From eced38e6e8be713b7ea3a69568c949a8cfc3841f Mon Sep 17 00:00:00 2001 From: Sylvain Beucler Date: Thu, 17 Nov 2022 16:25:17 +0100 Subject: Reserve DLA-3197-1 for phpseclib --- data/DLA/list | 3 +++ data/dla-needed.txt | 6 ------ 2 files changed, 3 insertions(+), 6 deletions(-) (limited to 'data') diff --git a/data/DLA/list b/data/DLA/list index 9986a51f51..746dc25ab0 100644 --- a/data/DLA/list +++ b/data/DLA/list @@ -1,3 +1,6 @@ +[17 Nov 2022] DLA-3197-1 phpseclib - security update + {CVE-2021-30130} + [buster] - phpseclib 1.0.19-3~deb10u1 [17 Nov 2022] DLA-3196-1 thunderbird - security update {CVE-2022-45403 CVE-2022-45404 CVE-2022-45405 CVE-2022-45406 CVE-2022-45408 CVE-2022-45409 CVE-2022-45410 CVE-2022-45411 CVE-2022-45412 CVE-2022-45416 CVE-2022-45418 CVE-2022-45420 CVE-2022-45421} [buster] - thunderbird 1:102.5.0-1~deb10u1 diff --git a/data/dla-needed.txt b/data/dla-needed.txt index bc90ecbc38..510959a47d 100644 --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -260,12 +260,6 @@ php7.3 (Emilio) NOTE: 20221031: Programming language: C. NOTE: 20221031: CVE-2022-37454 is what is of most concern. -- -phpseclib (Sylvain Beucler) - NOTE: 20220909: Programming language: PHP. - NOTE: 20220909: Note the discussion whether 1.0 is in fact affected by the CVE or not. It looks like it is affected by a small part of it that is best to fix.. (ola) - NOTE: 20221104: Attempted to clarify vulnerability status (cf. 02cd83d1d917dc5964440185226aa11e40058546) (Beuc) - NOTE: 20221108: buster is missing testsuite in both phpseclib packages, contacted maintainer to decide whether to backport testsuite or just bump version (Beuc) --- pluxml NOTE: 20220913: Programming language: PHP. NOTE: 20220913: Special attention: orphaned package. -- cgit v1.2.3