[pkg-php-pear] Bug#1032371: closed by David Prévot <david at tilapin.org> (Re: Bug#1032371: php-phpseclib3: CVE-2023-27560)
Salvatore Bonaccorso
carnil at debian.org
Mon Mar 6 15:52:50 GMT 2023
Hi David,
> Hi Salvatore,
>
> Le 05/03/2023 à 11:04, Salvatore Bonaccorso a écrit :
> > Source: php-phpseclib3
> > Version: 3.0.18-1
> […]
> > The following vulnerability was published for php-phpseclib3.
>
> Thanks, fixed in 3.0.19-1 (but I forgot the Closes: entry :/).
>
> > The official CVE description is right now a bit confusing for me, I'm
> > assuming the issue is only introduced with [2] wich is in 3.0.0. Is
> > this correct?
>
> That’s indeed my understanding, meaning there is nothing to fix in stable.
> There is nothing close to this functionality in php-phpseclib (version 2)
> nor php-seclib (version 1).
Thanks for confirming! In meanwhile someone has as well requested the
CVE description to be updated and in fact now correctly mentions 3.x
only.
Regards,
Salvatore
More information about the pkg-php-pear
mailing list