[pkg-php-pear] Bug#1134372: trixie-pu: package php-phpseclib3/3.0.43-2+deb13u2
David Prévot
taffit at debian.org
Sun Apr 19 11:39:04 BST 2026
Package: release.debian.org
Severity: normal
Tags: trixie
X-Debbugs-Cc: php-phpseclib3 at packages.debian.org, team at security.debian.org
Control: affects -1 + src:php-phpseclib3
User: release.debian.org at packages.debian.org
Usertags: pu
[ This is the first of six similar bug reports, for the php-phpseclib3,
php-phpseclib and phpseclib packages, for both trixie and bookworm. ]
I’d like to get CVE-2026-40194 fixed in an upcoming point release. This
is a variable-time comparison tagged as no-dsa, so I assume the
security-team, X-D-CCed, do not wish to release a DSA for it.
The change is pretty trivial.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
Regards,
taffit
-------------- next part --------------
A non-text attachment was scrubbed...
Name: php-phpseclib3_3.0.43-2+deb13u2.patch
Type: text/x-diff
Size: 3193 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-php-pear/attachments/20260419/572d86c7/attachment-0001.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-php-pear/attachments/20260419/572d86c7/attachment-0001.sig>
More information about the pkg-php-pear
mailing list