From 831e22fc63b46ae8b81fcd5362327ccd4ae6eaa8 Mon Sep 17 00:00:00 2001
From: Sylvain Beucler <beuc@beuc.net>
Date: Thu, 17 Nov 2022 16:26:29 +0100
Subject: Reserve DLA-3198-1 for php-phpseclib

---
 data/DLA/list       | 3 +++
 data/dla-needed.txt | 6 ------
 2 files changed, 3 insertions(+), 6 deletions(-)

(limited to 'data')

diff --git a/data/DLA/list b/data/DLA/list
index 746dc25ab0..dfb035bb17 100644
--- a/data/DLA/list
+++ b/data/DLA/list
@@ -1,3 +1,6 @@
+[17 Nov 2022] DLA-3198-1 php-phpseclib - security update
+	{CVE-2021-30130}
+	[buster] - php-phpseclib 2.0.30-2~deb10u1
 [17 Nov 2022] DLA-3197-1 phpseclib - security update
 	{CVE-2021-30130}
 	[buster] - phpseclib 1.0.19-3~deb10u1
diff --git a/data/dla-needed.txt b/data/dla-needed.txt
index 510959a47d..7766196a99 100644
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -250,12 +250,6 @@ php-cas
   NOTE: 20221107: consider fixing all 3 packages; also check situation in ELTS for reference (Beuc/front-desk)
   NOTE: 20221110: upcoming DSA (Beuc/front-desk)
 --
-php-phpseclib (Sylvain Beucler)
-  NOTE: 20220909: Programming language: PHP.
-  NOTE: 20220909: Note the discussion whether 2.0 is in fact affected by the CVE or not. It looks like it is affected by a small part of it that is best to fix.. (ola)
-  NOTE: 20221104: Attempted to clarify vulnerability status (cf. 02cd83d1d917dc5964440185226aa11e40058546) (Beuc)
-  NOTE: 20221108: buster is missing testsuite in both phpseclib packages, contacted maintainer to decide whether to backport testsuite or just bump version (Beuc)
---
 php7.3 (Emilio)
   NOTE: 20221031: Programming language: C.
   NOTE: 20221031: CVE-2022-37454 is what is of most concern.
-- 
cgit v1.2.3