[pkg-php-pear] Bug#1057038: bookworm-pu: package php-phpseclib3/3.0.19-1+deb12u1
David Prévot
taffit at debian.org
Tue Nov 28 13:08:36 GMT 2023
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian.org at packages.debian.org
Usertags: pu
X-Debbugs-Cc: php-phpseclib3 at packages.debian.org, team at security.debian.org
Control: affects -1 + src:php-phpseclib3
Hi,
Please allow to fix CVE-2023-49316 (#1057008) in the next point release.
I assume from the bug report wording that it isn’t worth a DSA (security
team X-Debbugs-Cced in case I misunderstood).
The changelog refers to a trivial change (gbp.conf and control) for the
build process, and the three line upstream patch (+comments +test) to
fix the issue.
* Track bookworm
* Math/BinaryField: fix for excessively large degrees [CVE-2023-49316]
(Closes: #1057008)
It passes its (updated) testsuite, but I didn’t have time to test this
update thoroughly.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
Thanks in advance for your consideration.
Regards,
taffit
-------------- next part --------------
A non-text attachment was scrubbed...
Name: php-phpseclib3.diff
Type: text/x-diff
Size: 5392 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-php-pear/attachments/20231128/ac8be12a/attachment.diff>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-php-pear/attachments/20231128/ac8be12a/attachment.sig>
More information about the pkg-php-pear
mailing list