Your message dated Sun, 03 Dec 2023 17:02:09 +0000
with message-id <[email protected]>
and subject line Bug#1057008: fixed in php-phpseclib3 3.0.19-1+deb12u1
has caused the Debian Bug report #1057008,
regarding php-phpseclib3: CVE-2023-49316
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1057008: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057008
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: php-phpseclib3
Version: 3.0.33-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for php-phpseclib3.
CVE-2023-49316[0]:
| In Math/BinaryField.php in phpseclib before 3.0.34, excessively
| large degrees can lead to a denial of service.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-49316
https://www.cve.org/CVERecord?id=CVE-2023-49316
[1]
https://github.com/phpseclib/phpseclib/commit/964d78101a70305df33f442f5490f0adb3b7e77f
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: php-phpseclib3
Source-Version: 3.0.19-1+deb12u1
Done: David Prévot <[email protected]>
We believe that the bug you reported is fixed in the latest version of
php-phpseclib3, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
David Prévot <[email protected]> (supplier of updated php-phpseclib3 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 28 Nov 2023 08:33:28 +0100
Source: php-phpseclib3
Architecture: source
Version: 3.0.19-1+deb12u1
Distribution: bookworm
Urgency: medium
Maintainer: Debian PHP PEAR Maintainers <[email protected]>
Changed-By: David Prévot <[email protected]>
Closes: 1057008
Changes:
php-phpseclib3 (3.0.19-1+deb12u1) bookworm; urgency=medium
.
* Track bookworm
* Math/BinaryField: fix for excessively large degrees [CVE-2023-49316]
(Closes: #1057008)
Checksums-Sha1:
e5de8c06a4d74e07cad6907aff62944ce4230ed8 1904
php-phpseclib3_3.0.19-1+deb12u1.dsc
e1107a74139f5aba741d6a0888efab6a8d5acef9 13720
php-phpseclib3_3.0.19-1+deb12u1.debian.tar.xz
f034b6715a41715de3422b2ae0b789dfa569f5a7 7685
php-phpseclib3_3.0.19-1+deb12u1_amd64.buildinfo
Checksums-Sha256:
8d75a40a743a8b3f3f13e87932a4b7521b5f81939f5c3af2251e32716e775b4a 1904
php-phpseclib3_3.0.19-1+deb12u1.dsc
8ae9c1591e792126b522000aaefaddf1c253f1b09b8420f7680b71a87429ec8a 13720
php-phpseclib3_3.0.19-1+deb12u1.debian.tar.xz
3d12662f8d09fda608fe14a13e9d6ff2663f105e1c6bd070ea4bf0f156ad1994 7685
php-phpseclib3_3.0.19-1+deb12u1_amd64.buildinfo
Files:
239c1679ba14707c3fe65317aadb6a47 1904 php optional
php-phpseclib3_3.0.19-1+deb12u1.dsc
572d18e997d2f7a9fd52fcc2f7f99576 13720 php optional
php-phpseclib3_3.0.19-1+deb12u1.debian.tar.xz
a5f0517e9f5931f8dcc6e86a393ab372 7685 php optional
php-phpseclib3_3.0.19-1+deb12u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQFGBAEBCAAwFiEEeHVNB7wJXHRI941mBYwc+UT2vTwFAmVsZDISHHRhZmZpdEBk
ZWJpYW4ub3JnAAoJEAWMHPlE9r08qlwH/2LliSQdOKwSQ+CNHqJXphS3Y9ee2rQc
WhoWZJI9+/sFmQDh8myXo7gqyfNtYoce30Z9Vm45yS3KmfeSzdw2UjoLrMZjBmo5
E1uCAwax1f/mHUN2xiwBSGqgA83xy7GY2NloHOIkG3dfjgmdR1Yx+03/Dnf8hsI5
McCVM1Tblixn+cOd1orLkThAY3ly9rybZEaYp6APspF5d7xqm3Y96d/vfJIL49/s
kMSq9rjL32YIPst3TuOfJu971S9tfnmUL7fBVTFmVAwN+G4wk5qP4a4ej+u0msFv
vNdyfyh9cPw+WO1UHRGzi3VP62XVAnUnKZP61mlz75ABSRLj/rRlXrk=
=uCKS
-----END PGP SIGNATURE-----
--- End Message ---
