Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cfb98693 by Salvatore Bonaccorso at 2026-05-13T07:49:51+02:00
CVE-2026-44167 assigned for phpseclib issue
- - - - -
3 changed files:
- data/CVE/list
- data/next-oldstable-point-update.txt
- data/next-point-update.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -169,8 +169,6 @@ CVE-2026-44184 (Cleanuparr is a tool for automating the
cleanup of unwanted or b
NOT-FOR-US: Cleanuparr
CVE-2026-44183 (Cleanuparr is a tool for automating the cleanup of unwanted or
blocked ...)
NOT-FOR-US: Cleanuparr
-CVE-2026-44167 (phpseclib is a PHP secure communications library. Prior to
1.0.29, 2.0 ...)
- TODO: check
CVE-2026-44166 (Pocketbase is an open source web backend written in go. Prior
to 0.22. ...)
TODO: check
CVE-2026-43993 (JunoClaw is an agentic AI platform built on Juno Network.
Prior to 0.x ...)
@@ -279717,7 +279715,7 @@ CVE-2024-27354 (An issue was discovered in phpseclib
1.x before 1.0.23, 2.x befo
- php-phpseclib3 3.0.36-1
[bookworm] - php-phpseclib3 3.0.19-1+deb12u3
NOTE:
https://github.com/phpseclib/phpseclib/commit/ad5dbdf2129f5e0fb644637770b7f33de8ca8575
-CVE-2026-XXXX [Bypass of CVE-2024-27355 mitigations]
+CVE-2026-44167 [Bypass of CVE-2024-27355 mitigations]
- phpseclib 1.0.29-1
[trixie] - phpseclib <no-dsa> (Minor issue, will be fixed via point
update)
[bookworm] - phpseclib <no-dsa> (Minor issue, will be fixed via point
update)
=====================================
data/next-oldstable-point-update.txt
=====================================
@@ -272,7 +272,7 @@ CVE-2026-40194
[bookworm] - php-phpseclib3 3.0.19-1+deb12u5
[bookworm] - php-phpseclib 2.0.42-1+deb12u4
[bookworm] - phpseclib 1.0.20-1+deb12u4
-CVE-2026-XXXX [Bypass of CVE-2024-27355 mitigations]
+CVE-2026-44167 [Bypass of CVE-2024-27355 mitigations]
[bookworm] - phpseclib 1.0.20-1+deb12u5
[bookworm] - php-phpseclib 2.0.42-1+deb12u5
[bookworm] - php-phpseclib3 3.0.19-1+deb12u6
=====================================
data/next-point-update.txt
=====================================
@@ -292,7 +292,7 @@ CVE-2026-40194
[trixie] - php-phpseclib3 3.0.43-2+deb13u2
[trixie] - php-phpseclib 2.0.48-3+deb13u2
[trixie] - phpseclib 1.0.23-6+deb13u2
-CVE-2026-XXXX [Bypass of CVE-2024-27355 mitigations]
+CVE-2026-44167 [Bypass of CVE-2024-27355 mitigations]
[trixie] - phpseclib 1.0.23-6+deb13u3
[trixie] - php-phpseclib 2.0.48-3+deb13u3
[trixie] - php-phpseclib3 3.0.43-2+deb13u3
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cfb986931b3bcb69559ce427251fc8ac83b62ee9
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cfb986931b3bcb69559ce427251fc8ac83b62ee9
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
