[Git][security-tracker-team/security-tracker][master] 2 commits: Reserve DLA-3197-1 for phpseclib

Thu Nov 17 15:27:00 GMT 2022


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
eced38e6 by Sylvain Beucler at 2022-11-17T16:25:17+01:00
Reserve DLA-3197-1 for phpseclib

- - - - -
831e22fc by Sylvain Beucler at 2022-11-17T16:26:29+01:00
Reserve DLA-3198-1 for php-phpseclib

- - - - -


2 changed files:

- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/DLA/list
=====================================
@@ -1,3 +1,9 @@
+[17 Nov 2022] DLA-3198-1 php-phpseclib - security update
+	{CVE-2021-30130}
+	[buster] - php-phpseclib 2.0.30-2~deb10u1
+[17 Nov 2022] DLA-3197-1 phpseclib - security update
+	{CVE-2021-30130}
+	[buster] - phpseclib 1.0.19-3~deb10u1
 [17 Nov 2022] DLA-3196-1 thunderbird - security update
 	{CVE-2022-45403 CVE-2022-45404 CVE-2022-45405 CVE-2022-45406 CVE-2022-45408 CVE-2022-45409 CVE-2022-45410 CVE-2022-45411 CVE-2022-45412 CVE-2022-45416 CVE-2022-45418 CVE-2022-45420 CVE-2022-45421}
 	[buster] - thunderbird 1:102.5.0-1~deb10u1


=====================================
data/dla-needed.txt
=====================================
@@ -250,22 +250,10 @@ php-cas
   NOTE: 20221107: consider fixing all 3 packages; also check situation in ELTS for reference (Beuc/front-desk)
   NOTE: 20221110: upcoming DSA (Beuc/front-desk)
 --
-php-phpseclib (Sylvain Beucler)
-  NOTE: 20220909: Programming language: PHP.
-  NOTE: 20220909: Note the discussion whether 2.0 is in fact affected by the CVE or not. It looks like it is affected by a small part of it that is best to fix.. (ola)
-  NOTE: 20221104: Attempted to clarify vulnerability status (cf. 02cd83d1d917dc5964440185226aa11e40058546) (Beuc)
-  NOTE: 20221108: buster is missing testsuite in both phpseclib packages, contacted maintainer to decide whether to backport testsuite or just bump version (Beuc)
---
 php7.3 (Emilio)
   NOTE: 20221031: Programming language: C.
   NOTE: 20221031: CVE-2022-37454 is what is of most concern.
 --
-phpseclib (Sylvain Beucler)
-  NOTE: 20220909: Programming language: PHP.
-  NOTE: 20220909: Note the discussion whether 1.0 is in fact affected by the CVE or not. It looks like it is affected by a small part of it that is best to fix.. (ola)
-  NOTE: 20221104: Attempted to clarify vulnerability status (cf. 02cd83d1d917dc5964440185226aa11e40058546) (Beuc)
-  NOTE: 20221108: buster is missing testsuite in both phpseclib packages, contacted maintainer to decide whether to backport testsuite or just bump version (Beuc)
---
 pluxml
   NOTE: 20220913: Programming language: PHP.
   NOTE: 20220913: Special attention: orphaned package.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6dd286d5103bcf709d01a5268aaa8847848251ee...831e22fc63b46ae8b81fcd5362327ccd4ae6eaa8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6dd286d5103bcf709d01a5268aaa8847848251ee...831e22fc63b46ae8b81fcd5362327ccd4ae6eaa8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221117/f97bad96/attachment-0001.htm>
