[Git][security-tracker-team/security-tracker][master] "new" phpseclib issue

Moritz Muehlenhoff (@jmm) jmm at debian.org
Fri Jun 28 12:41:32 BST 2024 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1588116e by Moritz Muehlenhoff at 2024-06-28T13:40:55+02:00
"new" phpseclib issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -101,7 +101,16 @@ CVE-2024-22272 (VMware Cloud Director contains an Improper Privilege Management
 CVE-2024-22260 (VMware Workspace One UEM update addresses an information exposure vuln ...)
 	NOT-FOR-US: VMware
 CVE-2023-52892 (In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33,  ...)
-	TODO: check
+	- phpseclib 1.0.22-1
+	[bookworm] - phpseclib <no-dsa> (Minor issue; can be fixed via pu)
+	[bullseye] - phpseclib <no-dsa> (Minor issue; can be fixed via pu)
+	- php-phpseclib 2.0.46-1
+	[bookworm] - php-phpseclib <no-dsa> (Minor issue; can be fixed via pu)
+	[bullseye] - php-phpseclib <no-dsa> (Minor issue; can be fixed via pu)
+	- php-phpseclib3 3.0.33-1
+	[bookworm] - php-phpseclib3 <no-dsa> (Minor issue; can be fixed via pu)
+	NOTE: https://github.com/phpseclib/phpseclib/commit/6cd6e8ceab9f2b55c8cd81d2192bf98cbeaf4627
+	NOTE: https://github.com/phpseclib/phpseclib/issues/1943
 CVE-2023-47803 (A vulnerability regarding improper limitation of a pathname to a restr ...)
 	NOT-FOR-US: Synology
 CVE-2023-47802 (A vulnerability regarding improper neutralization of special elements  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1588116e0759091023a2b28063d2230db4838b8e

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/1588116e0759091023a2b28063d2230db4838b8e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240628/79cb7c92/attachment.htm>

More information about the debian-security-tracker-commits mailing list