[Git][security-tracker-team/security-tracker][master] Revert "Marked CVE-2021-30130 for phpseclib and php-phpseclib as not affecterd in buster."
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Tue Sep 6 05:11:18 BST 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
59a03bab by Salvatore Bonaccorso at 2022-09-06T06:07:26+02:00
Revert "Marked CVE-2021-30130 for phpseclib and php-phpseclib as not affecterd in buster."
This reverts commit bd20945d085a7900698474a6185745db59a7d533.
It was fixed as well in the 1.x and 2.x series. The comment that it
affects only the 3.x series seems thus wrong. That said it would be
entirely be possible it does not affect the older versions, so might
just be a different description in the end. For now revert this commit
which is inline with the previous tracking.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -97481,10 +97481,8 @@ CVE-2021-30131
RESERVED
CVE-2021-30130 (phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1. ...)
- phpseclib 1.0.19-3
- [buster] - phpseclib <not-affected> (Only affects 3.x branch)
[stretch] - phpseclib <not-affected> (Only affects 3.x branch)
- php-phpseclib 2.0.30-2
- [buster] - php-phpseclib <not-affected> (Only affects 3.x branch)
[stretch] - php-phpseclib <not-affected> (Only affects 3.x branch)
- php-phpseclib3 3.0.7-1
NOTE: https://github.com/phpseclib/phpseclib/pull/1635#issuecomment-826994890
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/59a03babf1e8e9dd14d6afe7d884ea6e70e528d7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/59a03babf1e8e9dd14d6afe7d884ea6e70e528d7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220906/5b1996b6/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list