[Git][security-tracker-team/security-tracker][master] Add CVE-2023-49316/php-phpseclib3

Mon Nov 27 20:50:27 GMT 2023


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
14073db3 by Salvatore Bonaccorso at 2023-11-27T21:49:42+01:00
Add CVE-2023-49316/php-phpseclib3

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -60,7 +60,9 @@ CVE-2023-4297 (The Mmm Simple File List WordPress plugin through 2.3 does not va
 CVE-2023-4252 (The EventPrime WordPress plugin through 3.2.9 specifies the price of a ...)
 	TODO: check
 CVE-2023-49316 (In Math/BinaryField.php in phpseclib before 3.0.34, excessively large  ...)
-	TODO: check
+	- php-phpseclib3 <unfixed>
+	NOTE: Fixed by: https://github.com/phpseclib/phpseclib/commit/964d78101a70305df33f442f5490f0adb3b7e77f (3.0.34)
+	TODO: check if affecting ldap-account-manager or unused path
 CVE-2023-49047 (Tenda AX1803 v1.0.0.1 contains a stack overflow via the devName parame ...)
 	NOT-FOR-US: Tenda
 CVE-2023-49046 (Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/14073db3047bd5548656c1d82eace80aa5a1d969

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/14073db3047bd5548656c1d82eace80aa5a1d969
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20231127/72531d6a/attachment.htm>
