Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits: d33a4d2b by Sylvain Beucler at 2021-05-17T21:09:45+02:00 CVE-2021-30130/phpseclib: precise affected versions - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -6736,7 +6736,9 @@ CVE-2021-30130 (phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS - phpseclib 1.0.19-3 - php-phpseclib 2.0.30-2 - php-phpseclib3 3.0.7-1 - NOTE: https://github.com/phpseclib/phpseclib/pull/1635 + NOTE: https://github.com/phpseclib/phpseclib/pull/1635#issuecomment-826994890 + NOTE: Introduced by: https://github.com/phpseclib/phpseclib/commit/cc32cd2e95b18a0c0118bbf1928327675c9e64a9 (v3.0 / RSA::SIGNATURE_RELAXED_PKCS1) + NOTE: According to upstream, 1.x and 2.x are not vulnerable, the fix on these branches only backports more exhaustive PKCS#1 v1.5 support (functional change) CVE-2021-30129 RESERVED CVE-2021-30128 (Apache OFBiz has unsafe deserialization prior to 17.12.07 version ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d33a4d2b2d340c217ce6aedc52541ec68eff56a4 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d33a4d2b2d340c217ce6aedc52541ec68eff56a4 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits