[Git][security-tracker-team/security-tracker][master] CVE-2021-30130/phpseclib: precise affected versions
Sylvain Beucler (@beuc)
beuc at debian.org
Mon May 17 20:10:41 BST 2021
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d33a4d2b by Sylvain Beucler at 2021-05-17T21:09:45+02:00
CVE-2021-30130/phpseclib: precise affected versions
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -6736,7 +6736,9 @@ CVE-2021-30130 (phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS
- phpseclib 1.0.19-3
- php-phpseclib 2.0.30-2
- php-phpseclib3 3.0.7-1
- NOTE: https://github.com/phpseclib/phpseclib/pull/1635
+ NOTE: https://github.com/phpseclib/phpseclib/pull/1635#issuecomment-826994890
+ NOTE: Introduced by: https://github.com/phpseclib/phpseclib/commit/cc32cd2e95b18a0c0118bbf1928327675c9e64a9 (v3.0 / RSA::SIGNATURE_RELAXED_PKCS1)
+ NOTE: According to upstream, 1.x and 2.x are not vulnerable, the fix on these branches only backports more exhaustive PKCS#1 v1.5 support (functional change)
CVE-2021-30129
RESERVED
CVE-2021-30128 (Apache OFBiz has unsafe deserialization prior to 17.12.07 version ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d33a4d2b2d340c217ce6aedc52541ec68eff56a4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d33a4d2b2d340c217ce6aedc52541ec68eff56a4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210517/d38164a9/attachment.htm>
More information about the debian-security-tracker-commits
mailing list