Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/php-phpseclib@2.0.42-1%2Bdeb12u3?distro=trixie
purl pkg:deb/debian/php-phpseclib@2.0.42-1%2Bdeb12u3?distro=trixie
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-8h2u-szq5-13ar Name confusion in x509 Subject Alternative Name fields In phpseclib before 1.0.22, 2.x before 2.0.46, and 3.x before 3.0.33, some characters in Subject Alternative Name fields in TLS certificates are incorrectly allowed to have a special meaning in regular expressions (such as a + wildcard), leading to name confusion in X.509 certificate host verification. CVE-2023-52892
GHSA-ff7q-6vwh-v9m4
VCID-ku5e-5j7s-qyc9 phpseclib's AES-CBC unpadding susceptible to padding oracle timing attack ### Impact Those using AES in CBC mode may be susceptible to a padding oracle timing attack. ### Patches https://github.com/phpseclib/phpseclib/commit/ccc21aef71eb170e9bf819b167e67d1fd9e6e788 ### Workarounds Use AES in CTR, CFB or OFB modes CVE-2026-32935
GHSA-94g3-g5v7-q4jg

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-12T18:15:27.129161+00:00 Debian Importer Fixing VCID-ku5e-5j7s-qyc9 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-12T18:15:26.947412+00:00 Debian Importer Fixing VCID-8h2u-szq5-13ar https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-03T07:49:40.648013+00:00 Debian Importer Fixing VCID-ku5e-5j7s-qyc9 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:49:40.503599+00:00 Debian Importer Fixing VCID-8h2u-szq5-13ar https://security-tracker.debian.org/tracker/data/json 38.1.0