-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 25 Jan 2024 00:58:45 +0100 Source: phpseclib Architecture: source Version: 1.0.19-3~deb10u2 Distribution: buster-security Urgency: high Maintainer: Debian PHP PEAR Maintainers <pkg-php-pear@lists.alioth.debian.org> Changed-By: Guilhem Moulin <guilhem@debian.org> Changes: phpseclib (1.0.19-3~deb10u2) buster-security; urgency=high . * Non-maintainer upload by the LTS Security Team. * Fix CVE-2023-48795 (terrapin attack): The SSH transport protocol with certain OpenSSH extensions allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. Checksums-Sha1: 3a362b830e2abae6b0ae532d298f0b0e4ef12bb8 2123 phpseclib_1.0.19-3~deb10u2.dsc 68a31cf08203b3d6ac8d5265e1c20d3ee90b2e12 19388 phpseclib_1.0.19-3~deb10u2.debian.tar.xz a4876f53b4768c1a99e7b660cc9b644e7f8e5712 7621 phpseclib_1.0.19-3~deb10u2_amd64.buildinfo Checksums-Sha256: 41a6d69876d10926479032c01faabefc21f1ed5c698d6b6a9090d8e84580c2f1 2123 phpseclib_1.0.19-3~deb10u2.dsc 0a4ac333baeb4f8ad44185beb9a78658767ea738bdf91499e251c8dfbeae1553 19388 phpseclib_1.0.19-3~deb10u2.debian.tar.xz c27385e7b70bde1bca7cd1dda2cf5d60e1ccefa45767bef9f3a04f30054e09c6 7621 phpseclib_1.0.19-3~deb10u2_amd64.buildinfo Files: 7ddf8430a122f8c9b2ff6fa5dce414b1 2123 php optional phpseclib_1.0.19-3~deb10u2.dsc f7fd6ba61ba67566368b4f5e4b8e61ef 19388 php optional phpseclib_1.0.19-3~deb10u2.debian.tar.xz ec827aa0ec1571a45571eae57e2f45b6 7621 php optional phpseclib_1.0.19-3~deb10u2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmWxpcMACgkQ05pJnDwh pVLqiw//ZcVrXBauxojhPefKqLNBVLOMnt7cyXxfDzmZXhygh4ov+YhHuZyKZ9Wm 7EoO+3MfE2yNwUZ8McUZv12LCY6XBTDUGCZ6N/bccYkF4jguTb3U6yk7QDV141lY lG0cBTSSpdecNzHRMweXai7C8xyoea1mOJmvKGCKaQIs+xPPyJIWp1QF4yKfnzUF eNBiOT7XHGpZAP67N+WnPVcm1XPUg7JGQ/jsARoWFNRltCdULR2VCuDj7emV5aOk AmSsbKWmEB78qlVyX+FQiWsznkyiC6nqWDQ1bFgEXJOudtx0buuwuksDiwjwip5W FjEgk4aS36ZCS4T4lMC/EdGwS1Zfak320Y5Uodzp/5bBfJuPYn7aW/RJDhmU/Tfp WEbUKGWRJYuWsaVmu8sONbER6D9c+dki6eoWR+YKhmHu82RPCe/AO1i79LXRSRMX gm1PQllX6p4qN5PqhG8D3f0iQexiy1POQ0owrrXpatEIu7u/ibmXDjTyTffRnAqK H7HY6jEhMIxZ736UCceyXSHhlCCJiWqcLyxgeoPLBVq7vpnJwfLeSKEyVVBlGKnR CxuYxAM6gw8SF6c9Wy6PLVaUrIuaJlDb1RMEqQTKQ7ns95SrBD8vtcSKF7pc7Nb2 N6qg9bV9b21tfAIi+1KutrVbAFc1loEL7xzGO0sdf36VtKvojtw= =lnKJ -----END PGP SIGNATURE-----