642#5
Date:
2026-05-14 09:39:36 UTC
From:
To:
Hi,

As agreed with the security team, I’d like to address a GitHub token
leak [CVE-2026-45793] via p-u. The change is just a regex match on code
that may not be used outside of GitHub infrastructure, and the testsuite
is updated to check for it.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

Cheers,

taffit

#1136642#12
Date:
2026-05-22 21:34:37 UTC
From:
To:
Hi,

Please go ahead.

Thanks,

#1136642#19
Date:
2026-05-24 16:06:26 UTC
From:
To:
package release.debian.org
tags 1136642 = trixie pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian trixie.

Thanks for your contribution!

Upload details
==============

Package: composer
Version: 2.8.8-1+deb13u3

Explanation: fix support for new GitHub token format [-2026-45793]

#1136642#24
Date:
2026-05-24 16:06:26 UTC
From:
To:
package release.debian.org
tags 1136642 = trixie pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian trixie.

Thanks for your contribution!

Upload details
==============

Package: composer
Version: 2.8.8-1+deb13u3

Explanation: fix support for new GitHub token format [-2026-45793]