Bug#868466: php-cas: CVE-2017-1000071

To: 868466@bugs.debian.org
Subject: Bug#868466: php-cas: CVE-2017-1000071
From: Moritz Mühlenhoff <jmm@inutil.org>
Date: Fri, 8 Feb 2019 23:15:55 +0100
Message-id: <[🔎] 20190208221555.GA22055@pisco.westfalen.local>
Reply-to: Moritz Mühlenhoff <jmm@inutil.org>, 868466@bugs.debian.org
In-reply-to: <150014560120.17618.5037438938746593825.reportbug@eldamar.local>
References: <150014560120.17618.5037438938746593825.reportbug@eldamar.local> <150014560120.17618.5037438938746593825.reportbug@eldamar.local>

On Sat, Jul 15, 2017 at 09:06:41PM +0200, Salvatore Bonaccorso wrote:
> Source: php-cas
> Version: 1.3.3-1
> Severity: important
> Tags: security upstream
> Forwarded: https://github.com/Jasig/phpCAS/issues/228
> 
> Hi,
> 
> the following vulnerability was published for php-cas.
> 
> CVE-2017-1000071[0]:
> | Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass
> | in the validateCAS20 function when configured to authenticate against
> | an old CAS server.
> 
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

Fixed in https://github.com/apereo/phpCAS/commit/c9ba00327fd0ac8faecc62ce150c1986022856cd

Cheers,
        Moritz

Reply to:

Prev by Date: python-xmp-toolkit is marked for autoremoval from testing
Next by Date: Processed: severity of 868466 is grave
Previous by thread: python-xmp-toolkit is marked for autoremoval from testing
Next by thread: Processed: severity of 868466 is grave
Index(es):
- Date
- Thread