Source: php-crypt-gpg
Version: 1.6.6-1
Severity: important
Tags: security upstream
Control: found -1 1.6.4-2
Control: found -1 1.6.6-1

Crypt_GPG upstream recently published for CVE-2022-24953: “The Crypt_GPG
extension before 1.6.7 for PHP does not prevent additional options in
GPG calls, which presents a risk for certain environments and GPG
versions.”

The fix is trivial:
https://github.com/pear/Crypt_GPG/commit/74c8f989cefbe0887274b461dc56197e121bfd04
 .
Dunno if that warrants a DSA, but I'll prepare & test a debdiff for
bullseye-security or s-p-u.

-- 
Guilhem.

Attachment: signature.asc
Description: PGP signature

Reply via email to