-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3198-1 [email protected] https://www.debian.org/lts/security/ Sylvain Beucler November 17, 2022 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : php-phpseclib Version : 2.0.30-2~deb10u1 CVE ID : CVE-2021-30130 It was discovered that php-phpseclib, a pure-PHP implementation of various cryptographic and arithmetic algorithms (v2), mishandles RSA PKCS#1 v1.5 signature verification. An attacker may get invalid signatures accepted, bypassing authorization control in specific situations. For Debian 10 buster, this problem has been fixed in version 2.0.30-2~deb10u1. We recommend that you upgrade your php-phpseclib packages. For the detailed security status of php-phpseclib please refer to its security tracker page at: https://security-tracker.debian.org/tracker/php-phpseclib Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmN2WioACgkQDTl9HeUl XjApBA/8D1JVQMdHEZX6MpbgyKPCp8bdEd6ZjSrjaYhumjsTiXvcBXe8EYrfqzjs HpL0DKn5jI7dMOiAIe2iGKRe2J2qhpEJGFrBTzR3F+WqdmSlcEJWj7xsfjUrZ5YF K65rK5C7WbB+81ZE39lpwsnSiKPhbzz+V50ExAAt+CzS2/pojai+B2U4TzMLbttn wNPimREKp8qxydyuUkNjlcDrrpPCV762qJPlZCJHyiaMMUvnkI5JMB3K80Bk7oST YnCpCBBdTbkbLykDXDszLdZf+Lo89n6J3kMQqn0USy/sQvU2elfjPy+Z33XZ7XfG Vf8L05DDXS7YqJ86wopUv5bwN2pXpu2VZSNi1oCHvRscgfw09kzHJVdlW2Euk3LF txivRofXZVeQCBWCN3Ar/myQs6XE07gJ7dj80WZoRwWtyFtTzL82/nGAT8FzXkE1 fMsKsIKa2nObZ+81sjx4DmPobGXu6Sj81TUn4rOgywYpljhSRo/UhnyXx9qfRbLI 8Br0RSM7ZmZ9tbo6k2Hdf2R+fTpmNgAKdyxR/aFuk3BmgYSBc37yQs2n3e5acnyk Rj4lxO6uddU98w0L4cohP3Q27a4uIzl59y7kybhjw3yvYQHmXXjb38RKbv+xuaQM oSs+So4yiM4RbGG138RrMOcMZJPgK/rIKaZznS6i/UTk51fRJOc= =fluQ -----END PGP SIGNATURE-----
