summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSylvain Beucler <beuc@beuc.net>2022-11-17 16:26:29 +0100
committerSylvain Beucler <beuc@beuc.net>2022-11-17 16:26:29 +0100
commit831e22fc63b46ae8b81fcd5362327ccd4ae6eaa8 (patch)
tree73c97fd49555c9792e1535b13619f8b433135a33
parenteced38e6e8be713b7ea3a69568c949a8cfc3841f (diff)
Reserve DLA-3198-1 for php-phpseclib
Diffstat
-rw-r--r--data/DLA/list3
-rw-r--r--data/dla-needed.txt6
2 files changed, 3 insertions, 6 deletions
diff --git a/data/DLA/list b/data/DLA/list
index 746dc25ab0..dfb035bb17 100644
--- a/data/DLA/list
+++ b/data/DLA/list
@@ -1,3 +1,6 @@
+[17 Nov 2022] DLA-3198-1 php-phpseclib - security update
+ {CVE-2021-30130}
+ [buster] - php-phpseclib 2.0.30-2~deb10u1
[17 Nov 2022] DLA-3197-1 phpseclib - security update
{CVE-2021-30130}
[buster] - phpseclib 1.0.19-3~deb10u1
diff --git a/data/dla-needed.txt b/data/dla-needed.txt
index 510959a47d..7766196a99 100644
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -250,12 +250,6 @@ php-cas
NOTE: 20221107: consider fixing all 3 packages; also check situation in ELTS for reference (Beuc/front-desk)
NOTE: 20221110: upcoming DSA (Beuc/front-desk)
--
-php-phpseclib (Sylvain Beucler)
- NOTE: 20220909: Programming language: PHP.
- NOTE: 20220909: Note the discussion whether 2.0 is in fact affected by the CVE or not. It looks like it is affected by a small part of it that is best to fix.. (ola)
- NOTE: 20221104: Attempted to clarify vulnerability status (cf. 02cd83d1d917dc5964440185226aa11e40058546) (Beuc)
- NOTE: 20221108: buster is missing testsuite in both phpseclib packages, contacted maintainer to decide whether to backport testsuite or just bump version (Beuc)
---
php7.3 (Emilio)
NOTE: 20221031: Programming language: C.
NOTE: 20221031: CVE-2022-37454 is what is of most concern.

© 2014-2024 Faster IT GmbH | imprint | privacy policy