-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6186-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff March 29, 2026 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : php-phpseclib CVE ID : CVE-2026-32935 It was discovered that the AES-CBC implementation in the PHP Secure Communications Library was susceptible to a padding oracle timing attack. For the oldstable distribution (bookworm), these problems have been fixed in version 2.0.42-1+deb12u3. This update also fixes CVE-2023-52892. For the stable distribution (trixie), these problems have been fixed in version 2.0.48-3+deb13u1. We recommend that you upgrade your php-phpseclib packages. For the detailed security status of php-phpseclib please refer to its security tracker page at: https://security-tracker.debian.org/tracker/php-phpseclib Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: [email protected] -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmnJdSAACgkQEMKTtsN8 Tjaufg/8DeFCl3NVKnxu+plpZw3BNmU5arR2JSfAYF+b7cGo/UkJ8tyJuGM8VzzH 8ijnT92Zfq6HNKwboQ0k1JGWm5rmQSQI2bU7EJkewqDXOe9qPSZVjF46ayTnByND 4+7bfCq1lg5FU2sEZF/5zZqnnI5p2ctWh+1rSYZVVJxCpEy43zkA9Yv5RLq0aHhb Bp3E2i+jJlJjL25VmJLYVVl/JFgbvD4WCHYUXbkAsBMeHLuR4UfYrSvL1BrP22wG lbsBWmbX82c1FkMuV+sgfFF+3cT+jawDo2AWgl8CDa0c/xX0m1u1KIHcDri/hJ4Z Pbomx7fdPT0239YCk6GrnOQiNg1TYe7kKhTUgHnZkKZIta0p2K7rGJEhJ0jLCUWv 2esTIzMizokDkEPYjCTDdB1ggY9D77iixEX41V6UVZBioEympPCsIgnxCgf6pVOm Vv3bUHMbVni81MaskvUQS+I1E/koWCwra6wrmOvGN8HyFLBEgV2oYDi7YD/KZYPL PBN4cep2SBghuKJxmO/HEu9G18o+iLTagZz5TqzeYdZm2ZsUHyN75rnXDbCAcazn qltCjRQhSYXgmuqksZcY652yTA0uckejBYc8fAGnsYNBt/xYsJES7KesfEuM+Ssn IiR0R66Q3RTdZZ9bGVE7BSfyU/EOw09WwvxAarhzCyX/ZS18w0E= =IEil -----END PGP SIGNATURE-----
