[Git][security-tracker-team/security-tracker][master] Add new phpseclib issue

Wed Apr 29 06:25:56 BST 2026


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5cd59452 by Salvatore Bonaccorso at 2026-04-29T07:25:25+02:00
Add new phpseclib issue

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -269260,6 +269260,12 @@ CVE-2024-27354 (An issue was discovered in phpseclib 1.x before 1.0.23, 2.x befo
 	- php-phpseclib3 3.0.36-1
 	[bookworm] - php-phpseclib3 3.0.19-1+deb12u3
 	NOTE: https://github.com/phpseclib/phpseclib/commit/ad5dbdf2129f5e0fb644637770b7f33de8ca8575
+CVE-2026-XXXX [Bypass of CVE-2024-27355 mitigations]
+	- phpseclib 1.0.29-1
+	- php-phpseclib 2.0.54-1
+	- php-phpseclib3 3.0.52-1
+	NOTE: https://github.com/phpseclib/phpseclib/security/advisories/GHSA-3qpq-r242-jqj7
+	NOTE: Fixed by: https://github.com/phpseclib/phpseclib/commit/d53d2021bcb9f6a04d5d44ec99e6bbef219a71bc (3.0.52, 2.0.54, 1.0.29)
 CVE-2024-27355 (An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0 ...)
 	{DLA-3750-1 DLA-3749-1}
 	- phpseclib 1.0.23-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5cd59452b4c734342a605d7155ace6aa32677cf4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5cd59452b4c734342a605d7155ace6aa32677cf4
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260429/9d38d368/attachment-0001.htm>
