-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3197-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler November 17, 2022 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : phpseclib Version : 1.0.19-3~deb10u1 CVE ID : CVE-2021-30130 It was discovered that phpseclib, a pure-PHP implementation of various cryptographic and arithmetic algorithms (v1), mishandles RSA PKCS#1 v1.5 signature verification. An attacker may get invalid signatures accepted, bypassing authorization control in specific situations. For Debian 10 buster, this problem has been fixed in version 1.0.19-3~deb10u1. We recommend that you upgrade your phpseclib packages. For the detailed security status of phpseclib please refer to its security tracker page at: https://security-tracker.debian.org/tracker/phpseclib Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmN2WhYACgkQDTl9HeUl XjApug//Qg+aGm10ZrtEdV0Z9mZQtND8pGYnTEafaSsJxJTbwjhdh3M6quvgnrlk nbrFxCnAD+En25ZwXuWCPKcdWhw/G+NCGihDOu/7GhKoaPqtL3RDIyhzY+SxQyPU Vjd60A9xL2LHzeE8Hmcb19EpGAS0udu0AZ/ew0rEmVAUYPvkyvygBTEM/NXxpG4F dKqHuDkl4C5LlUTyI8VPCgj7eosWQ+SGx1qryWfgMoDelyJn3HvIy58H67RSYyPq J2/hsZPcr2sm2l+CTTg1pG5GrBZiP7BksRUXlAcdMYrl9dzJAwzVTbL9FDEB9f37 FKPjicWjPw9+P+5xh9NQ0d4G2UBJSYBs+YKK/FbanpnFBuF53tpZF6SEN+RcVlDS /cqcetxp2SSU1rNQ7TOu2oUQam5Q+4lm3l9nzP+L+9aIE53DJn3W4zfRUp+e1td4 HpJesWokXkLJq5LEryHCvxive8qZGIcM4ogS58ScwARgw9gUt5U/SLJDUxMs58V1 UXS1ws4j50aTMV85Kgy5MNLx/RmkqlgHNHECJ5KIzOtly6+AWQoXfjjbZNp3aWW8 MH4lIWY0Dk1LclY/GfCBADxRQjFROUBNUAGc87P4feWACayaIjeTK+qyyRdzfXAA HplWWYTkh9kOcjAfwqi0IG49RR5U9veJwY+/dqd6CP3j8W3b6pQ= =NHnH -----END PGP SIGNATURE-----
