| Package | phpseclib |
|---|---|
| Version | 1.0.19-1~deb9u1 (stretch) |
| Related CVEs | CVE-2021-30130 |
The PHP Secure Communications Library is a fully PKCS#1 (v2.1) compliant RSA, DES, 3DES, RC4, Rijndael, AES, Blowfish, Twofish, SSH-1, SSH-2, SFTP, and X.509 implementation. This library mishandled RSA PKCS#1 v1.5 signature verification.
For Debian 9 stretch, these problems have been fixed in version 1.0.19-1~deb9u1.
We recommend that you upgrade your phpseclib packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.