Discussion:
Bug#1065266: bullseye-pu: package php-phpseclib/2.0.30-2+deb11u2
Add Reply
David Prévot
2024-03-02 10:30:01 UTC
Reply
Permalink
Package: release.debian.org
Severity: normal
Tags: bullseye
X-Debbugs-Cc: php-***@packages.debian.org, ***@security.debian.org
Control: affects -1 + src:php-phpseclib
User: ***@packages.debian.org
Usertags: pu

Hi,

This issue is similar to #1065263 for bookworm

I’d like to see CVE-2024-27354 and CVE-2024-27355 addressed in the next
point release. We agreed with the security team that these issues are
not worth a DSA.

[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in oldstable
[x] the issue is verified as fixed in unstable

TIA for considering.

Cheers,

taffit
Debian Bug Tracking System
2024-03-02 10:30:01 UTC
Reply
Permalink
Post by David Prévot
affects -1 + src:php-phpseclib
Bug #1065266 [release.debian.org] bullseye-pu: package php-phpseclib/2.0.30-2+deb11u2
Added indication that 1065266 affects src:php-phpseclib
--
1065266: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065266
Debian Bug Tracking System
Contact ***@bugs.debian.org with problems
David Prévot
2024-03-02 10:40:02 UTC
Reply
Permalink
Le Sat, Mar 02, 2024 at 11:22:22AM +0100, David Prévot a écrit :
[
]
Post by David Prévot
[x] attach debdiff against the package in oldstable
Second try.
Jonathan Wiltshire
2024-04-22 21:10:02 UTC
Reply
Permalink
Control: tag -1 confirmed

Please go ahead.

Thanks,
--
Jonathan Wiltshire ***@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1
Debian Bug Tracking System
2024-04-22 21:10:02 UTC
Reply
Permalink
tag -1 confirmed
Bug #1065266 [release.debian.org] bullseye-pu: package php-phpseclib/2.0.30-2+deb11u2
Added tag(s) confirmed.
--
1065266: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065266
Debian Bug Tracking System
Contact ***@bugs.debian.org with problems
Jonathan Wiltshire
2024-04-23 22:10:01 UTC
Reply
Permalink
package release.debian.org
tags 1065266 = bullseye pending
thanks

Hi,

The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bullseye.

Thanks for your contribution!

Upload details
==============

Package: php-phpseclib
Version: 2.0.30-2+deb11u2

Explanation: force system dependency loading; guard isPrime() and randomPrime() for BigInteger [CVE-2024-27354]; limit OID length in ASN1 [CVE-2024-27355]; fix BigInteger getLength()
Loading...