Utkarsh Gupta pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
9d32c648 by Utkarsh Gupta at 2026-07-05T00:54:31+05:30
Reserve DLA-4670-1 for php-phpseclib
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -276860,7 +276860,6 @@ CVE-2023-52892 (In phpseclib before 1.0.22, 2.x
before 2.0.46, and 3.x before 3.
[bookworm] - phpseclib 1.0.20-1+deb12u3
- php-phpseclib 2.0.46-1
[bookworm] - php-phpseclib 2.0.42-1+deb12u3
- [bullseye] - php-phpseclib <no-dsa> (Minor issue; can be fixed via pu)
- php-phpseclib3 3.0.33-1
[bookworm] - php-phpseclib3 3.0.19-1+deb12u4
NOTE:
https://github.com/phpseclib/phpseclib/commit/6cd6e8ceab9f2b55c8cd81d2192bf98cbeaf4627
(1.0.22, 2.0.46, 3.0.33)
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[05 Jul 2026] DLA-4670-1 php-phpseclib - security update
+ {CVE-2023-52892 CVE-2026-32935 CVE-2026-40194 CVE-2026-44167
CVE-2026-55599}
+ [bullseye] - php-phpseclib 2.0.30-2+deb11u3
[04 Jul 2026] DLA-4669-1 php8.2 - security update
{CVE-2026-14355}
[bookworm] - php8.2 8.2.32-1~deb12u1
=====================================
data/dla-needed.txt
=====================================
@@ -519,14 +519,6 @@ php-laravel-framework
NOTE: 20251027: tests is required to prevent regressions, but I could not
get the upstream
NOTE: 20251027: test suite to work. It is not exercised as part of Debian
packages build. (paride)
--
-php-phpseclib/bullseye (utkarsh)
- NOTE: 20260327: Added by Front-Desk (Beuc)
- NOTE: 20260327: Upcoming DSA; fix also the 2023 postponed issue
(Beuc/front-desk)
- NOTE: 20260329: DSA-6186-1
- NOTE: 20260518: Also follow bookworm 12.14 (2 CVEs) (Beuc/front-desk)
- NOTE: 20260703:
https://debusine.debian.net/debian/developers/work-request/906743/.
- NOTE: 20260703: will release soon. (utkarsh)
---
php-twig/bullseye
NOTE: 20260521: Added by Front-Desk (Beuc)
NOTE: 20260521: Cf. symfony batch of CVEs, upcoming DSA (Beuc/front-desk)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d32c6487ff3910904f2b60ecd228f37152d6532
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9d32c6487ff3910904f2b60ecd228f37152d6532
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits