Hi David, > Hi Salvatore, > > Le 05/03/2023 à 11:04, Salvatore Bonaccorso a écrit : > > Source: php-phpseclib3 > > Version: 3.0.18-1 > […] > > The following vulnerability was published for php-phpseclib3. > > Thanks, fixed in 3.0.19-1 (but I forgot the Closes: entry :/). > > > The official CVE description is right now a bit confusing for me, I'm > > assuming the issue is only introduced with [2] wich is in 3.0.0. Is > > this correct? > > That’s indeed my understanding, meaning there is nothing to fix in stable. > There is nothing close to this functionality in php-phpseclib (version 2) > nor php-seclib (version 1).
Thanks for confirming! In meanwhile someone has as well requested the CVE description to be updated and in fact now correctly mentions 3.x only. Regards, Salvatore
