[Git][security-tracker-team/security-tracker][master] Add phpseclib tracking for CVE-2023-48795

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1dd37d4c by Salvatore Bonaccorso at 2023-12-30T11:17:04+01:00
Add phpseclib tracking for CVE-2023-48795

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2076,6 +2076,9 @@ CVE-2023-48795 (The SSH transport protocol with certain OpenSSH extensions, foun
 	[buster] - libssh2 <not-affected> (ChaCha20-Poly1305 and CBC-EtM support not present)
 	- openssh 1:9.6p1-1
 	- paramiko <unfixed> (bug #1059006)
+	- phpseclib 1.0.22-1
+	- php-phpseclib 2.0.46-1
+	- php-phpseclib3 3.0.35-1
 	- proftpd-dfsg 1.3.8.b+dfsg-1 (bug #1059144)
 	[bookworm] - proftpd-dfsg <no-dsa> (Minor issue)
 	[bullseye] - proftpd-dfsg <no-dsa> (Minor issue)
@@ -2110,6 +2113,8 @@ CVE-2023-48795 (The SSH transport protocol with certain OpenSSH extensions, foun
 	NOTE: OpenSSH: https://www.openwall.com/lists/oss-security/2023/12/18/2
 	NOTE: OpenSSH (strict key exchange): https://github.com/openssh/openssh-portable/commit/1edb00c58f8a6875fad6a497aa2bacf37f9e6cd5 (V_9_6_P1)
 	NOTE: paramiko: https://github.com/paramiko/paramiko/issues/2337
+	NOTE: phpseclib: https://github.com/phpseclib/phpseclib/issues/1972
+	NOTE: phpseclib: https://github.com/phpseclib/phpseclib/commit/c8e3ab9317abae80d7f58fd9acd9214b57572b32 (1.0.22, 2.0.46, 3.0.35)
 	NOTE: proftpd: https://github.com/proftpd/proftpd/issues/1760
 	NOTE: proftpd: https://github.com/proftpd/proftpd/commit/7fba68ebb3ded3047a35aa639e115eba7d585682 (v1.3.9rc2)
 	NOTE: proftpd: https://github.com/proftpd/proftpd/commit/bcec15efe6c53dac40420731013f1cd2fd54123b (v1.3.8b)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1dd37d4c8a36752d89b1c7abf2291986214644e5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1dd37d4c8a36752d89b1c7abf2291986214644e5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231230/2f3f5ff8/attachment.htm>