| Package | php-phpseclib |
|---|---|
| Version | 2.0.4-1 (stretch) |
| Related CVEs | CVE-2021-30130 |
It was discovered that php-phpseclib, a pure-PHP implementation of various cryptographic and arithmetic algorithms, mishandles RSA PKCS#1 v1.5 signature verification. An attacker may get invalid signatures accepted, bypassing authorization control in specific situations.
For Debian 9 stretch, these problems have been fixed in version 2.0.4-1.
We recommend that you upgrade your php-phpseclib packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.