Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixes CVE-2023-49316 by upgrading phpseclib/phpseclib #13975

Merged
merged 1 commit into from
Nov 30, 2023
Merged

Fixes CVE-2023-49316 by upgrading phpseclib/phpseclib #13975

merged 1 commit into from
Nov 30, 2023

Conversation

joelpittet
Copy link
Contributor

@joelpittet joelpittet commented Nov 29, 2023
edited

Description

Found 1 security vulnerability advisory affecting 1 package:
+-------------------+----------------------------------------------------------------------------------+
| Package           | phpseclib/phpseclib                                                              |
| CVE               | CVE-2023-49316                                                                   |
| Title             | phpseclib vulnerable to denial of service                                        |
| URL               | https://github.com/advisories/GHSA-jpr7-q523-hx25                                |
| Affected versions | <3.0.34                                                                          |
| Reported at       | 2023-11-27T18:31:14+00:00                                                        |
+-------------------+----------------------------------------------------------------------------------+

Fixes # (issue)

Type of change

  • Bug fix (non-breaking change which fixes an issue)

How Has This Been Tested?

Tested only with Composer as it's a low level patch release I don't expect any breaking changes.

Checklist:

@probot-autolabeler probot-autolabeler bot added backend dependencies Pull requests that update a dependency file labels Nov 29, 2023
@snipe
Copy link
Owner

snipe commented Nov 29, 2023

Thanks Joel - any chance you can target this to develop, per the dev documentation?

@joelpittet joelpittet changed the base branch from master to develop November 30, 2023 01:31
@joelpittet
Copy link
Contributor Author

@snipe no problem, sorry for the delay. It was created from the develop branch just something I missed when creating the pull request

@snipe snipe merged commit 47c8ae0 into snipe:develop Nov 30, 2023
9 of 10 checks passed
@snipe
Copy link
Owner

snipe commented Nov 30, 2023

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@snipe snipe Awaiting requested review from snipe snipe is a code owner

Assignees
No one assigned
Labels
backend dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@joelpittet @snipe