[pkg-php-pear] Bug#1065268: bullseye-pu: package phpseclib/1.0.19-3+deb11u2
David Prévot
taffit at debian.org
Sat Mar 2 10:24:44 GMT 2024
Package: release.debian.org
Severity: normal
Tags: bullseye
X-Debbugs-Cc: phpseclib at packages.debian.org, team at security.debian.org
Control: affects -1 + src:phpseclib
User: release.debian.org at packages.debian.org
Usertags: pu
Hi,
This issue is simalar to #1065264 for bookworm
I’d like to see CVE-2024-27354 and CVE-2024-27355 addressed in the next
point release. We agreed with the security team that these issues are
not worth a DSA. This update also fixes an issue in dependency loading
similar to CVE-2024-24821 as fixed in composer/DSA-5632-1.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in oldstable
[x] the issue is verified as fixed in unstable
TIA for considering.
Cheers,
taffit
-------------- next part --------------
A non-text attachment was scrubbed...
Name: phpseclib_1.0.19-3+deb11u2.patch
Type: text/x-diff
Size: 6893 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-php-pear/attachments/20240302/f077b022/attachment-0001.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-php-pear/attachments/20240302/f077b022/attachment-0001.sig>
More information about the pkg-php-pear
mailing list