Version in base suite: 2.0.42-1+deb12u2 Version in overlay suite: 2.0.42-1+deb12u3 Base version: php-phpseclib_2.0.42-1+deb12u3 Target version: php-phpseclib_2.0.42-1+deb12u5 Base file: /srv/ftp-master.debian.org/ftp/pool/main/p/php-phpseclib/php-phpseclib_2.0.42-1+deb12u3.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/p/php-phpseclib/php-phpseclib_2.0.42-1+deb12u5.dsc changelog | 14 ++ patches/0019-SSH2-use-constant-time-string-comparison-in-get_bina.patch | 58 ++++++++++ patches/0020-ASN1-reduce-length-of-supported-OIDs-from-4096-bytes.patch | 26 ++++ patches/series | 2 4 files changed, 100 insertions(+) dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmp4_0jj1go/php-phpseclib_2.0.42-1+deb12u3.dsc: no acceptable signature found dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmp4_0jj1go/php-phpseclib_2.0.42-1+deb12u5.dsc: no acceptable signature found diff -Nru php-phpseclib-2.0.42/debian/changelog php-phpseclib-2.0.42/debian/changelog --- php-phpseclib-2.0.42/debian/changelog 2026-03-24 07:51:03.000000000 +0000 +++ php-phpseclib-2.0.42/debian/changelog 2026-04-28 12:33:17.000000000 +0000 @@ -1,3 +1,17 @@ +php-phpseclib (2.0.42-1+deb12u5) bookworm; urgency=medium + + * ASN1: reduce length of supported OIDs from 4096 bytes to 128 bytes + [CVE-2024-27355] + + -- David Prévot Tue, 28 Apr 2026 14:33:17 +0200 + +php-phpseclib (2.0.42-1+deb12u4) bookworm; urgency=medium + + * SSH2: use constant time string comparison in get_binary_packet() + [CVE-2026-40194] + + -- David Prévot Sun, 19 Apr 2026 11:35:38 +0200 + php-phpseclib (2.0.42-1+deb12u3) bookworm-security; urgency=medium * make unpadding constant time [CVE-2026-32935] (Closes: #1131483) diff -Nru php-phpseclib-2.0.42/debian/patches/0019-SSH2-use-constant-time-string-comparison-in-get_bina.patch php-phpseclib-2.0.42/debian/patches/0019-SSH2-use-constant-time-string-comparison-in-get_bina.patch --- php-phpseclib-2.0.42/debian/patches/0019-SSH2-use-constant-time-string-comparison-in-get_bina.patch 1970-01-01 00:00:00.000000000 +0000 +++ php-phpseclib-2.0.42/debian/patches/0019-SSH2-use-constant-time-string-comparison-in-get_bina.patch 2026-04-28 12:32:57.000000000 +0000 @@ -0,0 +1,58 @@ +From: terrafrost +Date: Thu, 9 Apr 2026 18:14:19 -0500 +Subject: SSH2: use constant time string comparison in get_binary_packet(): + +Origin: backport, https://github.com/phpseclib/phpseclib/commit/ffe48b6b1b1af6963327f0a5330e3aa004a194ac +Bug: https://github.com/phpseclib/phpseclib/security/advisories/GHSA-r854-jrxh-36qx +Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2026-40194 +--- + phpseclib/Net/SSH2.php | 31 ++++++++++++++++++++++++++++++- + 1 file changed, 30 insertions(+), 1 deletion(-) + +diff --git a/phpseclib/Net/SSH2.php b/phpseclib/Net/SSH2.php +index 2aad247..dbcb5d9 100644 +--- a/phpseclib/Net/SSH2.php ++++ b/phpseclib/Net/SSH2.php +@@ -3686,7 +3686,7 @@ class SSH2 + $this->bitmap = 0; + user_error('Error reading socket'); + return false; +- } elseif ($hmac != $this->hmac_check->hash(pack('NNCa*', $this->get_seq_no, $packet_length, $padding_length, $payload . $padding))) { ++ } elseif (!