-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6187-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 29, 2026 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : php-phpseclib3 CVE ID : CVE-2026-32935 It was discovered that the AES-CBC implementation in the PHP Secure Communications Library was susceptible to a padding oracle timing attack. For the oldstable distribution (bookworm), these problems have been fixed in version 3.0.19-1+deb12u4. This update also fixes CVE-2023-52892. For the stable distribution (trixie), these problems have been fixed in version 3.0.43-2+deb13u1. We recommend that you upgrade your php-phpseclib3 packages. For the detailed security status of php-phpseclib3 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/php-phpseclib3 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: [email protected] -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmnJdSIACgkQEMKTtsN8 TjYuJQ//diGexEv91AAU77dmNwHQ502mZfhlYNRis8WFee4eudZnJyADEUe7cwG5 Y6B7ZJvsAWLC6Mv3tmOIHvV0DN6sarcUCQyxDJ+McArEwXF1K+H6WFhrS+hLq+od cZTZeX9oK3Y1qY9C5+6eAXO9Mp/jTR3Zlw9S56cSQsUiw/v878WR6K9YGyD4HV16 agXrSohmESKZfHGX6OulvaZ/KqJHfKPe+AYdVEjw6yF7F8CoD8Is5wdmLuPi47lN mnCSeo9o97NNCqiFgL4Wrx7Xsrt8bxooOdD7LB6Xm9Si5fxkeLUhSPsn9EGY8OvI UwpyeFwKjAC04/IqLj0ESldYL3LyF9PVeCB8IAyn+Rdyy74HnxKhwEfbDr4hlo78 obKfJtHKG0EA2T7UKPAn1o3HOlD9nA4dHXkeIO4nw4LTnOsq7nOCS3j4+hc1vY5X b7ttB8Xy9+SD6e1vIx9Lz5W9mIwvCXpjG2H4Jwz7L5bjUKFqnyPwgW9Qi75jNtnz 2VI4koTxrZnw6t0XDYErNaq4ZR6Ei/9m7ZuQaRWIsrl3OBvX522fXhL24PxlAMfx SrfPH7s29dSPmy6/h01pBmgESDHEwaXVeMk/QIdaQIKajNdn5YPd0oWlXeyM8D3M WDmvkY+JO0bm7nWZD7SOdd038RfUuTFpWnpAMsiSKLcu0e+MSMY= =ahqY -----END PGP SIGNATURE-----
