Your message dated Tue, 28 Nov 2023 07:36:44 +0000
with message-id <[email protected]>
and subject line Bug#1057008: fixed in php-phpseclib3 3.0.34-1
has caused the Debian Bug report #1057008,
regarding php-phpseclib3: CVE-2023-49316
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1057008: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057008
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: php-phpseclib3
Version: 3.0.33-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for php-phpseclib3.
CVE-2023-49316[0]:
| In Math/BinaryField.php in phpseclib before 3.0.34, excessively
| large degrees can lead to a denial of service.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-49316
https://www.cve.org/CVERecord?id=CVE-2023-49316
[1]
https://github.com/phpseclib/phpseclib/commit/964d78101a70305df33f442f5490f0adb3b7e77f
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: php-phpseclib3
Source-Version: 3.0.34-1
Done: David Prévot <[email protected]>
We believe that the bug you reported is fixed in the latest version of
php-phpseclib3, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
David Prévot <[email protected]> (supplier of updated php-phpseclib3 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 28 Nov 2023 08:03:06 +0100
Source: php-phpseclib3
Architecture: source
Version: 3.0.34-1
Distribution: unstable
Urgency: medium
Maintainer: Debian PHP PEAR Maintainers <[email protected]>
Changed-By: David Prévot <[email protected]>
Closes: 1057008
Changes:
php-phpseclib3 (3.0.34-1) unstable; urgency=medium
.
[ terrafrost ]
* Math/BinaryField: fix for excessively large degrees
[CVE-2023-49316] (Closes: #1057008)
* PrimeField: fix error with squareRoot method
* EC/Signature/Format: add new IEEE format
* SSH2: don't use AES GCM for TurboFTP Server
* PKCS8: RC2 encrypted keys didn't work
* PKCS8: PBES2 / DES encrypted keys didn't work
* SSH2: add support for RFC8308
* SSH2: reset more internal variables when connection is reset
* BigInteger/Engines/PHP: Windows JIT impl issue has been resolved
* CHANGELOG: add 3.0.34 release
Checksums-Sha1:
ad99bd2e2dde69324ba6d6a52cd54e2a5b75b49c 1882 php-phpseclib3_3.0.34-1.dsc
584b59e9a630c4af95fe0070c537a0f7cefd4443 412716
php-phpseclib3_3.0.34.orig.tar.xz
f38e97d73c0b9e3c500e5c8f7bc0e889e712b31e 13264
php-phpseclib3_3.0.34-1.debian.tar.xz
ffb2409b9bb662eb5635c403b2e5676382d1c3dc 7631
php-phpseclib3_3.0.34-1_amd64.buildinfo
Checksums-Sha256:
22197f81b3a3b6a9fded4476d2960133c16a679cd7f2c832c8fc2ab73afacf35 1882
php-phpseclib3_3.0.34-1.dsc
5e10e65ba560107d41f351f8643f6ca3be266566a836ca1932f42afcb7abcb41 412716
php-phpseclib3_3.0.34.orig.tar.xz
9cc693cf8fb2c7ade217f4b6c7ffc8c7fce68758d3f46d2efac6064c3c85c324 13264
php-phpseclib3_3.0.34-1.debian.tar.xz
7fb8810b4fa29e11987278f58c3ea986f0d11c57687acb624e08fe65830c3ef3 7631
php-phpseclib3_3.0.34-1_amd64.buildinfo
Files:
2635224de7f4979f964064bdac275bf1 1882 php optional php-phpseclib3_3.0.34-1.dsc
744ab968dff3284f81fa3e592992f112 412716 php optional
php-phpseclib3_3.0.34.orig.tar.xz
a3b498f5e9db6495de7e0a377ce01e3c 13264 php optional
php-phpseclib3_3.0.34-1.debian.tar.xz
2d6bfc06e536676955719cff1bb62ad2 7631 php optional
php-phpseclib3_3.0.34-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQFGBAEBCAAwFiEEeHVNB7wJXHRI941mBYwc+UT2vTwFAmVllhcSHHRhZmZpdEBk
ZWJpYW4ub3JnAAoJEAWMHPlE9r081ygIAJ5aEl0nYB7OrTCWldrVPxJ1HJuZvkEC
OVsjRWSgeebykCgnj+b4H2dZxM2/EbxDVArMMofbybyZM9r7PKEwS+y619veSmVL
cP/Rywf1jK3j+qblaEpxSHk20hQ1VpmdXTjltiWeMgCaAr08isKwFg1iN8D46B3Y
Iw5C7SbkQqtItgxaeCvpDLvbLTW1oGzeS/QElULA8Fe1glAfw40IrRE+Ljcyy8Qe
QCEXZsHG/UKtpiSYeWWYkXy+ycyWJEtpEn+U+2ug6lB6mfnQtk8Mhj8CbmaIFKjL
i0x1JYxFw0oAYD6whSNqUwfoe+o5R60pecEGkUsrygNkAb3T/xK9+SQ=
=TJRU
-----END PGP SIGNATURE-----
--- End Message ---