$this->_equals($hmac, $this->hmac_check->hash(pack('NNCa*', $this->get_seq_no, $packet_length, $padding_length, $payload . $padding)))) { + user_error('Invalid HMAC'); + return false; + } +@@ -5495,4 +5495,33 @@ class SSH2 + { + $this->smartMFA = false; + } ++ ++ /** ++ * Constant time equality testing ++ * ++ * Pretty much copy / pasted from Crypt/RSA.php ++ * ++ * @access private ++ * @param string $x ++ * @param string $y ++ * @return bool ++ */ ++ function _equals($x, $y) ++ { ++ if (function_exists('hash_equals')) { ++ return hash_equals($x, $y); ++ } ++ ++ if (strlen($x) != strlen($y)) { ++ return false; ++ } ++ ++ $result = "\0"; ++ $x^= $y; ++ for ($i = 0; $i < strlen($x); $i++) { ++ $result|= $x[$i]; ++ } ++ ++ return $result === "\0"; ++ } + } diff -Nru php-phpseclib-2.0.42/debian/patches/0020-ASN1-reduce-length-of-supported-OIDs-from-4096-bytes.patch php-phpseclib-2.0.42/debian/patches/0020-ASN1-reduce-length-of-supported-OIDs-from-4096-bytes.patch --- php-phpseclib-2.0.42/debian/patches/0020-ASN1-reduce-length-of-supported-OIDs-from-4096-bytes.patch 1970-01-01 00:00:00.000000000 +0000 +++ php-phpseclib-2.0.42/debian/patches/0020-ASN1-reduce-length-of-supported-OIDs-from-4096-bytes.patch 2026-04-28 12:32:57.000000000 +0000 @@ -0,0 +1,26 @@ +From: terrafrost +Date: Mon, 27 Apr 2026 01:00:37 -0500 +Subject: ASN1: reduce length of supported OIDs from 4096 bytes to 128 bytes + +Origin: upstream, https://github.com/phpseclib/phpseclib/commit/d53d2021bcb9f6a04d5d44ec99e6bbef219a71bc +Bug: https://github.com/phpseclib/phpseclib/security/advisories/GHSA-2528-jw5q-ww88 +Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2024-27355 +--- + phpseclib/File/ASN1.php | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/phpseclib/File/ASN1.php b/phpseclib/File/ASN1.php +index fdef2b4..64a5e6f 100644 +--- a/phpseclib/File/ASN1.php ++++ b/phpseclib/File/ASN1.php +@@ -1177,8 +1177,8 @@ class ASN1 + $pos = 0; + $len = strlen($content); + // see https://github.com/openjdk/jdk/blob/2deb318c9f047ec5a4b160d66a4b52f93688ec42/src/java.base/share/classes/sun/security/util/ObjectIdentifier.java#L55 +- if ($len > 4096) { +- //user_error('Object Identifier size is limited to 4096 bytes'); ++ if ($len > 128) { ++ //user_error('Object Identifier size is limited to 128 bytes'); + return false; + } + diff -Nru php-phpseclib-2.0.42/debian/patches/series php-phpseclib-2.0.42/debian/patches/series --- php-phpseclib-2.0.42/debian/patches/series 2026-03-24 07:51:03.000000000 +0000 +++ php-phpseclib-2.0.42/debian/patches/series 2026-04-28 12:32:57.000000000 +0000 @@ -16,3 +16,5 @@ 0016-make-unpadding-constant-time.patch 0017-X509-fix-for-weird-characters-in-subjaltname.patch 0018-Tests-X509-updates-to-work-for-2.0-branch.patch +0019-SSH2-use-constant-time-string-comparison-in-get_bina.patch +0020-ASN1-reduce-length-of-supported-OIDs-from-4096-bytes.patch