From 5f1d99f852fdb60308d4f84e4b66c277e6468e64 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mariusz=20W=C3=B3jcik?= <kontakt@mariuszwojcik.it>
Date: Wed, 8 May 2024 08:14:22 +0200
Subject: [PATCH] add CVE-2024-27354 add CVE-2024-27355

---
 phpseclib/phpseclib/CVE-2024-27354.yaml | 14 ++++++++++++++
 phpseclib/phpseclib/CVE-2024-27355.yaml | 14 ++++++++++++++
 2 files changed, 28 insertions(+)
 create mode 100644 phpseclib/phpseclib/CVE-2024-27354.yaml
 create mode 100644 phpseclib/phpseclib/CVE-2024-27355.yaml

diff --git a/phpseclib/phpseclib/CVE-2024-27354.yaml b/phpseclib/phpseclib/CVE-2024-27354.yaml
new file mode 100644
index 00000000..04ce5af1
--- /dev/null
+++ b/phpseclib/phpseclib/CVE-2024-27354.yaml
@@ -0,0 +1,14 @@
+title:     phpseclib a large prime can cause a denial of service
+link:      https://github.com/advisories/GHSA-hg35-mp25-qf6h
+cve:       CVE-2024-27354
+branches:
+    "3.0":
+        time:     2024-03-02 00:31:33
+        versions: ['>=3.0.0', '<3.0.36']
+    "2.0":
+        time:     2024-03-02 00:31:33
+        versions: ['>=2.0.0', '<2.0.47']
+    "1.0":
+        time:     2024-03-02 00:31:33
+        versions: ['>=1.0.0', '<1.0.23']
+reference: composer://phpseclib/phpseclib
diff --git a/phpseclib/phpseclib/CVE-2024-27355.yaml b/phpseclib/phpseclib/CVE-2024-27355.yaml
new file mode 100644
index 00000000..a73ff00d
--- /dev/null
+++ b/phpseclib/phpseclib/CVE-2024-27355.yaml
@@ -0,0 +1,14 @@
+title:     phpseclib does not properly limit the ASN1 OID length
+link:      https://github.com/advisories/GHSA-jr22-8qgm-4q87
+cve:       CVE-2024-27355
+branches:
+    "3.0":
+        time:     2024-03-02 00:31:33
+        versions: ['>=3.0.0', '<3.0.36']
+    "2.0":
+        time:     2024-03-02 00:31:33
+        versions: ['>=2.0.0', '<2.0.47']
+    "1.0":
+        time:     2024-03-02 00:31:33
+        versions: ['>=1.0.0', '<1.0.23']
+reference: composer://phpseclib/phpseclib