-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6185-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 29, 2026 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : phpseclib CVE ID : CVE-2026-32935 It was discovered that the AES-CBC implementation in the PHP Secure Communications Library was susceptible to a padding oracle timing attack. For the oldstable distribution (bookworm), these problems have been fixed in version 1.0.20-1+deb12u3. This update also fixes CVE-2023-52892. For the stable distribution (trixie), these problems have been fixed in version 1.0.23-6+deb13u1. We recommend that you upgrade your phpseclib packages. For the detailed security status of phpseclib please refer to its security tracker page at: https://security-tracker.debian.org/tracker/phpseclib Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: [email protected] -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmnJdR8ACgkQEMKTtsN8 Tjbj0BAAhDikiKe8HvGCmZ/RpP4JrI2y8n41+sChqmYDsHJ4ifJfoVwB10csw2gu r4OkLb53RdvbnrX4zEjV5IBefv4jw5DiYxwP9zXUovc9Zs4Z3mJR6+iHfvDlOFfw 3RP6kDEFJ8VQgB1MrfDyqROtKsBXyCFyD5SUdS72BDCyVgCo2XzvL0huuWfdL65u PSBVVueOZ7tzlKGbuwPTXZqbFkNKmQlIm3TI5CfQz+W3kbZug7TJsRNda/Z19xzr 3Job9M1Aju/FLKCkmTNfZgWDQ/VScn+MZlRZcLhkLu2XpY7J4VnJVHwoB4j2PhEh vm9g/Lby8fe4j4WNPk5ZzPTvwN0xM1w4Xi5nGJUhMeUEBkDNqlTpDsUjIrVNDCbK zvLpkbBvgVHeBoiyRxOq3wyzDlCg6iOhfWTKl8h5EP4UF+GMMTc8kzwqZuEt6jqR ieBJ1kGwaA31egqnbAjAbSK9gsCNQmuLsQKVnUNkuEPfFZvxGHq/7EABxedj/5px J7pKk58E8++C7BINP2SRnRsPE+yx/lIdFoB2sQ4BX+JMQ0ECZOmxdCsAU0g6or0C RdmGS9wToURTeOa/IXFK4g6DTmvZ95eyZAZ67dnP/Xs/g1AFWUvXY+2F0cGjOXa6 YFOUw9HGpH5iDXlIBseFaY/6cZy3Emeo7+Sy5oqg4T9dfEwyOP8= =uJnp -----END PGP SIGNATURE-----
