Version in base suite: 1.0.23-6 Version in overlay suite: 1.0.23-6+deb13u1 Base version: phpseclib_1.0.23-6+deb13u1 Target version: phpseclib_1.0.23-6+deb13u3 Base file: /srv/ftp-master.debian.org/ftp/pool/main/p/phpseclib/phpseclib_1.0.23-6+deb13u1.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/p/phpseclib/phpseclib_1.0.23-6+deb13u3.dsc changelog | 17 ++ patches/0014-SSH2-use-constant-time-string-comparison-in-get_bina.patch | 58 ++++++++++ patches/0015-ASN1-reduce-length-of-supported-OIDs-from-4096-bytes.patch | 26 ++++ patches/series | 2 4 files changed, 102 insertions(+), 1 deletion(-) dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmphrdyz731/phpseclib_1.0.23-6+deb13u1.dsc: no acceptable signature found dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmphrdyz731/phpseclib_1.0.23-6+deb13u3.dsc: no acceptable signature found diff -Nru phpseclib-1.0.23/debian/changelog phpseclib-1.0.23/debian/changelog --- phpseclib-1.0.23/debian/changelog 2026-03-24 07:55:43.000000000 +0000 +++ phpseclib-1.0.23/debian/changelog 2026-04-28 11:51:31.000000000 +0000 @@ -1,7 +1,22 @@ +phpseclib (1.0.23-6+deb13u3) trixie; urgency=medium + + * ASN1: reduce length of supported OIDs from 4096 bytes to 128 bytes + [CVE-2024-27355] + + -- David Prévot Tue, 28 Apr 2026 13:51:31 +0200 + +phpseclib (1.0.23-6+deb13u2) trixie; urgency=medium + + * Fix bug number in previous changelog entry + * SSH2: use constant time string comparison in get_binary_packet() + [CVE-2026-40194] + + -- David Prévot Sun, 19 Apr 2026 11:36:32 +0200 + phpseclib (1.0.23-6+deb13u1) trixie-security; urgency=medium * Track trixie branch - * make unpadding constant time [CVE-2026-32935] (Closes: #1131485) + * make unpadding constant time [CVE-2026-32935] (Closes: #1131484) -- David Prévot Tue, 24 Mar 2026 08:55:43 +0100 diff -Nru phpseclib-1.0.23/debian/patches/0014-SSH2-use-constant-time-string-comparison-in-get_bina.patch phpseclib-1.0.23/debian/patches/0014-SSH2-use-constant-time-string-comparison-in-get_bina.patch --- phpseclib-1.0.23/debian/patches/0014-SSH2-use-constant-time-string-comparison-in-get_bina.patch 1970-01-01 00:00:00.000000000 +0000 +++ phpseclib-1.0.23/debian/patches/0014-SSH2-use-constant-time-string-comparison-in-get_bina.patch 2026-04-28 11:51:15.000000000 +0000 @@ -0,0 +1,58 @@ +From: terrafrost +Date: Thu, 9 Apr 2026 18:14:19 -0500 +Subject: SSH2: use constant time string comparison in get_binary_packet(): + +Origin: backport, https://github.com/phpseclib/phpseclib/commit/ffe48b6b1b1af6963327f0a5330e3aa004a194ac +Bug: https://github.com/phpseclib/phpseclib/security/advisories/GHSA-r854-jrxh-36qx +Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2026-40194 +--- + phpseclib/Net/SSH2.php | 31 ++++++++++++++++++++++++++++++- + 1 file changed, 30 insertions(+), 1 deletion(-) + +diff --git a/phpseclib/Net/SSH2.php b/phpseclib/Net/SSH2.php +index f9fffc3..908614f 100644 +--- a/phpseclib/Net/SSH2.php ++++ b/phpseclib/Net/SSH2.php +@@ -3721,7 +3721,7 @@ class Net_SSH2 + $this->bitmap = 0; + user_error('Error reading socket'); + return false; +- } elseif ($hmac != $this->hmac_check->hash(pack('NNCa*', $this->get_seq_no, $packet_length, $padding_length, $payload . $padding))) { ++ } elseif (!