Version in base suite: 2.0.48-3 Version in overlay suite: 2.0.48-3+deb13u1 Base version: php-phpseclib_2.0.48-3+deb13u1 Target version: php-phpseclib_2.0.48-3+deb13u3 Base file: /srv/ftp-master.debian.org/ftp/pool/main/p/php-phpseclib/php-phpseclib_2.0.48-3+deb13u1.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/p/php-phpseclib/php-phpseclib_2.0.48-3+deb13u3.dsc changelog | 14 ++ patches/0013-SSH2-use-constant-time-string-comparison-in-get_bina.patch | 58 ++++++++++ patches/0014-ASN1-reduce-length-of-supported-OIDs-from-4096-bytes.patch | 26 ++++ patches/series | 2 4 files changed, 100 insertions(+) dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmp0rruqpks/php-phpseclib_2.0.48-3+deb13u1.dsc: no acceptable signature found dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmp0rruqpks/php-phpseclib_2.0.48-3+deb13u3.dsc: no acceptable signature found diff -Nru php-phpseclib-2.0.48/debian/changelog php-phpseclib-2.0.48/debian/changelog --- php-phpseclib-2.0.48/debian/changelog 2026-03-24 07:44:18.000000000 +0000 +++ php-phpseclib-2.0.48/debian/changelog 2026-04-28 11:50:18.000000000 +0000 @@ -1,3 +1,17 @@ +php-phpseclib (2.0.48-3+deb13u3) trixie; urgency=medium + + * ASN1: reduce length of supported OIDs from 4096 bytes to 128 bytes + [CVE-2024-27355] + + -- David Prévot Tue, 28 Apr 2026 13:50:18 +0200 + +php-phpseclib (2.0.48-3+deb13u2) trixie; urgency=medium + + * SSH2: use constant time string comparison in get_binary_packet() + [CVE-2026-40194] + + -- David Prévot Sun, 19 Apr 2026 11:33:48 +0200 + php-phpseclib (2.0.48-3+deb13u1) trixie-security; urgency=medium * Track trixie branch diff -Nru php-phpseclib-2.0.48/debian/patches/0013-SSH2-use-constant-time-string-comparison-in-get_bina.patch php-phpseclib-2.0.48/debian/patches/0013-SSH2-use-constant-time-string-comparison-in-get_bina.patch --- php-phpseclib-2.0.48/debian/patches/0013-SSH2-use-constant-time-string-comparison-in-get_bina.patch 1970-01-01 00:00:00.000000000 +0000 +++ php-phpseclib-2.0.48/debian/patches/0013-SSH2-use-constant-time-string-comparison-in-get_bina.patch 2026-04-28 11:49:53.000000000 +0000 @@ -0,0 +1,58 @@ +From: terrafrost +Date: Thu, 9 Apr 2026 18:14:19 -0500 +Subject: SSH2: use constant time string comparison in get_binary_packet(): + +Origin: upstream, https://github.com/phpseclib/phpseclib/commit/ffe48b6b1b1af6963327f0a5330e3aa004a194ac +Bug: https://github.com/phpseclib/phpseclib/security/advisories/GHSA-r854-jrxh-36qx +Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2026-40194 +--- + phpseclib/Net/SSH2.php | 31 ++++++++++++++++++++++++++++++- + 1 file changed, 30 insertions(+), 1 deletion(-) + +diff --git a/phpseclib/Net/SSH2.php b/phpseclib/Net/SSH2.php +index 3583f86..33d6787 100644 +--- a/phpseclib/Net/SSH2.php ++++ b/phpseclib/Net/SSH2.php +@@ -3787,7 +3787,7 @@ class SSH2 + $this->bitmap = 0; + user_error('Error reading socket'); + return false; +- } elseif ($hmac != $this->hmac_check->hash(pack('NNCa*', $this->get_seq_no, $packet_length, $padding_length, $payload . $padding))) { ++ } elseif (!$this->_equals($hmac, $this->hmac_check->hash(pack('NNCa*', $this->get_seq_no, $packet_length, $padding_length, $payload . $padding)))) { + user_error('Invalid HMAC'); + return false; + } +@@ -5681,4 +5681,33 @@ class SSH2 + { + $this->doKeyReexchangeAfterXBytes = $bytes; + } ++ ++ /** ++ * Constant time equality testing ++ * ++ * Pretty much copy / pasted from Crypt/RSA.php ++ * ++ * @access private ++ * @param string $x ++ * @param string $y ++ * @return bool ++ */ ++ function _equals($x, $y) ++ { ++ if (function_exists('hash_equals')) { ++ return hash_equals($x, $y); ++ } ++ ++ if (strlen($x) != strlen($y)) { ++ return false; ++ } ++ ++ $result = "\0"; ++ $x^= $y; ++ for ($i = 0; $i < strlen($x); $i++) { ++ $result|= $x[$i]; ++ } ++ ++ return $result === "\0"; ++ } + } diff -Nru php-phpseclib-2.0.48/debian/patches/0014-ASN1-reduce-length-of-supported-OIDs-from-4096-bytes.patch php-phpseclib-2.0.48/debian/patches/0014-ASN1-reduce-length-of-supported-OIDs-from-4096-bytes.patch --- php-phpseclib-2.0.48/debian/patches/0014-ASN1-reduce-length-of-supported-OIDs-from-4096-bytes.patch 1970-01-01 00:00:00.000000000 +0000 +++ php-phpseclib-2.0.48/debian/patches/0014-ASN1-reduce-length-of-supported-OIDs-from-4096-bytes.patch 2026-04-28 11:49:53.000000000 +0000 @@ -0,0 +1,26 @@ +From: terrafrost +Date: Mon, 27 Apr 2026 01:00:37 -0500 +Subject: ASN1: reduce length of supported OIDs from 4096 bytes to 128 bytes + +Origin: upstream, https://github.com/phpseclib/phpseclib/commit/d53d2021bcb9f6a04d5d44ec99e6bbef219a71bc +Bug: https://github.com/phpseclib/phpseclib/security/advisories/GHSA-2528-jw5q-ww88 +Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2024-27355 +--- + phpseclib/File/ASN1.php | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/phpseclib/File/ASN1.php b/phpseclib/File/ASN1.php +index dba99de..562de7d 100644 +--- a/phpseclib/File/ASN1.php ++++ b/phpseclib/File/ASN1.php +@@ -1177,8 +1177,8 @@ class ASN1 + $pos = 0; + $len = strlen($content); + // see https://github.com/openjdk/jdk/blob/2deb318c9f047ec5a4b160d66a4b52f93688ec42/src/java.base/share/classes/sun/security/util/ObjectIdentifier.java#L55 +- if ($len > 4096) { +- //user_error('Object Identifier size is limited to 4096 bytes'); ++ if ($len > 128) { ++ //user_error('Object Identifier size is limited to 128 bytes'); + return false; + } + diff -Nru php-phpseclib-2.0.48/debian/patches/series php-phpseclib-2.0.48/debian/patches/series --- php-phpseclib-2.0.48/debian/patches/series 2026-03-24 07:44:18.000000000 +0000 +++ php-phpseclib-2.0.48/debian/patches/series 2026-04-28 11:49:53.000000000 +0000 @@ -10,3 +10,5 @@ 0010-Group-nophpunit11-for-tests-failing-with-PHPUnit-11.patch 0011-Modernize-PHPUnit-syntax.patch 0012-make-unpadding-constant-time.patch +0013-SSH2-use-constant-time-string-comparison-in-get_bina.patch +0014-ASN1-reduce-length-of-supported-OIDs-from-4096-bytes.patch