Your message dated Mon, 18 Dec 2023 16:35:45 +0000
with message-id <[email protected]>
and subject line Bug#1057037: fixed in ldap-account-manager 8.6-1
has caused the Debian Bug report #1057037,
regarding php-phpseclib3: CVE-2023-49316
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1057037: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057037
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: php-phpseclib3
Version: 3.0.33-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for php-phpseclib3.
CVE-2023-49316[0]:
| In Math/BinaryField.php in phpseclib before 3.0.34, excessively
| large degrees can lead to a denial of service.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-49316
https://www.cve.org/CVERecord?id=CVE-2023-49316
[1]
https://github.com/phpseclib/phpseclib/commit/964d78101a70305df33f442f5490f0adb3b7e77f
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: ldap-account-manager
Source-Version: 8.6-1
Done: Roland Gruber <[email protected]>
We believe that the bug you reported is fixed in the latest version of
ldap-account-manager, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Roland Gruber <[email protected]> (supplier of updated ldap-account-manager
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 18 Dec 2023 07:05:16 +0100
Source: ldap-account-manager
Architecture: source
Version: 8.6-1
Distribution: unstable
Urgency: medium
Maintainer: Roland Gruber <[email protected]>
Changed-By: Roland Gruber <[email protected]>
Closes: 1057036 1057037
Changes:
ldap-account-manager (8.6-1) unstable; urgency=medium
.
* new upstream release
* Fix "php-phpseclib3: CVE-2023-49316" by linking
directory (Closes: #1057037)
* Fix "Lots of embedded copies, including many that are already packaged
in Debian" by linking directories (Closes: #1057036)
Checksums-Sha1:
25a5a089b52159c565b6ee2a99e5266fc8f73f1d 2032 ldap-account-manager_8.6-1.dsc
e24a678cb60a75fe6efc597220a75f3edf1bdf20 27987138
ldap-account-manager_8.6.orig.tar.bz2
59352507fbc0b433fbd56abd4c10081dbfd743f6 36452
ldap-account-manager_8.6-1.debian.tar.xz
dbe9b4645256fd4d0fbbb8f70380940a8cd277c8 8038
ldap-account-manager_8.6-1_amd64.buildinfo
Checksums-Sha256:
e2a6cb3ae2597d1844a0cf7a857e9836fee0c453073217bfa747e63c5afe342e 2032
ldap-account-manager_8.6-1.dsc
94be90ff91a9c32e567387a6bf0655b58a89abbcd5005640c6d69a847b6df9de 27987138
ldap-account-manager_8.6.orig.tar.bz2
1783c24091e015a04e9a09ed68ab32db9c440c18064c99d7380e4a4df20eadb4 36452
ldap-account-manager_8.6-1.debian.tar.xz
c5125c1a62e5405712b0cc56674fad704d06dd74ce2d39438b848bc994f1dcde 8038
ldap-account-manager_8.6-1_amd64.buildinfo
Files:
02a44ba2b91f7cf0fd21473ff3a1d642 2032 web optional
ldap-account-manager_8.6-1.dsc
e46f8746ab0f4a18bcc7515d45636a1b 27987138 web optional
ldap-account-manager_8.6.orig.tar.bz2
69386e57fd565bae29cef835625aceba 36452 web optional
ldap-account-manager_8.6-1.debian.tar.xz
7e1006e83d382d5fedab24f9924d7701 8038 web optional
ldap-account-manager_8.6-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEERgUMsnxvIxsAsUimhHMGK3zwlLoFAmWAZnoACgkQhHMGK3zw
lLo7+A/+OqsqvxEMy2W9Ns+s/4V3h56QttqX8Xifaz9tTX4u4ObXMQPoIMHAZMlX
aqqWF7IWrhG7EXCph9RiRJfs9Fcv/GEQuULaZC2sfEvxWqG9dTr69bpVaOdu9SYI
x9gyMLPe3j6KL4oaMsF+BO9dNHSn5QaigkDvOQcMACkMxZaMl92NxwOoGvIujkQs
4qBzO6xPdEHljeq5x3X/KJ0FxTc8FVVnMO8/G3UMYd9Zd6ucdzXbkk4JiZ4YIxBu
b8neDTHxIsmcFBdy38ZD7j3UwOzIMT+Cs123ZKyxnscJdfJfwe1N8zDrJ7c7YrZn
ogKpkqQUmTypp+MtB66nIVvhgwQqcOWax82TFtNPPUJpL+BalniosHbskbEv5QSw
Eg0F92ByAz+vwZRzqBF9K9O6mJnTncwWRMecNcMZvMMa466OblfPFEnsKA4oUTGh
Gj1yF7ngFBz567at9GZyLmDhPQ9/GmW8dpfefqu7njy8j4Rn6E8cxPkOyyblKUqK
MeXQiMzvuw9nH2abPaQhDA8NaCUqmoim1qTSSdiFYDB//Yr7vm6F+CNjUo96zwSU
lNX6nT2kiD1qFm13CK6p3aDUm/Ls6ahIfsxavnfCFwo672kUoc9XjnXJ0OFlZDCu
7n7y/RbH3nEluEoL0PX8iBzkvHXWT+76VL37oLP+38IE2lpNWwE=
=IaRk
-----END PGP SIGNATURE-----
--- End Message ---