$this->_equals($hmac, $this->hmac_check->hash(pack('NNCa*', $this->get_seq_no, $packet_length, $padding_length, $payload . $padding)))) { + user_error('Invalid HMAC'); + return false; + } +@@ -5527,4 +5527,33 @@ class Net_SSH2 + { + $this->smartMFA = false; + } ++ ++ /** ++ * Constant time equality testing ++ * ++ * Pretty much copy / pasted from Crypt/RSA.php ++ * ++ * @access private ++ * @param string $x ++ * @param string $y ++ * @return bool ++ */ ++ function _equals($x, $y) ++ { ++ if (function_exists('hash_equals')) { ++ return hash_equals($x, $y); ++ } ++ ++ if (strlen($x) != strlen($y)) { ++ return false; ++ } ++ ++ $result = "\0"; ++ $x^= $y; ++ for ($i = 0; $i < strlen($x); $i++) { ++ $result|= $x[$i]; ++ } ++ ++ return $result === "\0"; ++ } + } diff -Nru phpseclib-1.0.23/debian/patches/0015-ASN1-reduce-length-of-supported-OIDs-from-4096-bytes.patch phpseclib-1.0.23/debian/patches/0015-ASN1-reduce-length-of-supported-OIDs-from-4096-bytes.patch --- phpseclib-1.0.23/debian/patches/0015-ASN1-reduce-length-of-supported-OIDs-from-4096-bytes.patch 1970-01-01 00:00:00.000000000 +0000 +++ phpseclib-1.0.23/debian/patches/0015-ASN1-reduce-length-of-supported-OIDs-from-4096-bytes.patch 2026-04-28 11:51:15.000000000 +0000 @@ -0,0 +1,26 @@ +From: terrafrost +Date: Mon, 27 Apr 2026 01:00:37 -0500 +Subject: ASN1: reduce length of supported OIDs from 4096 bytes to 128 bytes + +Origin: upstream, https://github.com/phpseclib/phpseclib/commit/d53d2021bcb9f6a04d5d44ec99e6bbef219a71bc +Bug: https://github.com/phpseclib/phpseclib/security/advisories/GHSA-2528-jw5q-ww88 +Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2024-27355 +--- + phpseclib/File/ASN1.php | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/phpseclib/File/ASN1.php b/phpseclib/File/ASN1.php +index 249a37d..34ad9ee 100644 +--- a/phpseclib/File/ASN1.php ++++ b/phpseclib/File/ASN1.php +@@ -1278,8 +1278,8 @@ class File_ASN1 + $pos = 0; + $len = strlen($content); + // see https://github.com/openjdk/jdk/blob/2deb318c9f047ec5a4b160d66a4b52f93688ec42/src/java.base/share/classes/sun/security/util/ObjectIdentifier.java#L55 +- if ($len > 4096) { +- //user_error('Object Identifier size is limited to 4096 bytes'); ++ if ($len > 128) { ++ //user_error('Object Identifier size is limited to 128 bytes'); + return false; + } + diff -Nru phpseclib-1.0.23/debian/patches/series phpseclib-1.0.23/debian/patches/series --- phpseclib-1.0.23/debian/patches/series 2026-03-24 07:55:43.000000000 +0000 +++ phpseclib-1.0.23/debian/patches/series 2026-04-28 11:51:15.000000000 +0000 @@ -11,3 +11,5 @@ 0011-Group-nophpunit11-for-tests-failing-with-PHPUnit-11.patch 0012-Modernize-PHPUnit-syntax.patch 0013-make-unpadding-constant-time.patch +0014-SSH2-use-constant-time-string-comparison-in-get_bina.patch +0015-ASN1-reduce-length-of-supported-OIDs-from-4096-bytes.patch